diff --git a/docs/dyn/admin_directory_v1.chromeosdevices.html b/docs/dyn/admin_directory_v1.chromeosdevices.html index 3a133b9a2c7..88bcdb1255e 100644 --- a/docs/dyn/admin_directory_v1.chromeosdevices.html +++ b/docs/dyn/admin_directory_v1.chromeosdevices.html @@ -295,7 +295,7 @@

Method Details

Allowed values BASIC - Includes only the basic metadata fields (e.g., deviceId, serialNumber, status, and user) FULL - Includes all metadata fields - query: string, Search string in the format given at http://support.google.com/chromeos/a/bin/answer.py?answer=1698333 + query: string, Search string in the format given at https://developers.google.com/admin-sdk/directory/v1/list-query-operators sortOrder: string, Whether to return results in ascending or descending order. Must be used with the `orderBy` parameter. Allowed values ASCENDING - Ascending order. diff --git a/docs/dyn/analyticsdata_v1beta.properties.html b/docs/dyn/analyticsdata_v1beta.properties.html index 6182af3e4b1..eb7b49c779a 100644 --- a/docs/dyn/analyticsdata_v1beta.properties.html +++ b/docs/dyn/analyticsdata_v1beta.properties.html @@ -200,7 +200,7 @@

Method Details

"dimensionName": "A String", # Name of a dimension. The name must refer back to a name in dimensions field of the request. }, }, - "name": "A String", # The name of the dimension. See the [API Dimensions](https://developers.google.com/analytics/devguides/reporting/data/v1/api-schema#dimensions) for the list of dimension names. If `dimensionExpression` is specified, `name` can be any string that you would like within the allowed character set. For example if a `dimensionExpression` concatenates `country` and `city`, you could call that dimension `countryAndCity`. Dimension names that you choose must match the regular expression "^[a-zA-Z0-9_]$". Dimensions are referenced by `name` in `dimensionFilter`, `orderBys`, `dimensionExpression`, and `pivots`. + "name": "A String", # The name of the dimension. See the [API Dimensions](https://developers.google.com/analytics/devguides/reporting/data/v1/api-schema#dimensions) for the list of dimension names. If `dimensionExpression` is specified, `name` can be any string that you would like within the allowed character set. For example if a `dimensionExpression` concatenates `country` and `city`, you could call that dimension `countryAndCity`. Dimension names that you choose must match the regular expression `^[a-zA-Z0-9_]$`. Dimensions are referenced by `name` in `dimensionFilter`, `orderBys`, `dimensionExpression`, and `pivots`. }, ], "keepEmptyRows": True or False, # If false or unspecified, each row with all metrics equal to 0 will not be returned. If true, these rows will be returned if they are not separately removed by a filter. @@ -252,7 +252,7 @@

Method Details

{ # The quantitative measurements of a report. For example, the metric `eventCount` is the total number of events. Requests are allowed up to 10 metrics. "expression": "A String", # A mathematical expression for derived metrics. For example, the metric Event count per user is `eventCount/totalUsers`. "invisible": True or False, # Indicates if a metric is invisible in the report response. If a metric is invisible, the metric will not produce a column in the response, but can be used in `metricFilter`, `orderBys`, or a metric `expression`. - "name": "A String", # The name of the metric. See the [API Metrics](https://developers.google.com/analytics/devguides/reporting/data/v1/api-schema#metrics) for the list of metric names. If `expression` is specified, `name` can be any string that you would like within the allowed character set. For example if `expression` is `screenPageViews/sessions`, you could call that metric's name = `viewsPerSession`. Metric names that you choose must match the regular expression "^[a-zA-Z0-9_]$". Metrics are referenced by `name` in `metricFilter`, `orderBys`, and metric `expression`. + "name": "A String", # The name of the metric. See the [API Metrics](https://developers.google.com/analytics/devguides/reporting/data/v1/api-schema#metrics) for the list of metric names. If `expression` is specified, `name` can be any string that you would like within the allowed character set. For example if `expression` is `screenPageViews/sessions`, you could call that metric's name = `viewsPerSession`. Metric names that you choose must match the regular expression `^[a-zA-Z0-9_]$`. Metrics are referenced by `name` in `metricFilter`, `orderBys`, and metric `expression`. }, ], "pivots": [ # Describes the visual format of the report's dimensions in columns or rows. The union of the fieldNames (dimension names) in all pivots must be a subset of dimension names defined in Dimensions. No two pivots can share a dimension. A dimension is only visible if it appears in a pivot. @@ -504,7 +504,7 @@

Method Details

"dimensionName": "A String", # Name of a dimension. The name must refer back to a name in dimensions field of the request. }, }, - "name": "A String", # The name of the dimension. See the [API Dimensions](https://developers.google.com/analytics/devguides/reporting/data/v1/api-schema#dimensions) for the list of dimension names. If `dimensionExpression` is specified, `name` can be any string that you would like within the allowed character set. For example if a `dimensionExpression` concatenates `country` and `city`, you could call that dimension `countryAndCity`. Dimension names that you choose must match the regular expression "^[a-zA-Z0-9_]$". Dimensions are referenced by `name` in `dimensionFilter`, `orderBys`, `dimensionExpression`, and `pivots`. + "name": "A String", # The name of the dimension. See the [API Dimensions](https://developers.google.com/analytics/devguides/reporting/data/v1/api-schema#dimensions) for the list of dimension names. If `dimensionExpression` is specified, `name` can be any string that you would like within the allowed character set. For example if a `dimensionExpression` concatenates `country` and `city`, you could call that dimension `countryAndCity`. Dimension names that you choose must match the regular expression `^[a-zA-Z0-9_]$`. Dimensions are referenced by `name` in `dimensionFilter`, `orderBys`, `dimensionExpression`, and `pivots`. }, ], "keepEmptyRows": True or False, # If false or unspecified, each row with all metrics equal to 0 will not be returned. If true, these rows will be returned if they are not separately removed by a filter. @@ -560,7 +560,7 @@

Method Details

{ # The quantitative measurements of a report. For example, the metric `eventCount` is the total number of events. Requests are allowed up to 10 metrics. "expression": "A String", # A mathematical expression for derived metrics. For example, the metric Event count per user is `eventCount/totalUsers`. "invisible": True or False, # Indicates if a metric is invisible in the report response. If a metric is invisible, the metric will not produce a column in the response, but can be used in `metricFilter`, `orderBys`, or a metric `expression`. - "name": "A String", # The name of the metric. See the [API Metrics](https://developers.google.com/analytics/devguides/reporting/data/v1/api-schema#metrics) for the list of metric names. If `expression` is specified, `name` can be any string that you would like within the allowed character set. For example if `expression` is `screenPageViews/sessions`, you could call that metric's name = `viewsPerSession`. Metric names that you choose must match the regular expression "^[a-zA-Z0-9_]$". Metrics are referenced by `name` in `metricFilter`, `orderBys`, and metric `expression`. + "name": "A String", # The name of the metric. See the [API Metrics](https://developers.google.com/analytics/devguides/reporting/data/v1/api-schema#metrics) for the list of metric names. If `expression` is specified, `name` can be any string that you would like within the allowed character set. For example if `expression` is `screenPageViews/sessions`, you could call that metric's name = `viewsPerSession`. Metric names that you choose must match the regular expression `^[a-zA-Z0-9_]$`. Metrics are referenced by `name` in `metricFilter`, `orderBys`, and metric `expression`. }, ], "offset": "A String", # The row count of the start row. The first row is counted as row 0. When paging, the first request does not specify offset; or equivalently, sets offset to 0; the first request returns the first `limit` of rows. The second request sets offset to the `limit` of the first request; the second request returns the second `limit` of rows. To learn more about this pagination parameter, see [Pagination](https://developers.google.com/analytics/devguides/reporting/data/v1/basics#pagination). @@ -786,7 +786,7 @@

Method Details

"dimensionName": "A String", # Name of a dimension. The name must refer back to a name in dimensions field of the request. }, }, - "name": "A String", # The name of the dimension. See the [API Dimensions](https://developers.google.com/analytics/devguides/reporting/data/v1/api-schema#dimensions) for the list of dimension names. If `dimensionExpression` is specified, `name` can be any string that you would like within the allowed character set. For example if a `dimensionExpression` concatenates `country` and `city`, you could call that dimension `countryAndCity`. Dimension names that you choose must match the regular expression "^[a-zA-Z0-9_]$". Dimensions are referenced by `name` in `dimensionFilter`, `orderBys`, `dimensionExpression`, and `pivots`. + "name": "A String", # The name of the dimension. See the [API Dimensions](https://developers.google.com/analytics/devguides/reporting/data/v1/api-schema#dimensions) for the list of dimension names. If `dimensionExpression` is specified, `name` can be any string that you would like within the allowed character set. For example if a `dimensionExpression` concatenates `country` and `city`, you could call that dimension `countryAndCity`. Dimension names that you choose must match the regular expression `^[a-zA-Z0-9_]$`. Dimensions are referenced by `name` in `dimensionFilter`, `orderBys`, `dimensionExpression`, and `pivots`. }, ], "metricFilter": { # To express dimension or metric filters. The fields in the same FilterExpression need to be either all dimensions or all metrics. # The filter clause of metrics. `metricFilter` should be the same value as in your `runReport` request @@ -837,7 +837,7 @@

Method Details

{ # The quantitative measurements of a report. For example, the metric `eventCount` is the total number of events. Requests are allowed up to 10 metrics. "expression": "A String", # A mathematical expression for derived metrics. For example, the metric Event count per user is `eventCount/totalUsers`. "invisible": True or False, # Indicates if a metric is invisible in the report response. If a metric is invisible, the metric will not produce a column in the response, but can be used in `metricFilter`, `orderBys`, or a metric `expression`. - "name": "A String", # The name of the metric. See the [API Metrics](https://developers.google.com/analytics/devguides/reporting/data/v1/api-schema#metrics) for the list of metric names. If `expression` is specified, `name` can be any string that you would like within the allowed character set. For example if `expression` is `screenPageViews/sessions`, you could call that metric's name = `viewsPerSession`. Metric names that you choose must match the regular expression "^[a-zA-Z0-9_]$". Metrics are referenced by `name` in `metricFilter`, `orderBys`, and metric `expression`. + "name": "A String", # The name of the metric. See the [API Metrics](https://developers.google.com/analytics/devguides/reporting/data/v1/api-schema#metrics) for the list of metric names. If `expression` is specified, `name` can be any string that you would like within the allowed character set. For example if `expression` is `screenPageViews/sessions`, you could call that metric's name = `viewsPerSession`. Metric names that you choose must match the regular expression `^[a-zA-Z0-9_]$`. Metrics are referenced by `name` in `metricFilter`, `orderBys`, and metric `expression`. }, ], } @@ -1041,7 +1041,7 @@

Method Details

"dimensionName": "A String", # Name of a dimension. The name must refer back to a name in dimensions field of the request. }, }, - "name": "A String", # The name of the dimension. See the [API Dimensions](https://developers.google.com/analytics/devguides/reporting/data/v1/api-schema#dimensions) for the list of dimension names. If `dimensionExpression` is specified, `name` can be any string that you would like within the allowed character set. For example if a `dimensionExpression` concatenates `country` and `city`, you could call that dimension `countryAndCity`. Dimension names that you choose must match the regular expression "^[a-zA-Z0-9_]$". Dimensions are referenced by `name` in `dimensionFilter`, `orderBys`, `dimensionExpression`, and `pivots`. + "name": "A String", # The name of the dimension. See the [API Dimensions](https://developers.google.com/analytics/devguides/reporting/data/v1/api-schema#dimensions) for the list of dimension names. If `dimensionExpression` is specified, `name` can be any string that you would like within the allowed character set. For example if a `dimensionExpression` concatenates `country` and `city`, you could call that dimension `countryAndCity`. Dimension names that you choose must match the regular expression `^[a-zA-Z0-9_]$`. Dimensions are referenced by `name` in `dimensionFilter`, `orderBys`, `dimensionExpression`, and `pivots`. }, ], "keepEmptyRows": True or False, # If false or unspecified, each row with all metrics equal to 0 will not be returned. If true, these rows will be returned if they are not separately removed by a filter. @@ -1093,7 +1093,7 @@

Method Details

{ # The quantitative measurements of a report. For example, the metric `eventCount` is the total number of events. Requests are allowed up to 10 metrics. "expression": "A String", # A mathematical expression for derived metrics. For example, the metric Event count per user is `eventCount/totalUsers`. "invisible": True or False, # Indicates if a metric is invisible in the report response. If a metric is invisible, the metric will not produce a column in the response, but can be used in `metricFilter`, `orderBys`, or a metric `expression`. - "name": "A String", # The name of the metric. See the [API Metrics](https://developers.google.com/analytics/devguides/reporting/data/v1/api-schema#metrics) for the list of metric names. If `expression` is specified, `name` can be any string that you would like within the allowed character set. For example if `expression` is `screenPageViews/sessions`, you could call that metric's name = `viewsPerSession`. Metric names that you choose must match the regular expression "^[a-zA-Z0-9_]$". Metrics are referenced by `name` in `metricFilter`, `orderBys`, and metric `expression`. + "name": "A String", # The name of the metric. See the [API Metrics](https://developers.google.com/analytics/devguides/reporting/data/v1/api-schema#metrics) for the list of metric names. If `expression` is specified, `name` can be any string that you would like within the allowed character set. For example if `expression` is `screenPageViews/sessions`, you could call that metric's name = `viewsPerSession`. Metric names that you choose must match the regular expression `^[a-zA-Z0-9_]$`. Metrics are referenced by `name` in `metricFilter`, `orderBys`, and metric `expression`. }, ], "pivots": [ # Describes the visual format of the report's dimensions in columns or rows. The union of the fieldNames (dimension names) in all pivots must be a subset of dimension names defined in Dimensions. No two pivots can share a dimension. A dimension is only visible if it appears in a pivot. @@ -1307,7 +1307,7 @@

Method Details

"dimensionName": "A String", # Name of a dimension. The name must refer back to a name in dimensions field of the request. }, }, - "name": "A String", # The name of the dimension. See the [API Dimensions](https://developers.google.com/analytics/devguides/reporting/data/v1/api-schema#dimensions) for the list of dimension names. If `dimensionExpression` is specified, `name` can be any string that you would like within the allowed character set. For example if a `dimensionExpression` concatenates `country` and `city`, you could call that dimension `countryAndCity`. Dimension names that you choose must match the regular expression "^[a-zA-Z0-9_]$". Dimensions are referenced by `name` in `dimensionFilter`, `orderBys`, `dimensionExpression`, and `pivots`. + "name": "A String", # The name of the dimension. See the [API Dimensions](https://developers.google.com/analytics/devguides/reporting/data/v1/api-schema#dimensions) for the list of dimension names. If `dimensionExpression` is specified, `name` can be any string that you would like within the allowed character set. For example if a `dimensionExpression` concatenates `country` and `city`, you could call that dimension `countryAndCity`. Dimension names that you choose must match the regular expression `^[a-zA-Z0-9_]$`. Dimensions are referenced by `name` in `dimensionFilter`, `orderBys`, `dimensionExpression`, and `pivots`. }, ], "limit": "A String", # The number of rows to return. If unspecified, 10,000 rows are returned. The API returns a maximum of 100,000 rows per request, no matter how many you ask for. `limit` must be positive. The API can also return fewer rows than the requested `limit`, if there aren't as many dimension values as the `limit`. For instance, there are fewer than 300 possible values for the dimension `country`, so when reporting on only `country`, you can't get more than 300 rows, even if you set `limit` to a higher value. @@ -1362,7 +1362,7 @@

Method Details

{ # The quantitative measurements of a report. For example, the metric `eventCount` is the total number of events. Requests are allowed up to 10 metrics. "expression": "A String", # A mathematical expression for derived metrics. For example, the metric Event count per user is `eventCount/totalUsers`. "invisible": True or False, # Indicates if a metric is invisible in the report response. If a metric is invisible, the metric will not produce a column in the response, but can be used in `metricFilter`, `orderBys`, or a metric `expression`. - "name": "A String", # The name of the metric. See the [API Metrics](https://developers.google.com/analytics/devguides/reporting/data/v1/api-schema#metrics) for the list of metric names. If `expression` is specified, `name` can be any string that you would like within the allowed character set. For example if `expression` is `screenPageViews/sessions`, you could call that metric's name = `viewsPerSession`. Metric names that you choose must match the regular expression "^[a-zA-Z0-9_]$". Metrics are referenced by `name` in `metricFilter`, `orderBys`, and metric `expression`. + "name": "A String", # The name of the metric. See the [API Metrics](https://developers.google.com/analytics/devguides/reporting/data/v1/api-schema#metrics) for the list of metric names. If `expression` is specified, `name` can be any string that you would like within the allowed character set. For example if `expression` is `screenPageViews/sessions`, you could call that metric's name = `viewsPerSession`. Metric names that you choose must match the regular expression `^[a-zA-Z0-9_]$`. Metrics are referenced by `name` in `metricFilter`, `orderBys`, and metric `expression`. }, ], "minuteRanges": [ # The minute ranges of event data to read. If unspecified, one minute range for the last 30 minutes will be used. If multiple minute ranges are requested, each response row will contain a zero based minute range index. If two minute ranges overlap, the event data for the overlapping minutes is included in the response rows for both minute ranges. @@ -1598,7 +1598,7 @@

Method Details

"dimensionName": "A String", # Name of a dimension. The name must refer back to a name in dimensions field of the request. }, }, - "name": "A String", # The name of the dimension. See the [API Dimensions](https://developers.google.com/analytics/devguides/reporting/data/v1/api-schema#dimensions) for the list of dimension names. If `dimensionExpression` is specified, `name` can be any string that you would like within the allowed character set. For example if a `dimensionExpression` concatenates `country` and `city`, you could call that dimension `countryAndCity`. Dimension names that you choose must match the regular expression "^[a-zA-Z0-9_]$". Dimensions are referenced by `name` in `dimensionFilter`, `orderBys`, `dimensionExpression`, and `pivots`. + "name": "A String", # The name of the dimension. See the [API Dimensions](https://developers.google.com/analytics/devguides/reporting/data/v1/api-schema#dimensions) for the list of dimension names. If `dimensionExpression` is specified, `name` can be any string that you would like within the allowed character set. For example if a `dimensionExpression` concatenates `country` and `city`, you could call that dimension `countryAndCity`. Dimension names that you choose must match the regular expression `^[a-zA-Z0-9_]$`. Dimensions are referenced by `name` in `dimensionFilter`, `orderBys`, `dimensionExpression`, and `pivots`. }, ], "keepEmptyRows": True or False, # If false or unspecified, each row with all metrics equal to 0 will not be returned. If true, these rows will be returned if they are not separately removed by a filter. @@ -1654,7 +1654,7 @@

Method Details

{ # The quantitative measurements of a report. For example, the metric `eventCount` is the total number of events. Requests are allowed up to 10 metrics. "expression": "A String", # A mathematical expression for derived metrics. For example, the metric Event count per user is `eventCount/totalUsers`. "invisible": True or False, # Indicates if a metric is invisible in the report response. If a metric is invisible, the metric will not produce a column in the response, but can be used in `metricFilter`, `orderBys`, or a metric `expression`. - "name": "A String", # The name of the metric. See the [API Metrics](https://developers.google.com/analytics/devguides/reporting/data/v1/api-schema#metrics) for the list of metric names. If `expression` is specified, `name` can be any string that you would like within the allowed character set. For example if `expression` is `screenPageViews/sessions`, you could call that metric's name = `viewsPerSession`. Metric names that you choose must match the regular expression "^[a-zA-Z0-9_]$". Metrics are referenced by `name` in `metricFilter`, `orderBys`, and metric `expression`. + "name": "A String", # The name of the metric. See the [API Metrics](https://developers.google.com/analytics/devguides/reporting/data/v1/api-schema#metrics) for the list of metric names. If `expression` is specified, `name` can be any string that you would like within the allowed character set. For example if `expression` is `screenPageViews/sessions`, you could call that metric's name = `viewsPerSession`. Metric names that you choose must match the regular expression `^[a-zA-Z0-9_]$`. Metrics are referenced by `name` in `metricFilter`, `orderBys`, and metric `expression`. }, ], "offset": "A String", # The row count of the start row. The first row is counted as row 0. When paging, the first request does not specify offset; or equivalently, sets offset to 0; the first request returns the first `limit` of rows. The second request sets offset to the `limit` of the first request; the second request returns the second `limit` of rows. To learn more about this pagination parameter, see [Pagination](https://developers.google.com/analytics/devguides/reporting/data/v1/basics#pagination). diff --git a/docs/dyn/authorizedbuyersmarketplace_v1.buyers.finalizedDeals.html b/docs/dyn/authorizedbuyersmarketplace_v1.buyers.finalizedDeals.html index 4895b9c6d24..31e4077857a 100644 --- a/docs/dyn/authorizedbuyersmarketplace_v1.buyers.finalizedDeals.html +++ b/docs/dyn/authorizedbuyersmarketplace_v1.buyers.finalizedDeals.html @@ -834,7 +834,7 @@

Method Details

The object takes the form of: { # Request message for pausing a finalized deal. - "reason": "A String", # The reason to pause the finalized deal, will be displayed to the seller. Maximum length is 1000 characters. + "reason": "A String", # Required. The reason to pause the finalized deal, will be displayed to the seller. Maximum length is 1000 characters. } x__xgafv: string, V1 error format. diff --git a/docs/dyn/bigtableadmin_v2.projects.instances.clusters.backups.html b/docs/dyn/bigtableadmin_v2.projects.instances.clusters.backups.html index 366af2e6a0a..05c2e8e04c8 100644 --- a/docs/dyn/bigtableadmin_v2.projects.instances.clusters.backups.html +++ b/docs/dyn/bigtableadmin_v2.projects.instances.clusters.backups.html @@ -251,7 +251,7 @@

Method Details

Returns: An object of the form: - { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). + { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. { # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging. "auditLogConfigs": [ # The configuration for logging of each type of permission. @@ -265,18 +265,18 @@

Method Details

"service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services. }, ], - "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. - { # Associates `members` with a `role`. - "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). + "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`. + { # Associates `members`, or principals, with a `role`. + "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). "description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. "expression": "A String", # Textual representation of an expression in Common Expression Language syntax. "location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file. "title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression. }, - "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. + "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. "A String", ], - "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. + "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. }, ], "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. @@ -420,7 +420,7 @@

Method Details

The object takes the form of: { # Request message for `SetIamPolicy` method. - "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them. + "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them. "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. { # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging. "auditLogConfigs": [ # The configuration for logging of each type of permission. @@ -434,18 +434,18 @@

Method Details

"service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services. }, ], - "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. - { # Associates `members` with a `role`. - "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). + "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`. + { # Associates `members`, or principals, with a `role`. + "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). "description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. "expression": "A String", # Textual representation of an expression in Common Expression Language syntax. "location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file. "title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression. }, - "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. + "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. "A String", ], - "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. + "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. }, ], "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. @@ -462,7 +462,7 @@

Method Details

Returns: An object of the form: - { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). + { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. { # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging. "auditLogConfigs": [ # The configuration for logging of each type of permission. @@ -476,18 +476,18 @@

Method Details

"service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services. }, ], - "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. - { # Associates `members` with a `role`. - "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). + "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`. + { # Associates `members`, or principals, with a `role`. + "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). "description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. "expression": "A String", # Textual representation of an expression in Common Expression Language syntax. "location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file. "title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression. }, - "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. + "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. "A String", ], - "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. + "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. }, ], "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. diff --git a/docs/dyn/bigtableadmin_v2.projects.instances.clusters.html b/docs/dyn/bigtableadmin_v2.projects.instances.clusters.html index a5440eb8050..3257ff842da 100644 --- a/docs/dyn/bigtableadmin_v2.projects.instances.clusters.html +++ b/docs/dyn/bigtableadmin_v2.projects.instances.clusters.html @@ -119,6 +119,17 @@

Method Details

The object takes the form of: { # A resizable group of nodes in a particular cloud location, capable of serving all Tables in the parent Instance. + "clusterConfig": { # Configuration for a cluster. # Configuration for this cluster. + "clusterAutoscalingConfig": { # Autoscaling config for a cluster. # Autoscaling configuration for this cluster. Note that when creating or updating a cluster, exactly one of serve_nodes or cluster_autoscaling_config must be set. If serve_nodes is set, then serve_nodes is fixed and autoscaling is turned off. If cluster_autoscaling_config is set, then serve_nodes will be autoscaled. + "autoscalingLimits": { # Limits for the number of nodes a Cluster can autoscale up/down to. # Required. Autoscaling limits for this cluster. + "maxServeNodes": 42, # Required. Maximum number of nodes to scale up to. + "minServeNodes": 42, # Required. Minimum number of nodes to scale down to. + }, + "autoscalingTargets": { # The Autoscaling targets for a Cluster. These determine the recommended nodes. # Required. Autoscaling targets for this cluster. + "cpuUtilizationPercent": 42, # The cpu utilization that the Autoscaler should be trying to achieve. This number is on a scale from 0 (no utilization) to 100 (total utilization). + }, + }, + }, "defaultStorageType": "A String", # Immutable. The type of storage used by this cluster to serve its parent instance's tables, unless explicitly overridden. "encryptionConfig": { # Cloud Key Management Service (Cloud KMS) settings for a CMEK-protected cluster. # Immutable. The encryption configuration for CMEK-protected clusters. "kmsKeyName": "A String", # Describes the Cloud KMS encryption key that will be used to protect the destination Bigtable cluster. The requirements for this key are: 1) The Cloud Bigtable service account associated with the project that contains this cluster must be granted the `cloudkms.cryptoKeyEncrypterDecrypter` role on the CMEK key. 2) Only regional keys can be used and the region of the CMEK key must match the region of the cluster. 3) All clusters within an instance must use the same CMEK key. Values are of the form `projects/{project}/locations/{location}/keyRings/{keyring}/cryptoKeys/{key}` @@ -192,6 +203,17 @@

Method Details

An object of the form: { # A resizable group of nodes in a particular cloud location, capable of serving all Tables in the parent Instance. + "clusterConfig": { # Configuration for a cluster. # Configuration for this cluster. + "clusterAutoscalingConfig": { # Autoscaling config for a cluster. # Autoscaling configuration for this cluster. Note that when creating or updating a cluster, exactly one of serve_nodes or cluster_autoscaling_config must be set. If serve_nodes is set, then serve_nodes is fixed and autoscaling is turned off. If cluster_autoscaling_config is set, then serve_nodes will be autoscaled. + "autoscalingLimits": { # Limits for the number of nodes a Cluster can autoscale up/down to. # Required. Autoscaling limits for this cluster. + "maxServeNodes": 42, # Required. Maximum number of nodes to scale up to. + "minServeNodes": 42, # Required. Minimum number of nodes to scale down to. + }, + "autoscalingTargets": { # The Autoscaling targets for a Cluster. These determine the recommended nodes. # Required. Autoscaling targets for this cluster. + "cpuUtilizationPercent": 42, # The cpu utilization that the Autoscaler should be trying to achieve. This number is on a scale from 0 (no utilization) to 100 (total utilization). + }, + }, + }, "defaultStorageType": "A String", # Immutable. The type of storage used by this cluster to serve its parent instance's tables, unless explicitly overridden. "encryptionConfig": { # Cloud Key Management Service (Cloud KMS) settings for a CMEK-protected cluster. # Immutable. The encryption configuration for CMEK-protected clusters. "kmsKeyName": "A String", # Describes the Cloud KMS encryption key that will be used to protect the destination Bigtable cluster. The requirements for this key are: 1) The Cloud Bigtable service account associated with the project that contains this cluster must be granted the `cloudkms.cryptoKeyEncrypterDecrypter` role on the CMEK key. 2) Only regional keys can be used and the region of the CMEK key must match the region of the cluster. 3) All clusters within an instance must use the same CMEK key. Values are of the form `projects/{project}/locations/{location}/keyRings/{keyring}/cryptoKeys/{key}` @@ -221,6 +243,17 @@

Method Details

{ # Response message for BigtableInstanceAdmin.ListClusters. "clusters": [ # The list of requested clusters. { # A resizable group of nodes in a particular cloud location, capable of serving all Tables in the parent Instance. + "clusterConfig": { # Configuration for a cluster. # Configuration for this cluster. + "clusterAutoscalingConfig": { # Autoscaling config for a cluster. # Autoscaling configuration for this cluster. Note that when creating or updating a cluster, exactly one of serve_nodes or cluster_autoscaling_config must be set. If serve_nodes is set, then serve_nodes is fixed and autoscaling is turned off. If cluster_autoscaling_config is set, then serve_nodes will be autoscaled. + "autoscalingLimits": { # Limits for the number of nodes a Cluster can autoscale up/down to. # Required. Autoscaling limits for this cluster. + "maxServeNodes": 42, # Required. Maximum number of nodes to scale up to. + "minServeNodes": 42, # Required. Minimum number of nodes to scale down to. + }, + "autoscalingTargets": { # The Autoscaling targets for a Cluster. These determine the recommended nodes. # Required. Autoscaling targets for this cluster. + "cpuUtilizationPercent": 42, # The cpu utilization that the Autoscaler should be trying to achieve. This number is on a scale from 0 (no utilization) to 100 (total utilization). + }, + }, + }, "defaultStorageType": "A String", # Immutable. The type of storage used by this cluster to serve its parent instance's tables, unless explicitly overridden. "encryptionConfig": { # Cloud Key Management Service (Cloud KMS) settings for a CMEK-protected cluster. # Immutable. The encryption configuration for CMEK-protected clusters. "kmsKeyName": "A String", # Describes the Cloud KMS encryption key that will be used to protect the destination Bigtable cluster. The requirements for this key are: 1) The Cloud Bigtable service account associated with the project that contains this cluster must be granted the `cloudkms.cryptoKeyEncrypterDecrypter` role on the CMEK key. 2) Only regional keys can be used and the region of the CMEK key must match the region of the cluster. 3) All clusters within an instance must use the same CMEK key. Values are of the form `projects/{project}/locations/{location}/keyRings/{keyring}/cryptoKeys/{key}` @@ -262,6 +295,17 @@

Method Details

The object takes the form of: { # A resizable group of nodes in a particular cloud location, capable of serving all Tables in the parent Instance. + "clusterConfig": { # Configuration for a cluster. # Configuration for this cluster. + "clusterAutoscalingConfig": { # Autoscaling config for a cluster. # Autoscaling configuration for this cluster. Note that when creating or updating a cluster, exactly one of serve_nodes or cluster_autoscaling_config must be set. If serve_nodes is set, then serve_nodes is fixed and autoscaling is turned off. If cluster_autoscaling_config is set, then serve_nodes will be autoscaled. + "autoscalingLimits": { # Limits for the number of nodes a Cluster can autoscale up/down to. # Required. Autoscaling limits for this cluster. + "maxServeNodes": 42, # Required. Maximum number of nodes to scale up to. + "minServeNodes": 42, # Required. Minimum number of nodes to scale down to. + }, + "autoscalingTargets": { # The Autoscaling targets for a Cluster. These determine the recommended nodes. # Required. Autoscaling targets for this cluster. + "cpuUtilizationPercent": 42, # The cpu utilization that the Autoscaler should be trying to achieve. This number is on a scale from 0 (no utilization) to 100 (total utilization). + }, + }, + }, "defaultStorageType": "A String", # Immutable. The type of storage used by this cluster to serve its parent instance's tables, unless explicitly overridden. "encryptionConfig": { # Cloud Key Management Service (Cloud KMS) settings for a CMEK-protected cluster. # Immutable. The encryption configuration for CMEK-protected clusters. "kmsKeyName": "A String", # Describes the Cloud KMS encryption key that will be used to protect the destination Bigtable cluster. The requirements for this key are: 1) The Cloud Bigtable service account associated with the project that contains this cluster must be granted the `cloudkms.cryptoKeyEncrypterDecrypter` role on the CMEK key. 2) Only regional keys can be used and the region of the CMEK key must match the region of the cluster. 3) All clusters within an instance must use the same CMEK key. Values are of the form `projects/{project}/locations/{location}/keyRings/{keyring}/cryptoKeys/{key}` @@ -312,6 +356,17 @@

Method Details

The object takes the form of: { # A resizable group of nodes in a particular cloud location, capable of serving all Tables in the parent Instance. + "clusterConfig": { # Configuration for a cluster. # Configuration for this cluster. + "clusterAutoscalingConfig": { # Autoscaling config for a cluster. # Autoscaling configuration for this cluster. Note that when creating or updating a cluster, exactly one of serve_nodes or cluster_autoscaling_config must be set. If serve_nodes is set, then serve_nodes is fixed and autoscaling is turned off. If cluster_autoscaling_config is set, then serve_nodes will be autoscaled. + "autoscalingLimits": { # Limits for the number of nodes a Cluster can autoscale up/down to. # Required. Autoscaling limits for this cluster. + "maxServeNodes": 42, # Required. Maximum number of nodes to scale up to. + "minServeNodes": 42, # Required. Minimum number of nodes to scale down to. + }, + "autoscalingTargets": { # The Autoscaling targets for a Cluster. These determine the recommended nodes. # Required. Autoscaling targets for this cluster. + "cpuUtilizationPercent": 42, # The cpu utilization that the Autoscaler should be trying to achieve. This number is on a scale from 0 (no utilization) to 100 (total utilization). + }, + }, + }, "defaultStorageType": "A String", # Immutable. The type of storage used by this cluster to serve its parent instance's tables, unless explicitly overridden. "encryptionConfig": { # Cloud Key Management Service (Cloud KMS) settings for a CMEK-protected cluster. # Immutable. The encryption configuration for CMEK-protected clusters. "kmsKeyName": "A String", # Describes the Cloud KMS encryption key that will be used to protect the destination Bigtable cluster. The requirements for this key are: 1) The Cloud Bigtable service account associated with the project that contains this cluster must be granted the `cloudkms.cryptoKeyEncrypterDecrypter` role on the CMEK key. 2) Only regional keys can be used and the region of the CMEK key must match the region of the cluster. 3) All clusters within an instance must use the same CMEK key. Values are of the form `projects/{project}/locations/{location}/keyRings/{keyring}/cryptoKeys/{key}` diff --git a/docs/dyn/bigtableadmin_v2.projects.instances.html b/docs/dyn/bigtableadmin_v2.projects.instances.html index 2a15500cef9..eddd29d4595 100644 --- a/docs/dyn/bigtableadmin_v2.projects.instances.html +++ b/docs/dyn/bigtableadmin_v2.projects.instances.html @@ -140,6 +140,17 @@

Method Details

{ # Request message for BigtableInstanceAdmin.CreateInstance. "clusters": { # Required. The clusters to be created within the instance, mapped by desired cluster ID, e.g., just `mycluster` rather than `projects/myproject/instances/myinstance/clusters/mycluster`. Fields marked `OutputOnly` must be left blank. Currently, at most four clusters can be specified. "a_key": { # A resizable group of nodes in a particular cloud location, capable of serving all Tables in the parent Instance. + "clusterConfig": { # Configuration for a cluster. # Configuration for this cluster. + "clusterAutoscalingConfig": { # Autoscaling config for a cluster. # Autoscaling configuration for this cluster. Note that when creating or updating a cluster, exactly one of serve_nodes or cluster_autoscaling_config must be set. If serve_nodes is set, then serve_nodes is fixed and autoscaling is turned off. If cluster_autoscaling_config is set, then serve_nodes will be autoscaled. + "autoscalingLimits": { # Limits for the number of nodes a Cluster can autoscale up/down to. # Required. Autoscaling limits for this cluster. + "maxServeNodes": 42, # Required. Maximum number of nodes to scale up to. + "minServeNodes": 42, # Required. Minimum number of nodes to scale down to. + }, + "autoscalingTargets": { # The Autoscaling targets for a Cluster. These determine the recommended nodes. # Required. Autoscaling targets for this cluster. + "cpuUtilizationPercent": 42, # The cpu utilization that the Autoscaler should be trying to achieve. This number is on a scale from 0 (no utilization) to 100 (total utilization). + }, + }, + }, "defaultStorageType": "A String", # Immutable. The type of storage used by this cluster to serve its parent instance's tables, unless explicitly overridden. "encryptionConfig": { # Cloud Key Management Service (Cloud KMS) settings for a CMEK-protected cluster. # Immutable. The encryption configuration for CMEK-protected clusters. "kmsKeyName": "A String", # Describes the Cloud KMS encryption key that will be used to protect the destination Bigtable cluster. The requirements for this key are: 1) The Cloud Bigtable service account associated with the project that contains this cluster must be granted the `cloudkms.cryptoKeyEncrypterDecrypter` role on the CMEK key. 2) Only regional keys can be used and the region of the CMEK key must match the region of the cluster. 3) All clusters within an instance must use the same CMEK key. Values are of the form `projects/{project}/locations/{location}/keyRings/{keyring}/cryptoKeys/{key}` @@ -151,7 +162,7 @@

Method Details

}, }, "instance": { # A collection of Bigtable Tables and the resources that serve them. All tables in an instance are served from all Clusters in the instance. # Required. The instance to create. Fields marked `OutputOnly` must be left blank. - "createTime": "A String", # Output only. A server-assigned timestamp representing when this Instance was created. + "createTime": "A String", # Output only. A server-assigned timestamp representing when this Instance was created. For instances created before this field was added (August 2021), this value is `seconds: 0, nanos: 1`. "displayName": "A String", # Required. The descriptive name for this instance as it appears in UIs. Can be changed at any time, but should be kept globally unique to avoid confusion. "labels": { # Required. Labels are a flexible and lightweight mechanism for organizing cloud resources into groups that reflect a customer's organizational needs and deployment strategies. They can be used to filter resources and aggregate metrics. * Label keys must be between 1 and 63 characters long and must conform to the regular expression: `\p{Ll}\p{Lo}{0,62}`. * Label values must be between 0 and 63 characters long and must conform to the regular expression: `[\p{Ll}\p{Lo}\p{N}_-]{0,63}`. * No more than 64 labels can be associated with a given resource. * Keys and values must both be under 128 bytes. "a_key": "A String", @@ -226,7 +237,7 @@

Method Details

An object of the form: { # A collection of Bigtable Tables and the resources that serve them. All tables in an instance are served from all Clusters in the instance. - "createTime": "A String", # Output only. A server-assigned timestamp representing when this Instance was created. + "createTime": "A String", # Output only. A server-assigned timestamp representing when this Instance was created. For instances created before this field was added (August 2021), this value is `seconds: 0, nanos: 1`. "displayName": "A String", # Required. The descriptive name for this instance as it appears in UIs. Can be changed at any time, but should be kept globally unique to avoid confusion. "labels": { # Required. Labels are a flexible and lightweight mechanism for organizing cloud resources into groups that reflect a customer's organizational needs and deployment strategies. They can be used to filter resources and aggregate metrics. * Label keys must be between 1 and 63 characters long and must conform to the regular expression: `\p{Ll}\p{Lo}{0,62}`. * Label values must be between 0 and 63 characters long and must conform to the regular expression: `[\p{Ll}\p{Lo}\p{N}_-]{0,63}`. * No more than 64 labels can be associated with a given resource. * Keys and values must both be under 128 bytes. "a_key": "A String", @@ -260,7 +271,7 @@

Method Details

Returns: An object of the form: - { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). + { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. { # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging. "auditLogConfigs": [ # The configuration for logging of each type of permission. @@ -274,18 +285,18 @@

Method Details

"service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services. }, ], - "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. - { # Associates `members` with a `role`. - "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). + "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`. + { # Associates `members`, or principals, with a `role`. + "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). "description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. "expression": "A String", # Textual representation of an expression in Common Expression Language syntax. "location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file. "title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression. }, - "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. + "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. "A String", ], - "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. + "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. }, ], "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. @@ -314,7 +325,7 @@

Method Details

], "instances": [ # The list of requested instances. { # A collection of Bigtable Tables and the resources that serve them. All tables in an instance are served from all Clusters in the instance. - "createTime": "A String", # Output only. A server-assigned timestamp representing when this Instance was created. + "createTime": "A String", # Output only. A server-assigned timestamp representing when this Instance was created. For instances created before this field was added (August 2021), this value is `seconds: 0, nanos: 1`. "displayName": "A String", # Required. The descriptive name for this instance as it appears in UIs. Can be changed at any time, but should be kept globally unique to avoid confusion. "labels": { # Required. Labels are a flexible and lightweight mechanism for organizing cloud resources into groups that reflect a customer's organizational needs and deployment strategies. They can be used to filter resources and aggregate metrics. * Label keys must be between 1 and 63 characters long and must conform to the regular expression: `\p{Ll}\p{Lo}{0,62}`. * Label values must be between 0 and 63 characters long and must conform to the regular expression: `[\p{Ll}\p{Lo}\p{N}_-]{0,63}`. * No more than 64 labels can be associated with a given resource. * Keys and values must both be under 128 bytes. "a_key": "A String", @@ -352,7 +363,7 @@

Method Details

The object takes the form of: { # A collection of Bigtable Tables and the resources that serve them. All tables in an instance are served from all Clusters in the instance. - "createTime": "A String", # Output only. A server-assigned timestamp representing when this Instance was created. + "createTime": "A String", # Output only. A server-assigned timestamp representing when this Instance was created. For instances created before this field was added (August 2021), this value is `seconds: 0, nanos: 1`. "displayName": "A String", # Required. The descriptive name for this instance as it appears in UIs. Can be changed at any time, but should be kept globally unique to avoid confusion. "labels": { # Required. Labels are a flexible and lightweight mechanism for organizing cloud resources into groups that reflect a customer's organizational needs and deployment strategies. They can be used to filter resources and aggregate metrics. * Label keys must be between 1 and 63 characters long and must conform to the regular expression: `\p{Ll}\p{Lo}{0,62}`. * Label values must be between 0 and 63 characters long and must conform to the regular expression: `[\p{Ll}\p{Lo}\p{N}_-]{0,63}`. * No more than 64 labels can be associated with a given resource. * Keys and values must both be under 128 bytes. "a_key": "A String", @@ -402,7 +413,7 @@

Method Details

The object takes the form of: { # Request message for `SetIamPolicy` method. - "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them. + "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them. "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. { # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging. "auditLogConfigs": [ # The configuration for logging of each type of permission. @@ -416,18 +427,18 @@

Method Details

"service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services. }, ], - "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. - { # Associates `members` with a `role`. - "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). + "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`. + { # Associates `members`, or principals, with a `role`. + "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). "description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. "expression": "A String", # Textual representation of an expression in Common Expression Language syntax. "location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file. "title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression. }, - "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. + "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. "A String", ], - "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. + "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. }, ], "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. @@ -444,7 +455,7 @@

Method Details

Returns: An object of the form: - { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). + { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. { # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging. "auditLogConfigs": [ # The configuration for logging of each type of permission. @@ -458,18 +469,18 @@

Method Details

"service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services. }, ], - "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. - { # Associates `members` with a `role`. - "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). + "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`. + { # Associates `members`, or principals, with a `role`. + "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). "description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. "expression": "A String", # Textual representation of an expression in Common Expression Language syntax. "location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file. "title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression. }, - "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. + "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. "A String", ], - "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. + "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. }, ], "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. @@ -517,7 +528,7 @@

Method Details

The object takes the form of: { # A collection of Bigtable Tables and the resources that serve them. All tables in an instance are served from all Clusters in the instance. - "createTime": "A String", # Output only. A server-assigned timestamp representing when this Instance was created. + "createTime": "A String", # Output only. A server-assigned timestamp representing when this Instance was created. For instances created before this field was added (August 2021), this value is `seconds: 0, nanos: 1`. "displayName": "A String", # Required. The descriptive name for this instance as it appears in UIs. Can be changed at any time, but should be kept globally unique to avoid confusion. "labels": { # Required. Labels are a flexible and lightweight mechanism for organizing cloud resources into groups that reflect a customer's organizational needs and deployment strategies. They can be used to filter resources and aggregate metrics. * Label keys must be between 1 and 63 characters long and must conform to the regular expression: `\p{Ll}\p{Lo}{0,62}`. * Label values must be between 0 and 63 characters long and must conform to the regular expression: `[\p{Ll}\p{Lo}\p{N}_-]{0,63}`. * No more than 64 labels can be associated with a given resource. * Keys and values must both be under 128 bytes. "a_key": "A String", @@ -536,7 +547,7 @@

Method Details

An object of the form: { # A collection of Bigtable Tables and the resources that serve them. All tables in an instance are served from all Clusters in the instance. - "createTime": "A String", # Output only. A server-assigned timestamp representing when this Instance was created. + "createTime": "A String", # Output only. A server-assigned timestamp representing when this Instance was created. For instances created before this field was added (August 2021), this value is `seconds: 0, nanos: 1`. "displayName": "A String", # Required. The descriptive name for this instance as it appears in UIs. Can be changed at any time, but should be kept globally unique to avoid confusion. "labels": { # Required. Labels are a flexible and lightweight mechanism for organizing cloud resources into groups that reflect a customer's organizational needs and deployment strategies. They can be used to filter resources and aggregate metrics. * Label keys must be between 1 and 63 characters long and must conform to the regular expression: `\p{Ll}\p{Lo}{0,62}`. * Label values must be between 0 and 63 characters long and must conform to the regular expression: `[\p{Ll}\p{Lo}\p{N}_-]{0,63}`. * No more than 64 labels can be associated with a given resource. * Keys and values must both be under 128 bytes. "a_key": "A String", diff --git a/docs/dyn/bigtableadmin_v2.projects.instances.tables.html b/docs/dyn/bigtableadmin_v2.projects.instances.tables.html index 4f53dc4794b..736e7b451ec 100644 --- a/docs/dyn/bigtableadmin_v2.projects.instances.tables.html +++ b/docs/dyn/bigtableadmin_v2.projects.instances.tables.html @@ -445,7 +445,7 @@

Method Details

Returns: An object of the form: - { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). + { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. { # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging. "auditLogConfigs": [ # The configuration for logging of each type of permission. @@ -459,18 +459,18 @@

Method Details

"service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services. }, ], - "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. - { # Associates `members` with a `role`. - "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). + "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`. + { # Associates `members`, or principals, with a `role`. + "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). "description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. "expression": "A String", # Textual representation of an expression in Common Expression Language syntax. "location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file. "title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression. }, - "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. + "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. "A String", ], - "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. + "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. }, ], "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. @@ -738,7 +738,7 @@

Method Details

The object takes the form of: { # Request message for `SetIamPolicy` method. - "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them. + "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them. "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. { # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging. "auditLogConfigs": [ # The configuration for logging of each type of permission. @@ -752,18 +752,18 @@

Method Details

"service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services. }, ], - "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. - { # Associates `members` with a `role`. - "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). + "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`. + { # Associates `members`, or principals, with a `role`. + "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). "description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. "expression": "A String", # Textual representation of an expression in Common Expression Language syntax. "location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file. "title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression. }, - "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. + "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. "A String", ], - "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. + "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. }, ], "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. @@ -780,7 +780,7 @@

Method Details

Returns: An object of the form: - { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). + { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. { # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging. "auditLogConfigs": [ # The configuration for logging of each type of permission. @@ -794,18 +794,18 @@

Method Details

"service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services. }, ], - "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. - { # Associates `members` with a `role`. - "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). + "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`. + { # Associates `members`, or principals, with a `role`. + "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). "description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. "expression": "A String", # Textual representation of an expression in Common Expression Language syntax. "location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file. "title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression. }, - "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. + "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. "A String", ], - "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. + "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. }, ], "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. diff --git a/docs/dyn/binaryauthorization_v1.projects.attestors.html b/docs/dyn/binaryauthorization_v1.projects.attestors.html index 7d9115ecab1..052e54b4664 100644 --- a/docs/dyn/binaryauthorization_v1.projects.attestors.html +++ b/docs/dyn/binaryauthorization_v1.projects.attestors.html @@ -234,7 +234,7 @@

Method Details

Args: resource: string, REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. (required) - options_requestedPolicyVersion: integer, Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). + options_requestedPolicyVersion: integer, Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). x__xgafv: string, V1 error format. Allowed values 1 - v1 error format diff --git a/docs/dyn/binaryauthorization_v1.projects.html b/docs/dyn/binaryauthorization_v1.projects.html index ed3b0cd1ec9..ff933487720 100644 --- a/docs/dyn/binaryauthorization_v1.projects.html +++ b/docs/dyn/binaryauthorization_v1.projects.html @@ -137,7 +137,7 @@

Method Details

}, "description": "A String", # Optional. A descriptive comment. "globalPolicyEvaluationMode": "A String", # Optional. Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not covered by the global policy will be subject to the project admission policy. This setting has no effect when specified inside a global admission policy. - "istioServiceIdentityAdmissionRules": { # Optional. Per-istio-service-identity admission rules. Istio service identity spec format: spiffe:///ns//sa/ or /ns//sa/ e.g. spiffe://example.com/ns/test-ns/sa/default + "istioServiceIdentityAdmissionRules": { # Optional. Per-istio-service-identity admission rules. Istio service identity spec format: `spiffe:///ns//sa/` or `/ns//sa/` e.g. `spiffe://example.com/ns/test-ns/sa/default` "a_key": { # An admission rule specifies either that all container images used in a pod creation request must be attested to by one or more attestors, that all pod creations will be allowed, or that all pod creations will be denied. Images matching an admission allowlist pattern are exempted from admission rules and will never block a pod creation. "enforcementMode": "A String", # Required. The action when a pod creation is denied by the admission rule. "evaluationMode": "A String", # Required. How this admission rule will be evaluated. @@ -146,7 +146,7 @@

Method Details

], }, }, - "kubernetesNamespaceAdmissionRules": { # Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: [a-z.-]+, e.g. 'some-namespace' + "kubernetesNamespaceAdmissionRules": { # Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: `[a-z.-]+`, e.g. `some-namespace` "a_key": { # An admission rule specifies either that all container images used in a pod creation request must be attested to by one or more attestors, that all pod creations will be allowed, or that all pod creations will be denied. Images matching an admission allowlist pattern are exempted from admission rules and will never block a pod creation. "enforcementMode": "A String", # Required. The action when a pod creation is denied by the admission rule. "evaluationMode": "A String", # Required. How this admission rule will be evaluated. @@ -155,7 +155,7 @@

Method Details

], }, }, - "kubernetesServiceAccountAdmissionRules": { # Optional. Per-kubernetes-service-account admission rules. Service account spec format: `namespace:serviceaccount`. e.g. 'test-ns:default' + "kubernetesServiceAccountAdmissionRules": { # Optional. Per-kubernetes-service-account admission rules. Service account spec format: `namespace:serviceaccount`. e.g. `test-ns:default` "a_key": { # An admission rule specifies either that all container images used in a pod creation request must be attested to by one or more attestors, that all pod creations will be allowed, or that all pod creations will be denied. Images matching an admission allowlist pattern are exempted from admission rules and will never block a pod creation. "enforcementMode": "A String", # Required. The action when a pod creation is denied by the admission rule. "evaluationMode": "A String", # Required. How this admission rule will be evaluated. @@ -202,7 +202,7 @@

Method Details

}, "description": "A String", # Optional. A descriptive comment. "globalPolicyEvaluationMode": "A String", # Optional. Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not covered by the global policy will be subject to the project admission policy. This setting has no effect when specified inside a global admission policy. - "istioServiceIdentityAdmissionRules": { # Optional. Per-istio-service-identity admission rules. Istio service identity spec format: spiffe:///ns//sa/ or /ns//sa/ e.g. spiffe://example.com/ns/test-ns/sa/default + "istioServiceIdentityAdmissionRules": { # Optional. Per-istio-service-identity admission rules. Istio service identity spec format: `spiffe:///ns//sa/` or `/ns//sa/` e.g. `spiffe://example.com/ns/test-ns/sa/default` "a_key": { # An admission rule specifies either that all container images used in a pod creation request must be attested to by one or more attestors, that all pod creations will be allowed, or that all pod creations will be denied. Images matching an admission allowlist pattern are exempted from admission rules and will never block a pod creation. "enforcementMode": "A String", # Required. The action when a pod creation is denied by the admission rule. "evaluationMode": "A String", # Required. How this admission rule will be evaluated. @@ -211,7 +211,7 @@

Method Details

], }, }, - "kubernetesNamespaceAdmissionRules": { # Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: [a-z.-]+, e.g. 'some-namespace' + "kubernetesNamespaceAdmissionRules": { # Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: `[a-z.-]+`, e.g. `some-namespace` "a_key": { # An admission rule specifies either that all container images used in a pod creation request must be attested to by one or more attestors, that all pod creations will be allowed, or that all pod creations will be denied. Images matching an admission allowlist pattern are exempted from admission rules and will never block a pod creation. "enforcementMode": "A String", # Required. The action when a pod creation is denied by the admission rule. "evaluationMode": "A String", # Required. How this admission rule will be evaluated. @@ -220,7 +220,7 @@

Method Details

], }, }, - "kubernetesServiceAccountAdmissionRules": { # Optional. Per-kubernetes-service-account admission rules. Service account spec format: `namespace:serviceaccount`. e.g. 'test-ns:default' + "kubernetesServiceAccountAdmissionRules": { # Optional. Per-kubernetes-service-account admission rules. Service account spec format: `namespace:serviceaccount`. e.g. `test-ns:default` "a_key": { # An admission rule specifies either that all container images used in a pod creation request must be attested to by one or more attestors, that all pod creations will be allowed, or that all pod creations will be denied. Images matching an admission allowlist pattern are exempted from admission rules and will never block a pod creation. "enforcementMode": "A String", # Required. The action when a pod creation is denied by the admission rule. "evaluationMode": "A String", # Required. How this admission rule will be evaluated. @@ -265,7 +265,7 @@

Method Details

}, "description": "A String", # Optional. A descriptive comment. "globalPolicyEvaluationMode": "A String", # Optional. Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not covered by the global policy will be subject to the project admission policy. This setting has no effect when specified inside a global admission policy. - "istioServiceIdentityAdmissionRules": { # Optional. Per-istio-service-identity admission rules. Istio service identity spec format: spiffe:///ns//sa/ or /ns//sa/ e.g. spiffe://example.com/ns/test-ns/sa/default + "istioServiceIdentityAdmissionRules": { # Optional. Per-istio-service-identity admission rules. Istio service identity spec format: `spiffe:///ns//sa/` or `/ns//sa/` e.g. `spiffe://example.com/ns/test-ns/sa/default` "a_key": { # An admission rule specifies either that all container images used in a pod creation request must be attested to by one or more attestors, that all pod creations will be allowed, or that all pod creations will be denied. Images matching an admission allowlist pattern are exempted from admission rules and will never block a pod creation. "enforcementMode": "A String", # Required. The action when a pod creation is denied by the admission rule. "evaluationMode": "A String", # Required. How this admission rule will be evaluated. @@ -274,7 +274,7 @@

Method Details

], }, }, - "kubernetesNamespaceAdmissionRules": { # Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: [a-z.-]+, e.g. 'some-namespace' + "kubernetesNamespaceAdmissionRules": { # Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: `[a-z.-]+`, e.g. `some-namespace` "a_key": { # An admission rule specifies either that all container images used in a pod creation request must be attested to by one or more attestors, that all pod creations will be allowed, or that all pod creations will be denied. Images matching an admission allowlist pattern are exempted from admission rules and will never block a pod creation. "enforcementMode": "A String", # Required. The action when a pod creation is denied by the admission rule. "evaluationMode": "A String", # Required. How this admission rule will be evaluated. @@ -283,7 +283,7 @@

Method Details

], }, }, - "kubernetesServiceAccountAdmissionRules": { # Optional. Per-kubernetes-service-account admission rules. Service account spec format: `namespace:serviceaccount`. e.g. 'test-ns:default' + "kubernetesServiceAccountAdmissionRules": { # Optional. Per-kubernetes-service-account admission rules. Service account spec format: `namespace:serviceaccount`. e.g. `test-ns:default` "a_key": { # An admission rule specifies either that all container images used in a pod creation request must be attested to by one or more attestors, that all pod creations will be allowed, or that all pod creations will be denied. Images matching an admission allowlist pattern are exempted from admission rules and will never block a pod creation. "enforcementMode": "A String", # Required. The action when a pod creation is denied by the admission rule. "evaluationMode": "A String", # Required. How this admission rule will be evaluated. diff --git a/docs/dyn/binaryauthorization_v1.projects.policy.html b/docs/dyn/binaryauthorization_v1.projects.policy.html index d67e4b44653..ab704766470 100644 --- a/docs/dyn/binaryauthorization_v1.projects.policy.html +++ b/docs/dyn/binaryauthorization_v1.projects.policy.html @@ -98,7 +98,7 @@

Method Details

Args: resource: string, REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. (required) - options_requestedPolicyVersion: integer, Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). + options_requestedPolicyVersion: integer, Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). x__xgafv: string, V1 error format. Allowed values 1 - v1 error format diff --git a/docs/dyn/binaryauthorization_v1.systempolicy.html b/docs/dyn/binaryauthorization_v1.systempolicy.html index 8ff80b41e46..da367b7a597 100644 --- a/docs/dyn/binaryauthorization_v1.systempolicy.html +++ b/docs/dyn/binaryauthorization_v1.systempolicy.html @@ -124,7 +124,7 @@

Method Details

}, "description": "A String", # Optional. A descriptive comment. "globalPolicyEvaluationMode": "A String", # Optional. Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not covered by the global policy will be subject to the project admission policy. This setting has no effect when specified inside a global admission policy. - "istioServiceIdentityAdmissionRules": { # Optional. Per-istio-service-identity admission rules. Istio service identity spec format: spiffe:///ns//sa/ or /ns//sa/ e.g. spiffe://example.com/ns/test-ns/sa/default + "istioServiceIdentityAdmissionRules": { # Optional. Per-istio-service-identity admission rules. Istio service identity spec format: `spiffe:///ns//sa/` or `/ns//sa/` e.g. `spiffe://example.com/ns/test-ns/sa/default` "a_key": { # An admission rule specifies either that all container images used in a pod creation request must be attested to by one or more attestors, that all pod creations will be allowed, or that all pod creations will be denied. Images matching an admission allowlist pattern are exempted from admission rules and will never block a pod creation. "enforcementMode": "A String", # Required. The action when a pod creation is denied by the admission rule. "evaluationMode": "A String", # Required. How this admission rule will be evaluated. @@ -133,7 +133,7 @@

Method Details

], }, }, - "kubernetesNamespaceAdmissionRules": { # Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: [a-z.-]+, e.g. 'some-namespace' + "kubernetesNamespaceAdmissionRules": { # Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: `[a-z.-]+`, e.g. `some-namespace` "a_key": { # An admission rule specifies either that all container images used in a pod creation request must be attested to by one or more attestors, that all pod creations will be allowed, or that all pod creations will be denied. Images matching an admission allowlist pattern are exempted from admission rules and will never block a pod creation. "enforcementMode": "A String", # Required. The action when a pod creation is denied by the admission rule. "evaluationMode": "A String", # Required. How this admission rule will be evaluated. @@ -142,7 +142,7 @@

Method Details

], }, }, - "kubernetesServiceAccountAdmissionRules": { # Optional. Per-kubernetes-service-account admission rules. Service account spec format: `namespace:serviceaccount`. e.g. 'test-ns:default' + "kubernetesServiceAccountAdmissionRules": { # Optional. Per-kubernetes-service-account admission rules. Service account spec format: `namespace:serviceaccount`. e.g. `test-ns:default` "a_key": { # An admission rule specifies either that all container images used in a pod creation request must be attested to by one or more attestors, that all pod creations will be allowed, or that all pod creations will be denied. Images matching an admission allowlist pattern are exempted from admission rules and will never block a pod creation. "enforcementMode": "A String", # Required. The action when a pod creation is denied by the admission rule. "evaluationMode": "A String", # Required. How this admission rule will be evaluated. diff --git a/docs/dyn/calendar_v3.events.html b/docs/dyn/calendar_v3.events.html index b10c2bf30e0..aa4ace9f4d9 100644 --- a/docs/dyn/calendar_v3.events.html +++ b/docs/dyn/calendar_v3.events.html @@ -310,6 +310,7 @@

Method Details

"eventType": "default", # Specific type of the event. Read-only. Possible values are: # - "default" - A regular event or not further specified. # - "outOfOffice" - An out-of-office event. + # - "focusTime" - A focus-time event. "extendedProperties": { # Extended properties of the event. "private": { # Properties that are private to the copy of the event that appears on this calendar. "a_key": "A String", # The name of the private property and the corresponding value. @@ -575,6 +576,7 @@

Method Details

"eventType": "default", # Specific type of the event. Read-only. Possible values are: # - "default" - A regular event or not further specified. # - "outOfOffice" - An out-of-office event. + # - "focusTime" - A focus-time event. "extendedProperties": { # Extended properties of the event. "private": { # Properties that are private to the copy of the event that appears on this calendar. "a_key": "A String", # The name of the private property and the corresponding value. @@ -836,6 +838,7 @@

Method Details

"eventType": "default", # Specific type of the event. Read-only. Possible values are: # - "default" - A regular event or not further specified. # - "outOfOffice" - An out-of-office event. + # - "focusTime" - A focus-time event. "extendedProperties": { # Extended properties of the event. "private": { # Properties that are private to the copy of the event that appears on this calendar. "a_key": "A String", # The name of the private property and the corresponding value. @@ -1101,6 +1104,7 @@

Method Details

"eventType": "default", # Specific type of the event. Read-only. Possible values are: # - "default" - A regular event or not further specified. # - "outOfOffice" - An out-of-office event. + # - "focusTime" - A focus-time event. "extendedProperties": { # Extended properties of the event. "private": { # Properties that are private to the copy of the event that appears on this calendar. "a_key": "A String", # The name of the private property and the corresponding value. @@ -1371,6 +1375,7 @@

Method Details

"eventType": "default", # Specific type of the event. Read-only. Possible values are: # - "default" - A regular event or not further specified. # - "outOfOffice" - An out-of-office event. + # - "focusTime" - A focus-time event. "extendedProperties": { # Extended properties of the event. "private": { # Properties that are private to the copy of the event that appears on this calendar. "a_key": "A String", # The name of the private property and the corresponding value. @@ -1667,6 +1672,7 @@

Method Details

"eventType": "default", # Specific type of the event. Read-only. Possible values are: # - "default" - A regular event or not further specified. # - "outOfOffice" - An out-of-office event. + # - "focusTime" - A focus-time event. "extendedProperties": { # Extended properties of the event. "private": { # Properties that are private to the copy of the event that appears on this calendar. "a_key": "A String", # The name of the private property and the corresponding value. @@ -2008,6 +2014,7 @@

Method Details

"eventType": "default", # Specific type of the event. Read-only. Possible values are: # - "default" - A regular event or not further specified. # - "outOfOffice" - An out-of-office event. + # - "focusTime" - A focus-time event. "extendedProperties": { # Extended properties of the event. "private": { # Properties that are private to the copy of the event that appears on this calendar. "a_key": "A String", # The name of the private property and the corresponding value. @@ -2306,6 +2313,7 @@

Method Details

"eventType": "default", # Specific type of the event. Read-only. Possible values are: # - "default" - A regular event or not further specified. # - "outOfOffice" - An out-of-office event. + # - "focusTime" - A focus-time event. "extendedProperties": { # Extended properties of the event. "private": { # Properties that are private to the copy of the event that appears on this calendar. "a_key": "A String", # The name of the private property and the corresponding value. @@ -2572,6 +2580,7 @@

Method Details

"eventType": "default", # Specific type of the event. Read-only. Possible values are: # - "default" - A regular event or not further specified. # - "outOfOffice" - An out-of-office event. + # - "focusTime" - A focus-time event. "extendedProperties": { # Extended properties of the event. "private": { # Properties that are private to the copy of the event that appears on this calendar. "a_key": "A String", # The name of the private property and the corresponding value. @@ -2843,6 +2852,7 @@

Method Details

"eventType": "default", # Specific type of the event. Read-only. Possible values are: # - "default" - A regular event or not further specified. # - "outOfOffice" - An out-of-office event. + # - "focusTime" - A focus-time event. "extendedProperties": { # Extended properties of the event. "private": { # Properties that are private to the copy of the event that appears on this calendar. "a_key": "A String", # The name of the private property and the corresponding value. @@ -3118,6 +3128,7 @@

Method Details

"eventType": "default", # Specific type of the event. Read-only. Possible values are: # - "default" - A regular event or not further specified. # - "outOfOffice" - An out-of-office event. + # - "focusTime" - A focus-time event. "extendedProperties": { # Extended properties of the event. "private": { # Properties that are private to the copy of the event that appears on this calendar. "a_key": "A String", # The name of the private property and the corresponding value. @@ -3384,6 +3395,7 @@

Method Details

"eventType": "default", # Specific type of the event. Read-only. Possible values are: # - "default" - A regular event or not further specified. # - "outOfOffice" - An out-of-office event. + # - "focusTime" - A focus-time event. "extendedProperties": { # Extended properties of the event. "private": { # Properties that are private to the copy of the event that appears on this calendar. "a_key": "A String", # The name of the private property and the corresponding value. @@ -3655,6 +3667,7 @@

Method Details

"eventType": "default", # Specific type of the event. Read-only. Possible values are: # - "default" - A regular event or not further specified. # - "outOfOffice" - An out-of-office event. + # - "focusTime" - A focus-time event. "extendedProperties": { # Extended properties of the event. "private": { # Properties that are private to the copy of the event that appears on this calendar. "a_key": "A String", # The name of the private property and the corresponding value. diff --git a/docs/dyn/chromemanagement_v1.customers.html b/docs/dyn/chromemanagement_v1.customers.html index c32b79f57e9..274af6efb96 100644 --- a/docs/dyn/chromemanagement_v1.customers.html +++ b/docs/dyn/chromemanagement_v1.customers.html @@ -84,6 +84,11 @@

Instance Methods

Returns the reports Resource.

+

+ telemetry() +

+

Returns the telemetry Resource.

+

close()

Close httplib2 connections.

diff --git a/docs/dyn/chromemanagement_v1.customers.telemetry.devices.html b/docs/dyn/chromemanagement_v1.customers.telemetry.devices.html new file mode 100644 index 00000000000..75e3f96fe1e --- /dev/null +++ b/docs/dyn/chromemanagement_v1.customers.telemetry.devices.html @@ -0,0 +1,280 @@ + + + +

Chrome Management API . customers . telemetry . devices

+

Instance Methods

+

+ close()

+

Close httplib2 connections.

+

+ list(parent, filter=None, pageSize=None, pageToken=None, readMask=None, x__xgafv=None)

+

List all telemetry devices.

+

+ list_next(previous_request, previous_response)

+

Retrieves the next page of results.

+

Method Details

+
+ close() + 
Close httplib2 connections.
+
+ +
+ list(parent, filter=None, pageSize=None, pageToken=None, readMask=None, x__xgafv=None) + 
List all telemetry devices.
+
+Args:
+  parent: string, Required. Customer id or "my_customer" to use the customer associated to the account making the request. (required)
+  filter: string, Optional. Only include resources that match the filter. Supported filter fields: - org_unit_id - serial_number 
+  pageSize: integer, Maximum number of results to return. Maximum and default are 100.
+  pageToken: string, Token to specify next page in the list.
+  readMask: string, Required. Read mask to specify which fields to return.
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    {
+  "devices": [ # Telemetry devices returned in the response.
+    { # Telemetry data collected from a managed device.
+      "batteryInfo": [ # Output only. Information on battery specs for the device.
+        { # Battery info
+          "designCapacity": "A String", # Output only. Design capacity (mAmpere-hours).
+          "designMinVoltage": 42, # Output only. Designed minimum output voltage (mV)
+          "manufactureDate": { # Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`. # Output only. The date the battery was manufactured.
+            "day": 42, # Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.
+            "month": 42, # Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.
+            "year": 42, # Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.
+          },
+          "manufacturer": "A String", # Output only. Battery manufacturer.
+          "serialNumber": "A String", # Output only. Battery serial number.
+          "technology": "A String", # Output only. Technology of the battery. Example: Li-ion
+        },
+      ],
+      "batteryStatusReport": [ # Output only. Battery reports collected periodically.
+        { # Status data for battery.
+          "batteryHealth": "A String", # Output only. Battery health.
+          "cycleCount": 42, # Output only. Cycle count.
+          "fullChargeCapacity": "A String", # Output only. Full charge capacity (mAmpere-hours).
+          "reportTime": "A String", # Output only. Timestamp of when the sample was collected on device
+          "sample": [ # Output only. Sampling data for the battery.
+            { # Sampling data for battery.
+              "chargeRate": 42, # Output only. Battery charge percentage.
+              "current": "A String", # Output only. Battery current (mA).
+              "dischargeRate": 42, # Output only. The battery discharge rate measured in mW. Positive if the battery is being discharged, negative if it's being charged.
+              "remainingCapacity": "A String", # Output only. Battery remaining capacity (mAmpere-hours).
+              "reportTime": "A String", # Output only. Timestamp of when the sample was collected on device
+              "status": "A String", # Output only. Battery status read from sysfs. Example: Discharging
+              "temperature": 42, # Output only. Temperature in Celsius degrees.
+              "voltage": "A String", # Output only. Battery voltage (millivolt).
+            },
+          ],
+          "serialNumber": "A String", # Output only. Battery serial number.
+        },
+      ],
+      "cpuInfo": [ # Output only. Information regarding CPU specs for the device.
+        { # CPU specs for a CPU.
+          "architecture": "A String", # Output only. The CPU architecture.
+          "maxClockSpeed": 42, # Output only. The max CPU clock speed in kHz.
+          "model": "A String", # Output only. The CPU model name. Example: Intel(R) Core(TM) i5-8250U CPU @ 1.60GHz
+        },
+      ],
+      "cpuStatusReport": [ # Output only. CPU status reports collected periodically.
+        { # Contains samples of the cpu status reports.
+          "cpuTemperatureInfo": [ # Output only. CPU temperature sample info per CPU core in Celsius
+            { # CPU temperature of a device. Sampled per CPU core in Celsius
+              "label": "A String", # Output only. CPU label. Example: Core 0
+              "temperatureCelsius": 42, # Output only. CPU temperature in Celsius.
+            },
+          ],
+          "cpuUtilizationPct": 42, # Output only. Sample of CPU utilization (0-100 percent).
+          "reportTime": "A String", # Output only. The timestamp in milliseconds representing time at which this report was sampled.
+          "sampleFrequency": "A String", # Output only. Frequency the report is sampled.
+        },
+      ],
+      "customer": "A String", # Output only. Google Workspace Customer whose enterprise enrolled the device.
+      "deviceId": "A String", # Output only. The unique Directory API ID of the device. This value is the same as the Admin Console's Directory API ID in the Chrome OS Devices tab
+      "graphicsInfo": { # Information of the graphics subsystem. # Output only. Contains information regarding Graphic peripherals for the device.
+        "adapterInfo": { # Information of a graphics adapter (GPU). # Output only. Information about the graphics adapter (GPU).
+          "adapter": "A String", # Output only. Adapter name. Example: Mesa DRI Intel(R) UHD Graphics 620 (Kabylake GT2).
+          "deviceId": "A String", # Output only. Represents the graphics card device id.
+          "driverVersion": "A String", # Output only. Version of the GPU driver.
+        },
+      },
+      "graphicsStatusReport": [ # Output only. Graphics reports collected periodically.
+        { # Information of the graphics subsystem.
+          "displays": [ # Output only. Information about the displays for the device.
+            { # Information for a display.
+              "deviceId": "A String", # Output only. Represents the graphics card device id.
+              "isInternal": True or False, # Output only. Indicates if display is internal or not.
+              "refreshRate": 42, # Output only. Refresh rate in Hz.
+              "resolutionHeight": 42, # Output only. Resolution height in pixels.
+              "resolutionWidth": 42, # Output only. Resolution width in pixels.
+            },
+          ],
+          "reportTime": "A String", # Output only. Time at which the graphics data was reported.
+        },
+      ],
+      "memoryInfo": { # Memory information of a device. # Output only. Information regarding memory specs for the device.
+        "availableRamBytes": "A String", # Output only. Amount of available RAM in bytes.
+        "totalRamBytes": "A String", # Output only. Total RAM in bytes.
+      },
+      "memoryStatusReport": [ # Output only. Memory status reports collected periodically.
+        { # Contains samples of memory status reports.
+          "pageFaults": 42, # Output only. Number of page faults during this collection
+          "reportTime": "A String", # Output only. The timestamp in milliseconds representing time at which this report was sampled.
+          "sampleFrequency": "A String", # Output only. Frequency the report is sampled.
+          "systemRamFreeBytes": "A String", # Output only. Amount of free RAM in bytes (unreliable due to Garbage Collection).
+        },
+      ],
+      "name": "A String", # Output only. Resource name of the device.
+      "networkStatusReport": [ # Output only. Network specs collected periodically.
+        { # State of visible/configured networks.
+          "gatewayIpAddress": "A String", # Output only. Gateway IP address.
+          "lanIpAddress": "A String", # Output only. LAN IP address.
+          "reportTime": "A String", # Output only. Time at which the network state was reported.
+          "sampleFrequency": "A String", # Output only. Frequency the report is sampled.
+          "signalStrengthDbm": 42, # Output only. Signal strength for wireless networks measured in decibels.
+        },
+      ],
+      "orgUnitId": "A String", # Output only. Organization unit ID of the device.
+      "osUpdateStatus": [ # Output only. Contains relevant information regarding ChromeOS update status.
+        { # Contains information regarding the current OS update status.
+          "lastRebootTime": "A String", # Output only. Timestamp of the last reboot.
+          "lastUpdateCheckTime": "A String", # Output only. Timestamp of the last update check.
+          "lastUpdateTime": "A String", # Output only. Timestamp of the last successful update.
+          "newPlatformVersion": "A String", # Output only. New platform version of the os image being downloaded and applied. It is only set when update status is OS_IMAGE_DOWNLOAD_IN_PROGRESS or OS_UPDATE_NEED_REBOOT. Note this could be a dummy "0.0.0.0" for OS_UPDATE_NEED_REBOOT status for some edge cases, e.g. update engine is restarted without a reboot.
+          "newRequestedPlatformVersion": "A String", # Output only. New requested platform version from the pending updated kiosk app.
+          "updateState": "A String", # Output only. Current state of the os update.
+        },
+      ],
+      "serialNumber": "A String", # Output only. Device serial number. This value is the same as the Admin Console's Serial Number in the Chrome OS Devices tab.
+      "storageInfo": { # Status data for storage. # Output only. Information of storage specs for the device.
+        "availableDiskBytes": "A String", # The available space for user data storage in the device in bytes.
+        "totalDiskBytes": "A String", # The total space for user data storage in the device in bytes.
+        "volume": [ # Information for disk volumes
+          { # Information for disk volumes
+            "storageFreeBytes": "A String", # Free storage space in bytes.
+            "storageTotalBytes": "A String", # Total storage space in bytes.
+            "volumeId": "A String", # Disk volume id.
+          },
+        ],
+      },
+      "storageStatusReport": [ # Output only. Storage reports collected periodically.
+        { # Status data for storage.
+          "disk": [ # Output only. Reports on disk
+            { # Status of the single storage device.
+              "bytesReadThisSession": "A String", # Output only. Number of bytes read since last boot.
+              "bytesWrittenThisSession": "A String", # Output only. Number of bytes written since last boot.
+              "discardTimeThisSession": "A String", # Output only. Time spent discarding since last boot. Discarding is writing to clear blocks which are no longer in use. Supported on kernels 4.18+.
+              "health": "A String", # Output only. Disk health.
+              "ioTimeThisSession": "A String", # Output only. Counts the time the disk and queue were busy, so unlike the fields above, parallel requests are not counted multiple times.
+              "manufacturer": "A String", # Output only. Disk manufacturer.
+              "model": "A String", # Output only. Disk model.
+              "readTimeThisSession": "A String", # Output only. Time spent reading from disk since last boot.
+              "serialNumber": "A String", # Output only. Disk serial number.
+              "sizeBytes": "A String", # Output only. Disk size.
+              "type": "A String", # Output only. Disk type: eMMC / NVMe / ATA / SCSI.
+              "volumeIds": [ # Output only. Disk volumes.
+                "A String",
+              ],
+              "writeTimeThisSession": "A String", # Output only. Time spent writing to disk since last boot.
+            },
+          ],
+          "reportTime": "A String", # Output only. Timestamp of when the sample was collected on device
+        },
+      ],
+    },
+  ],
+  "nextPageToken": "A String", # Token to specify next page in the list.
+}
+
+ +
+ list_next(previous_request, previous_response) + 
Retrieves the next page of results.
+
+Args:
+  previous_request: The request for the previous page. (required)
+  previous_response: The response from the request for the previous page. (required)
+
+Returns:
+  A request object that you can call 'execute()' on to request the next
+  page. Returns None if there are no more items in the collection.
+
+
+ + \ No newline at end of file diff --git a/docs/dyn/chromemanagement_v1.customers.telemetry.html b/docs/dyn/chromemanagement_v1.customers.telemetry.html new file mode 100644 index 00000000000..6f3e10b8ae9 --- /dev/null +++ b/docs/dyn/chromemanagement_v1.customers.telemetry.html @@ -0,0 +1,91 @@ + + + +

Chrome Management API . customers . telemetry

+

Instance Methods

+

+ devices() +

+

Returns the devices Resource.

+ +

+ close()

+

Close httplib2 connections.

+

Method Details

+
+ close() + 
Close httplib2 connections.
+
+ + \ No newline at end of file diff --git a/docs/dyn/cloudasset_v1.html b/docs/dyn/cloudasset_v1.html index 50244355758..01bfccfcf5e 100644 --- a/docs/dyn/cloudasset_v1.html +++ b/docs/dyn/cloudasset_v1.html @@ -89,6 +89,11 @@

Instance Methods

Returns the operations Resource.

+

+ savedQueries() +

+

Returns the savedQueries Resource.

+

v1()

diff --git a/docs/dyn/cloudasset_v1.savedQueries.html b/docs/dyn/cloudasset_v1.savedQueries.html new file mode 100644 index 00000000000..f257756d308 --- /dev/null +++ b/docs/dyn/cloudasset_v1.savedQueries.html @@ -0,0 +1,464 @@ + + + +

Cloud Asset API . savedQueries

+

Instance Methods

+

+ close()

+

Close httplib2 connections.

+

+ create(parent, body=None, savedQueryId=None, x__xgafv=None)

+

Creates a saved query in a parent project/folder/organization.

+

+ delete(name, x__xgafv=None)

+

Deletes a saved query.

+

+ get(name, x__xgafv=None)

+

Gets details about a saved query.

+

+ list(parent, filter=None, pageSize=None, pageToken=None, x__xgafv=None)

+

Lists all saved queries in a parent project/folder/organization.

+

+ list_next(previous_request, previous_response)

+

Retrieves the next page of results.

+

+ patch(name, body=None, updateMask=None, x__xgafv=None)

+

Updates a saved query.

+

Method Details

+
+ close() + 
Close httplib2 connections.
+
+ +
+ create(parent, body=None, savedQueryId=None, x__xgafv=None) + 
Creates a saved query in a parent project/folder/organization.
+
+Args:
+  parent: string, Required. The name of the project/folder/organization where this saved_query should be created in. It can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id")", or a project number (such as "projects/12345"). (required)
+  body: object, The request body.
+    The object takes the form of:
+
+{ # A saved query which can be shared with others or used later.
+  "content": { # The query content. # The query content.
+    "iamPolicyAnalysisQuery": { # ## IAM policy analysis query message. # An IAM Policy Analysis query, which could be used in the AssetService.AnalyzeIamPolicy rpc or the AssetService.AnalyzeIamPolicyLongrunning rpc.
+      "accessSelector": { # Specifies roles and/or permissions to analyze, to determine both the identities possessing them and the resources they control. If multiple values are specified, results will include roles or permissions matching any of them. The total number of roles and permissions should be equal or less than 10. # Optional. Specifies roles or permissions for analysis. This is optional.
+        "permissions": [ # Optional. The permissions to appear in result.
+          "A String",
+        ],
+        "roles": [ # Optional. The roles to appear in result.
+          "A String",
+        ],
+      },
+      "conditionContext": { # The IAM conditions context. # Optional. The hypothetical context for IAM conditions evaluation.
+        "accessTime": "A String", # The hypothetical access timestamp to evaluate IAM conditions. Note that this value must not be earlier than the current time; otherwise, an INVALID_ARGUMENT error will be returned.
+      },
+      "identitySelector": { # Specifies an identity for which to determine resource access, based on roles assigned either directly to them or to the groups they belong to, directly or indirectly. # Optional. Specifies an identity for analysis.
+        "identity": "A String", # Required. The identity appear in the form of principals in [IAM policy binding](https://cloud.google.com/iam/reference/rest/v1/Binding). The examples of supported forms are: "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com". Notice that wildcard characters (such as * and ?) are not supported. You must give a specific identity.
+      },
+      "options": { # Contains query options. # Optional. The query options.
+        "analyzeServiceAccountImpersonation": True or False, # Optional. If true, the response will include access analysis from identities to resources via service account impersonation. This is a very expensive operation, because many derived queries will be executed. We highly recommend you use AssetService.AnalyzeIamPolicyLongrunning rpc instead. For example, if the request analyzes for which resources user A has permission P, and there's an IAM policy states user A has iam.serviceAccounts.getAccessToken permission to a service account SA, and there's another IAM policy states service account SA has permission P to a GCP folder F, then user A potentially has access to the GCP folder F. And those advanced analysis results will be included in AnalyzeIamPolicyResponse.service_account_impersonation_analysis. Another example, if the request analyzes for who has permission P to a GCP folder F, and there's an IAM policy states user A has iam.serviceAccounts.actAs permission to a service account SA, and there's another IAM policy states service account SA has permission P to the GCP folder F, then user A potentially has access to the GCP folder F. And those advanced analysis results will be included in AnalyzeIamPolicyResponse.service_account_impersonation_analysis. Default is false.
+        "expandGroups": True or False, # Optional. If true, the identities section of the result will expand any Google groups appearing in an IAM policy binding. If IamPolicyAnalysisQuery.identity_selector is specified, the identity in the result will be determined by the selector, and this flag is not allowed to set. Default is false.
+        "expandResources": True or False, # Optional. If true and IamPolicyAnalysisQuery.resource_selector is not specified, the resource section of the result will expand any resource attached to an IAM policy to include resources lower in the resource hierarchy. For example, if the request analyzes for which resources user A has permission P, and the results include an IAM policy with P on a GCP folder, the results will also include resources in that folder with permission P. If true and IamPolicyAnalysisQuery.resource_selector is specified, the resource section of the result will expand the specified resource to include resources lower in the resource hierarchy. Only project or lower resources are supported. Folder and organization resource cannot be used together with this option. For example, if the request analyzes for which users have permission P on a GCP project with this option enabled, the results will include all users who have permission P on that project or any lower resource. Default is false.
+        "expandRoles": True or False, # Optional. If true, the access section of result will expand any roles appearing in IAM policy bindings to include their permissions. If IamPolicyAnalysisQuery.access_selector is specified, the access section of the result will be determined by the selector, and this flag is not allowed to set. Default is false.
+        "outputGroupEdges": True or False, # Optional. If true, the result will output the relevant membership relationships between groups and other groups, and between groups and principals. Default is false.
+        "outputResourceEdges": True or False, # Optional. If true, the result will output the relevant parent/child relationships between resources. Default is false.
+      },
+      "resourceSelector": { # Specifies the resource to analyze for access policies, which may be set directly on the resource, or on ancestors such as organizations, folders or projects. # Optional. Specifies a resource for analysis.
+        "fullResourceName": "A String", # Required. The [full resource name] (https://cloud.google.com/asset-inventory/docs/resource-name-format) of a resource of [supported resource types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#analyzable_asset_types).
+      },
+      "scope": "A String", # Required. The relative name of the root asset. Only resources and IAM policies within the scope will be analyzed. This can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"). To know how to get organization id, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id). To know how to get folder or project id, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-folders#viewing_or_listing_folders_and_projects).
+    },
+  },
+  "createTime": "A String", # Output only. The create time of this saved query.
+  "creator": "A String", # Output only. The account's email address who has created this saved query.
+  "description": "A String", # The description of this saved query. This value should be fewer than 255 characters.
+  "labels": { # Labels applied on the resource. This value should not contain more than 10 entries. The key and value of each entry must be non-empty and fewer than 64 characters.
+    "a_key": "A String",
+  },
+  "lastUpdateTime": "A String", # Output only. The last update time of this saved query.
+  "lastUpdater": "A String", # Output only. The account's email address who has updated this saved query most recently.
+  "name": "A String", # The resource name of the saved query. The format must be: * projects/project_number/savedQueries/saved_query_id * folders/folder_number/savedQueries/saved_query_id * organizations/organization_number/savedQueries/saved_query_id
+}
+
+  savedQueryId: string, Required. The ID to use for the saved query, which must be unique in the specified parent. It will become the final component of the saved query's resource name. This value should be 4-63 characters, and valid characters are /a-z-/. Notice that this field is required in the saved query creation, and the `name` field of the `saved_query` will be ignored.
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # A saved query which can be shared with others or used later.
+  "content": { # The query content. # The query content.
+    "iamPolicyAnalysisQuery": { # ## IAM policy analysis query message. # An IAM Policy Analysis query, which could be used in the AssetService.AnalyzeIamPolicy rpc or the AssetService.AnalyzeIamPolicyLongrunning rpc.
+      "accessSelector": { # Specifies roles and/or permissions to analyze, to determine both the identities possessing them and the resources they control. If multiple values are specified, results will include roles or permissions matching any of them. The total number of roles and permissions should be equal or less than 10. # Optional. Specifies roles or permissions for analysis. This is optional.
+        "permissions": [ # Optional. The permissions to appear in result.
+          "A String",
+        ],
+        "roles": [ # Optional. The roles to appear in result.
+          "A String",
+        ],
+      },
+      "conditionContext": { # The IAM conditions context. # Optional. The hypothetical context for IAM conditions evaluation.
+        "accessTime": "A String", # The hypothetical access timestamp to evaluate IAM conditions. Note that this value must not be earlier than the current time; otherwise, an INVALID_ARGUMENT error will be returned.
+      },
+      "identitySelector": { # Specifies an identity for which to determine resource access, based on roles assigned either directly to them or to the groups they belong to, directly or indirectly. # Optional. Specifies an identity for analysis.
+        "identity": "A String", # Required. The identity appear in the form of principals in [IAM policy binding](https://cloud.google.com/iam/reference/rest/v1/Binding). The examples of supported forms are: "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com". Notice that wildcard characters (such as * and ?) are not supported. You must give a specific identity.
+      },
+      "options": { # Contains query options. # Optional. The query options.
+        "analyzeServiceAccountImpersonation": True or False, # Optional. If true, the response will include access analysis from identities to resources via service account impersonation. This is a very expensive operation, because many derived queries will be executed. We highly recommend you use AssetService.AnalyzeIamPolicyLongrunning rpc instead. For example, if the request analyzes for which resources user A has permission P, and there's an IAM policy states user A has iam.serviceAccounts.getAccessToken permission to a service account SA, and there's another IAM policy states service account SA has permission P to a GCP folder F, then user A potentially has access to the GCP folder F. And those advanced analysis results will be included in AnalyzeIamPolicyResponse.service_account_impersonation_analysis. Another example, if the request analyzes for who has permission P to a GCP folder F, and there's an IAM policy states user A has iam.serviceAccounts.actAs permission to a service account SA, and there's another IAM policy states service account SA has permission P to the GCP folder F, then user A potentially has access to the GCP folder F. And those advanced analysis results will be included in AnalyzeIamPolicyResponse.service_account_impersonation_analysis. Default is false.
+        "expandGroups": True or False, # Optional. If true, the identities section of the result will expand any Google groups appearing in an IAM policy binding. If IamPolicyAnalysisQuery.identity_selector is specified, the identity in the result will be determined by the selector, and this flag is not allowed to set. Default is false.
+        "expandResources": True or False, # Optional. If true and IamPolicyAnalysisQuery.resource_selector is not specified, the resource section of the result will expand any resource attached to an IAM policy to include resources lower in the resource hierarchy. For example, if the request analyzes for which resources user A has permission P, and the results include an IAM policy with P on a GCP folder, the results will also include resources in that folder with permission P. If true and IamPolicyAnalysisQuery.resource_selector is specified, the resource section of the result will expand the specified resource to include resources lower in the resource hierarchy. Only project or lower resources are supported. Folder and organization resource cannot be used together with this option. For example, if the request analyzes for which users have permission P on a GCP project with this option enabled, the results will include all users who have permission P on that project or any lower resource. Default is false.
+        "expandRoles": True or False, # Optional. If true, the access section of result will expand any roles appearing in IAM policy bindings to include their permissions. If IamPolicyAnalysisQuery.access_selector is specified, the access section of the result will be determined by the selector, and this flag is not allowed to set. Default is false.
+        "outputGroupEdges": True or False, # Optional. If true, the result will output the relevant membership relationships between groups and other groups, and between groups and principals. Default is false.
+        "outputResourceEdges": True or False, # Optional. If true, the result will output the relevant parent/child relationships between resources. Default is false.
+      },
+      "resourceSelector": { # Specifies the resource to analyze for access policies, which may be set directly on the resource, or on ancestors such as organizations, folders or projects. # Optional. Specifies a resource for analysis.
+        "fullResourceName": "A String", # Required. The [full resource name] (https://cloud.google.com/asset-inventory/docs/resource-name-format) of a resource of [supported resource types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#analyzable_asset_types).
+      },
+      "scope": "A String", # Required. The relative name of the root asset. Only resources and IAM policies within the scope will be analyzed. This can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"). To know how to get organization id, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id). To know how to get folder or project id, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-folders#viewing_or_listing_folders_and_projects).
+    },
+  },
+  "createTime": "A String", # Output only. The create time of this saved query.
+  "creator": "A String", # Output only. The account's email address who has created this saved query.
+  "description": "A String", # The description of this saved query. This value should be fewer than 255 characters.
+  "labels": { # Labels applied on the resource. This value should not contain more than 10 entries. The key and value of each entry must be non-empty and fewer than 64 characters.
+    "a_key": "A String",
+  },
+  "lastUpdateTime": "A String", # Output only. The last update time of this saved query.
+  "lastUpdater": "A String", # Output only. The account's email address who has updated this saved query most recently.
+  "name": "A String", # The resource name of the saved query. The format must be: * projects/project_number/savedQueries/saved_query_id * folders/folder_number/savedQueries/saved_query_id * organizations/organization_number/savedQueries/saved_query_id
+}
+
+ +
+ delete(name, x__xgafv=None) + 
Deletes a saved query.
+
+Args:
+  name: string, Required. The name of the saved query to delete. It must be in the format of: * projects/project_number/savedQueries/saved_query_id * folders/folder_number/savedQueries/saved_query_id * organizations/organization_number/savedQueries/saved_query_id (required)
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for `Empty` is empty JSON object `{}`.
+}
+
+ +
+ get(name, x__xgafv=None) + 
Gets details about a saved query.
+
+Args:
+  name: string, Required. The name of the saved query and it must be in the format of: * projects/project_number/savedQueries/saved_query_id * folders/folder_number/savedQueries/saved_query_id * organizations/organization_number/savedQueries/saved_query_id (required)
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # A saved query which can be shared with others or used later.
+  "content": { # The query content. # The query content.
+    "iamPolicyAnalysisQuery": { # ## IAM policy analysis query message. # An IAM Policy Analysis query, which could be used in the AssetService.AnalyzeIamPolicy rpc or the AssetService.AnalyzeIamPolicyLongrunning rpc.
+      "accessSelector": { # Specifies roles and/or permissions to analyze, to determine both the identities possessing them and the resources they control. If multiple values are specified, results will include roles or permissions matching any of them. The total number of roles and permissions should be equal or less than 10. # Optional. Specifies roles or permissions for analysis. This is optional.
+        "permissions": [ # Optional. The permissions to appear in result.
+          "A String",
+        ],
+        "roles": [ # Optional. The roles to appear in result.
+          "A String",
+        ],
+      },
+      "conditionContext": { # The IAM conditions context. # Optional. The hypothetical context for IAM conditions evaluation.
+        "accessTime": "A String", # The hypothetical access timestamp to evaluate IAM conditions. Note that this value must not be earlier than the current time; otherwise, an INVALID_ARGUMENT error will be returned.
+      },
+      "identitySelector": { # Specifies an identity for which to determine resource access, based on roles assigned either directly to them or to the groups they belong to, directly or indirectly. # Optional. Specifies an identity for analysis.
+        "identity": "A String", # Required. The identity appear in the form of principals in [IAM policy binding](https://cloud.google.com/iam/reference/rest/v1/Binding). The examples of supported forms are: "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com". Notice that wildcard characters (such as * and ?) are not supported. You must give a specific identity.
+      },
+      "options": { # Contains query options. # Optional. The query options.
+        "analyzeServiceAccountImpersonation": True or False, # Optional. If true, the response will include access analysis from identities to resources via service account impersonation. This is a very expensive operation, because many derived queries will be executed. We highly recommend you use AssetService.AnalyzeIamPolicyLongrunning rpc instead. For example, if the request analyzes for which resources user A has permission P, and there's an IAM policy states user A has iam.serviceAccounts.getAccessToken permission to a service account SA, and there's another IAM policy states service account SA has permission P to a GCP folder F, then user A potentially has access to the GCP folder F. And those advanced analysis results will be included in AnalyzeIamPolicyResponse.service_account_impersonation_analysis. Another example, if the request analyzes for who has permission P to a GCP folder F, and there's an IAM policy states user A has iam.serviceAccounts.actAs permission to a service account SA, and there's another IAM policy states service account SA has permission P to the GCP folder F, then user A potentially has access to the GCP folder F. And those advanced analysis results will be included in AnalyzeIamPolicyResponse.service_account_impersonation_analysis. Default is false.
+        "expandGroups": True or False, # Optional. If true, the identities section of the result will expand any Google groups appearing in an IAM policy binding. If IamPolicyAnalysisQuery.identity_selector is specified, the identity in the result will be determined by the selector, and this flag is not allowed to set. Default is false.
+        "expandResources": True or False, # Optional. If true and IamPolicyAnalysisQuery.resource_selector is not specified, the resource section of the result will expand any resource attached to an IAM policy to include resources lower in the resource hierarchy. For example, if the request analyzes for which resources user A has permission P, and the results include an IAM policy with P on a GCP folder, the results will also include resources in that folder with permission P. If true and IamPolicyAnalysisQuery.resource_selector is specified, the resource section of the result will expand the specified resource to include resources lower in the resource hierarchy. Only project or lower resources are supported. Folder and organization resource cannot be used together with this option. For example, if the request analyzes for which users have permission P on a GCP project with this option enabled, the results will include all users who have permission P on that project or any lower resource. Default is false.
+        "expandRoles": True or False, # Optional. If true, the access section of result will expand any roles appearing in IAM policy bindings to include their permissions. If IamPolicyAnalysisQuery.access_selector is specified, the access section of the result will be determined by the selector, and this flag is not allowed to set. Default is false.
+        "outputGroupEdges": True or False, # Optional. If true, the result will output the relevant membership relationships between groups and other groups, and between groups and principals. Default is false.
+        "outputResourceEdges": True or False, # Optional. If true, the result will output the relevant parent/child relationships between resources. Default is false.
+      },
+      "resourceSelector": { # Specifies the resource to analyze for access policies, which may be set directly on the resource, or on ancestors such as organizations, folders or projects. # Optional. Specifies a resource for analysis.
+        "fullResourceName": "A String", # Required. The [full resource name] (https://cloud.google.com/asset-inventory/docs/resource-name-format) of a resource of [supported resource types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#analyzable_asset_types).
+      },
+      "scope": "A String", # Required. The relative name of the root asset. Only resources and IAM policies within the scope will be analyzed. This can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"). To know how to get organization id, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id). To know how to get folder or project id, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-folders#viewing_or_listing_folders_and_projects).
+    },
+  },
+  "createTime": "A String", # Output only. The create time of this saved query.
+  "creator": "A String", # Output only. The account's email address who has created this saved query.
+  "description": "A String", # The description of this saved query. This value should be fewer than 255 characters.
+  "labels": { # Labels applied on the resource. This value should not contain more than 10 entries. The key and value of each entry must be non-empty and fewer than 64 characters.
+    "a_key": "A String",
+  },
+  "lastUpdateTime": "A String", # Output only. The last update time of this saved query.
+  "lastUpdater": "A String", # Output only. The account's email address who has updated this saved query most recently.
+  "name": "A String", # The resource name of the saved query. The format must be: * projects/project_number/savedQueries/saved_query_id * folders/folder_number/savedQueries/saved_query_id * organizations/organization_number/savedQueries/saved_query_id
+}
+
+ +
+ list(parent, filter=None, pageSize=None, pageToken=None, x__xgafv=None) + 
Lists all saved queries in a parent project/folder/organization.
+
+Args:
+  parent: string, Required. The parent project/folder/organization whose savedQueries are to be listed. It can only be using project/folder/organization number (such as "folders/12345")", or a project ID (such as "projects/my-project-id"). (required)
+  filter: string, Optional. The expression to filter resources. The expression is a list of zero or more restrictions combined via logical operators `AND` and `OR`. When `AND` and `OR` are both used in the expression, parentheses must be appropriately used to group the combinations. The expression may also contain regular expressions. See https://google.aip.dev/160 for more information on the grammar.
+  pageSize: integer, Optional. The maximum number of saved queries to return per page. The service may return fewer than this value. If unspecified, at most 50 will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
+  pageToken: string, Optional. A page token, received from a previous `ListSavedQueries` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListSavedQueries` must match the call that provided the page token.
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # Response of listing saved queries.
+  "nextPageToken": "A String", # A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.
+  "savedQueries": [ # A list of savedQueries.
+    { # A saved query which can be shared with others or used later.
+      "content": { # The query content. # The query content.
+        "iamPolicyAnalysisQuery": { # ## IAM policy analysis query message. # An IAM Policy Analysis query, which could be used in the AssetService.AnalyzeIamPolicy rpc or the AssetService.AnalyzeIamPolicyLongrunning rpc.
+          "accessSelector": { # Specifies roles and/or permissions to analyze, to determine both the identities possessing them and the resources they control. If multiple values are specified, results will include roles or permissions matching any of them. The total number of roles and permissions should be equal or less than 10. # Optional. Specifies roles or permissions for analysis. This is optional.
+            "permissions": [ # Optional. The permissions to appear in result.
+              "A String",
+            ],
+            "roles": [ # Optional. The roles to appear in result.
+              "A String",
+            ],
+          },
+          "conditionContext": { # The IAM conditions context. # Optional. The hypothetical context for IAM conditions evaluation.
+            "accessTime": "A String", # The hypothetical access timestamp to evaluate IAM conditions. Note that this value must not be earlier than the current time; otherwise, an INVALID_ARGUMENT error will be returned.
+          },
+          "identitySelector": { # Specifies an identity for which to determine resource access, based on roles assigned either directly to them or to the groups they belong to, directly or indirectly. # Optional. Specifies an identity for analysis.
+            "identity": "A String", # Required. The identity appear in the form of principals in [IAM policy binding](https://cloud.google.com/iam/reference/rest/v1/Binding). The examples of supported forms are: "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com". Notice that wildcard characters (such as * and ?) are not supported. You must give a specific identity.
+          },
+          "options": { # Contains query options. # Optional. The query options.
+            "analyzeServiceAccountImpersonation": True or False, # Optional. If true, the response will include access analysis from identities to resources via service account impersonation. This is a very expensive operation, because many derived queries will be executed. We highly recommend you use AssetService.AnalyzeIamPolicyLongrunning rpc instead. For example, if the request analyzes for which resources user A has permission P, and there's an IAM policy states user A has iam.serviceAccounts.getAccessToken permission to a service account SA, and there's another IAM policy states service account SA has permission P to a GCP folder F, then user A potentially has access to the GCP folder F. And those advanced analysis results will be included in AnalyzeIamPolicyResponse.service_account_impersonation_analysis. Another example, if the request analyzes for who has permission P to a GCP folder F, and there's an IAM policy states user A has iam.serviceAccounts.actAs permission to a service account SA, and there's another IAM policy states service account SA has permission P to the GCP folder F, then user A potentially has access to the GCP folder F. And those advanced analysis results will be included in AnalyzeIamPolicyResponse.service_account_impersonation_analysis. Default is false.
+            "expandGroups": True or False, # Optional. If true, the identities section of the result will expand any Google groups appearing in an IAM policy binding. If IamPolicyAnalysisQuery.identity_selector is specified, the identity in the result will be determined by the selector, and this flag is not allowed to set. Default is false.
+            "expandResources": True or False, # Optional. If true and IamPolicyAnalysisQuery.resource_selector is not specified, the resource section of the result will expand any resource attached to an IAM policy to include resources lower in the resource hierarchy. For example, if the request analyzes for which resources user A has permission P, and the results include an IAM policy with P on a GCP folder, the results will also include resources in that folder with permission P. If true and IamPolicyAnalysisQuery.resource_selector is specified, the resource section of the result will expand the specified resource to include resources lower in the resource hierarchy. Only project or lower resources are supported. Folder and organization resource cannot be used together with this option. For example, if the request analyzes for which users have permission P on a GCP project with this option enabled, the results will include all users who have permission P on that project or any lower resource. Default is false.
+            "expandRoles": True or False, # Optional. If true, the access section of result will expand any roles appearing in IAM policy bindings to include their permissions. If IamPolicyAnalysisQuery.access_selector is specified, the access section of the result will be determined by the selector, and this flag is not allowed to set. Default is false.
+            "outputGroupEdges": True or False, # Optional. If true, the result will output the relevant membership relationships between groups and other groups, and between groups and principals. Default is false.
+            "outputResourceEdges": True or False, # Optional. If true, the result will output the relevant parent/child relationships between resources. Default is false.
+          },
+          "resourceSelector": { # Specifies the resource to analyze for access policies, which may be set directly on the resource, or on ancestors such as organizations, folders or projects. # Optional. Specifies a resource for analysis.
+            "fullResourceName": "A String", # Required. The [full resource name] (https://cloud.google.com/asset-inventory/docs/resource-name-format) of a resource of [supported resource types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#analyzable_asset_types).
+          },
+          "scope": "A String", # Required. The relative name of the root asset. Only resources and IAM policies within the scope will be analyzed. This can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"). To know how to get organization id, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id). To know how to get folder or project id, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-folders#viewing_or_listing_folders_and_projects).
+        },
+      },
+      "createTime": "A String", # Output only. The create time of this saved query.
+      "creator": "A String", # Output only. The account's email address who has created this saved query.
+      "description": "A String", # The description of this saved query. This value should be fewer than 255 characters.
+      "labels": { # Labels applied on the resource. This value should not contain more than 10 entries. The key and value of each entry must be non-empty and fewer than 64 characters.
+        "a_key": "A String",
+      },
+      "lastUpdateTime": "A String", # Output only. The last update time of this saved query.
+      "lastUpdater": "A String", # Output only. The account's email address who has updated this saved query most recently.
+      "name": "A String", # The resource name of the saved query. The format must be: * projects/project_number/savedQueries/saved_query_id * folders/folder_number/savedQueries/saved_query_id * organizations/organization_number/savedQueries/saved_query_id
+    },
+  ],
+}
+
+ +
+ list_next(previous_request, previous_response) + 
Retrieves the next page of results.
+
+Args:
+  previous_request: The request for the previous page. (required)
+  previous_response: The response from the request for the previous page. (required)
+
+Returns:
+  A request object that you can call 'execute()' on to request the next
+  page. Returns None if there are no more items in the collection.
+
+
+ +
+ patch(name, body=None, updateMask=None, x__xgafv=None) + 
Updates a saved query.
+
+Args:
+  name: string, The resource name of the saved query. The format must be: * projects/project_number/savedQueries/saved_query_id * folders/folder_number/savedQueries/saved_query_id * organizations/organization_number/savedQueries/saved_query_id (required)
+  body: object, The request body.
+    The object takes the form of:
+
+{ # A saved query which can be shared with others or used later.
+  "content": { # The query content. # The query content.
+    "iamPolicyAnalysisQuery": { # ## IAM policy analysis query message. # An IAM Policy Analysis query, which could be used in the AssetService.AnalyzeIamPolicy rpc or the AssetService.AnalyzeIamPolicyLongrunning rpc.
+      "accessSelector": { # Specifies roles and/or permissions to analyze, to determine both the identities possessing them and the resources they control. If multiple values are specified, results will include roles or permissions matching any of them. The total number of roles and permissions should be equal or less than 10. # Optional. Specifies roles or permissions for analysis. This is optional.
+        "permissions": [ # Optional. The permissions to appear in result.
+          "A String",
+        ],
+        "roles": [ # Optional. The roles to appear in result.
+          "A String",
+        ],
+      },
+      "conditionContext": { # The IAM conditions context. # Optional. The hypothetical context for IAM conditions evaluation.
+        "accessTime": "A String", # The hypothetical access timestamp to evaluate IAM conditions. Note that this value must not be earlier than the current time; otherwise, an INVALID_ARGUMENT error will be returned.
+      },
+      "identitySelector": { # Specifies an identity for which to determine resource access, based on roles assigned either directly to them or to the groups they belong to, directly or indirectly. # Optional. Specifies an identity for analysis.
+        "identity": "A String", # Required. The identity appear in the form of principals in [IAM policy binding](https://cloud.google.com/iam/reference/rest/v1/Binding). The examples of supported forms are: "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com". Notice that wildcard characters (such as * and ?) are not supported. You must give a specific identity.
+      },
+      "options": { # Contains query options. # Optional. The query options.
+        "analyzeServiceAccountImpersonation": True or False, # Optional. If true, the response will include access analysis from identities to resources via service account impersonation. This is a very expensive operation, because many derived queries will be executed. We highly recommend you use AssetService.AnalyzeIamPolicyLongrunning rpc instead. For example, if the request analyzes for which resources user A has permission P, and there's an IAM policy states user A has iam.serviceAccounts.getAccessToken permission to a service account SA, and there's another IAM policy states service account SA has permission P to a GCP folder F, then user A potentially has access to the GCP folder F. And those advanced analysis results will be included in AnalyzeIamPolicyResponse.service_account_impersonation_analysis. Another example, if the request analyzes for who has permission P to a GCP folder F, and there's an IAM policy states user A has iam.serviceAccounts.actAs permission to a service account SA, and there's another IAM policy states service account SA has permission P to the GCP folder F, then user A potentially has access to the GCP folder F. And those advanced analysis results will be included in AnalyzeIamPolicyResponse.service_account_impersonation_analysis. Default is false.
+        "expandGroups": True or False, # Optional. If true, the identities section of the result will expand any Google groups appearing in an IAM policy binding. If IamPolicyAnalysisQuery.identity_selector is specified, the identity in the result will be determined by the selector, and this flag is not allowed to set. Default is false.
+        "expandResources": True or False, # Optional. If true and IamPolicyAnalysisQuery.resource_selector is not specified, the resource section of the result will expand any resource attached to an IAM policy to include resources lower in the resource hierarchy. For example, if the request analyzes for which resources user A has permission P, and the results include an IAM policy with P on a GCP folder, the results will also include resources in that folder with permission P. If true and IamPolicyAnalysisQuery.resource_selector is specified, the resource section of the result will expand the specified resource to include resources lower in the resource hierarchy. Only project or lower resources are supported. Folder and organization resource cannot be used together with this option. For example, if the request analyzes for which users have permission P on a GCP project with this option enabled, the results will include all users who have permission P on that project or any lower resource. Default is false.
+        "expandRoles": True or False, # Optional. If true, the access section of result will expand any roles appearing in IAM policy bindings to include their permissions. If IamPolicyAnalysisQuery.access_selector is specified, the access section of the result will be determined by the selector, and this flag is not allowed to set. Default is false.
+        "outputGroupEdges": True or False, # Optional. If true, the result will output the relevant membership relationships between groups and other groups, and between groups and principals. Default is false.
+        "outputResourceEdges": True or False, # Optional. If true, the result will output the relevant parent/child relationships between resources. Default is false.
+      },
+      "resourceSelector": { # Specifies the resource to analyze for access policies, which may be set directly on the resource, or on ancestors such as organizations, folders or projects. # Optional. Specifies a resource for analysis.
+        "fullResourceName": "A String", # Required. The [full resource name] (https://cloud.google.com/asset-inventory/docs/resource-name-format) of a resource of [supported resource types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#analyzable_asset_types).
+      },
+      "scope": "A String", # Required. The relative name of the root asset. Only resources and IAM policies within the scope will be analyzed. This can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"). To know how to get organization id, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id). To know how to get folder or project id, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-folders#viewing_or_listing_folders_and_projects).
+    },
+  },
+  "createTime": "A String", # Output only. The create time of this saved query.
+  "creator": "A String", # Output only. The account's email address who has created this saved query.
+  "description": "A String", # The description of this saved query. This value should be fewer than 255 characters.
+  "labels": { # Labels applied on the resource. This value should not contain more than 10 entries. The key and value of each entry must be non-empty and fewer than 64 characters.
+    "a_key": "A String",
+  },
+  "lastUpdateTime": "A String", # Output only. The last update time of this saved query.
+  "lastUpdater": "A String", # Output only. The account's email address who has updated this saved query most recently.
+  "name": "A String", # The resource name of the saved query. The format must be: * projects/project_number/savedQueries/saved_query_id * folders/folder_number/savedQueries/saved_query_id * organizations/organization_number/savedQueries/saved_query_id
+}
+
+  updateMask: string, Required. The list of fields to update.
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # A saved query which can be shared with others or used later.
+  "content": { # The query content. # The query content.
+    "iamPolicyAnalysisQuery": { # ## IAM policy analysis query message. # An IAM Policy Analysis query, which could be used in the AssetService.AnalyzeIamPolicy rpc or the AssetService.AnalyzeIamPolicyLongrunning rpc.
+      "accessSelector": { # Specifies roles and/or permissions to analyze, to determine both the identities possessing them and the resources they control. If multiple values are specified, results will include roles or permissions matching any of them. The total number of roles and permissions should be equal or less than 10. # Optional. Specifies roles or permissions for analysis. This is optional.
+        "permissions": [ # Optional. The permissions to appear in result.
+          "A String",
+        ],
+        "roles": [ # Optional. The roles to appear in result.
+          "A String",
+        ],
+      },
+      "conditionContext": { # The IAM conditions context. # Optional. The hypothetical context for IAM conditions evaluation.
+        "accessTime": "A String", # The hypothetical access timestamp to evaluate IAM conditions. Note that this value must not be earlier than the current time; otherwise, an INVALID_ARGUMENT error will be returned.
+      },
+      "identitySelector": { # Specifies an identity for which to determine resource access, based on roles assigned either directly to them or to the groups they belong to, directly or indirectly. # Optional. Specifies an identity for analysis.
+        "identity": "A String", # Required. The identity appear in the form of principals in [IAM policy binding](https://cloud.google.com/iam/reference/rest/v1/Binding). The examples of supported forms are: "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com". Notice that wildcard characters (such as * and ?) are not supported. You must give a specific identity.
+      },
+      "options": { # Contains query options. # Optional. The query options.
+        "analyzeServiceAccountImpersonation": True or False, # Optional. If true, the response will include access analysis from identities to resources via service account impersonation. This is a very expensive operation, because many derived queries will be executed. We highly recommend you use AssetService.AnalyzeIamPolicyLongrunning rpc instead. For example, if the request analyzes for which resources user A has permission P, and there's an IAM policy states user A has iam.serviceAccounts.getAccessToken permission to a service account SA, and there's another IAM policy states service account SA has permission P to a GCP folder F, then user A potentially has access to the GCP folder F. And those advanced analysis results will be included in AnalyzeIamPolicyResponse.service_account_impersonation_analysis. Another example, if the request analyzes for who has permission P to a GCP folder F, and there's an IAM policy states user A has iam.serviceAccounts.actAs permission to a service account SA, and there's another IAM policy states service account SA has permission P to the GCP folder F, then user A potentially has access to the GCP folder F. And those advanced analysis results will be included in AnalyzeIamPolicyResponse.service_account_impersonation_analysis. Default is false.
+        "expandGroups": True or False, # Optional. If true, the identities section of the result will expand any Google groups appearing in an IAM policy binding. If IamPolicyAnalysisQuery.identity_selector is specified, the identity in the result will be determined by the selector, and this flag is not allowed to set. Default is false.
+        "expandResources": True or False, # Optional. If true and IamPolicyAnalysisQuery.resource_selector is not specified, the resource section of the result will expand any resource attached to an IAM policy to include resources lower in the resource hierarchy. For example, if the request analyzes for which resources user A has permission P, and the results include an IAM policy with P on a GCP folder, the results will also include resources in that folder with permission P. If true and IamPolicyAnalysisQuery.resource_selector is specified, the resource section of the result will expand the specified resource to include resources lower in the resource hierarchy. Only project or lower resources are supported. Folder and organization resource cannot be used together with this option. For example, if the request analyzes for which users have permission P on a GCP project with this option enabled, the results will include all users who have permission P on that project or any lower resource. Default is false.
+        "expandRoles": True or False, # Optional. If true, the access section of result will expand any roles appearing in IAM policy bindings to include their permissions. If IamPolicyAnalysisQuery.access_selector is specified, the access section of the result will be determined by the selector, and this flag is not allowed to set. Default is false.
+        "outputGroupEdges": True or False, # Optional. If true, the result will output the relevant membership relationships between groups and other groups, and between groups and principals. Default is false.
+        "outputResourceEdges": True or False, # Optional. If true, the result will output the relevant parent/child relationships between resources. Default is false.
+      },
+      "resourceSelector": { # Specifies the resource to analyze for access policies, which may be set directly on the resource, or on ancestors such as organizations, folders or projects. # Optional. Specifies a resource for analysis.
+        "fullResourceName": "A String", # Required. The [full resource name] (https://cloud.google.com/asset-inventory/docs/resource-name-format) of a resource of [supported resource types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#analyzable_asset_types).
+      },
+      "scope": "A String", # Required. The relative name of the root asset. Only resources and IAM policies within the scope will be analyzed. This can only be an organization number (such as "organizations/123"), a folder number (such as "folders/123"), a project ID (such as "projects/my-project-id"), or a project number (such as "projects/12345"). To know how to get organization id, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id). To know how to get folder or project id, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-folders#viewing_or_listing_folders_and_projects).
+    },
+  },
+  "createTime": "A String", # Output only. The create time of this saved query.
+  "creator": "A String", # Output only. The account's email address who has created this saved query.
+  "description": "A String", # The description of this saved query. This value should be fewer than 255 characters.
+  "labels": { # Labels applied on the resource. This value should not contain more than 10 entries. The key and value of each entry must be non-empty and fewer than 64 characters.
+    "a_key": "A String",
+  },
+  "lastUpdateTime": "A String", # Output only. The last update time of this saved query.
+  "lastUpdater": "A String", # Output only. The account's email address who has updated this saved query most recently.
+  "name": "A String", # The resource name of the saved query. The format must be: * projects/project_number/savedQueries/saved_query_id * folders/folder_number/savedQueries/saved_query_id * organizations/organization_number/savedQueries/saved_query_id
+}
+
+ + \ No newline at end of file diff --git a/docs/dyn/cloudasset_v1.v1.html b/docs/dyn/cloudasset_v1.v1.html index 472a4213313..4d5191f15e9 100644 --- a/docs/dyn/cloudasset_v1.v1.html +++ b/docs/dyn/cloudasset_v1.v1.html @@ -75,7 +75,7 @@

Cloud Asset API . v1

Instance Methods

- analyzeIamPolicy(scope, analysisQuery_accessSelector_permissions=None, analysisQuery_accessSelector_roles=None, analysisQuery_conditionContext_accessTime=None, analysisQuery_identitySelector_identity=None, analysisQuery_options_analyzeServiceAccountImpersonation=None, analysisQuery_options_expandGroups=None, analysisQuery_options_expandResources=None, analysisQuery_options_expandRoles=None, analysisQuery_options_outputGroupEdges=None, analysisQuery_options_outputResourceEdges=None, analysisQuery_resourceSelector_fullResourceName=None, executionTimeout=None, x__xgafv=None)

+ analyzeIamPolicy(scope, analysisQuery_accessSelector_permissions=None, analysisQuery_accessSelector_roles=None, analysisQuery_conditionContext_accessTime=None, analysisQuery_identitySelector_identity=None, analysisQuery_options_analyzeServiceAccountImpersonation=None, analysisQuery_options_expandGroups=None, analysisQuery_options_expandResources=None, analysisQuery_options_expandRoles=None, analysisQuery_options_outputGroupEdges=None, analysisQuery_options_outputResourceEdges=None, analysisQuery_resourceSelector_fullResourceName=None, executionTimeout=None, savedAnalysisQuery=None, x__xgafv=None)

Analyzes IAM policies to answer which identities have what accesses on which resources.

analyzeIamPolicyLongrunning(scope, body=None, x__xgafv=None)

@@ -106,7 +106,7 @@

Instance Methods

Retrieves the next page of results.

Method Details

- analyzeIamPolicy(scope, analysisQuery_accessSelector_permissions=None, analysisQuery_accessSelector_roles=None, analysisQuery_conditionContext_accessTime=None, analysisQuery_identitySelector_identity=None, analysisQuery_options_analyzeServiceAccountImpersonation=None, analysisQuery_options_expandGroups=None, analysisQuery_options_expandResources=None, analysisQuery_options_expandRoles=None, analysisQuery_options_outputGroupEdges=None, analysisQuery_options_outputResourceEdges=None, analysisQuery_resourceSelector_fullResourceName=None, executionTimeout=None, x__xgafv=None) + analyzeIamPolicy(scope, analysisQuery_accessSelector_permissions=None, analysisQuery_accessSelector_roles=None, analysisQuery_conditionContext_accessTime=None, analysisQuery_identitySelector_identity=None, analysisQuery_options_analyzeServiceAccountImpersonation=None, analysisQuery_options_expandGroups=None, analysisQuery_options_expandResources=None, analysisQuery_options_expandRoles=None, analysisQuery_options_outputGroupEdges=None, analysisQuery_options_outputResourceEdges=None, analysisQuery_resourceSelector_fullResourceName=None, executionTimeout=None, savedAnalysisQuery=None, x__xgafv=None) 
Analyzes IAM policies to answer which identities have what accesses on which resources.
 
 Args:
@@ -123,6 +123,7 @@ 
Method Details

   analysisQuery_options_outputResourceEdges: boolean, Optional. If true, the result will output the relevant parent/child relationships between resources. Default is false.
   analysisQuery_resourceSelector_fullResourceName: string, Required. The [full resource name] (https://cloud.google.com/asset-inventory/docs/resource-name-format) of a resource of [supported resource types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#analyzable_asset_types).
   executionTimeout: string, Optional. Amount of time executable has to complete. See JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json). If this field is set with a value less than the RPC deadline, and the execution of your query hasn't finished in the specified execution timeout, you will get a response with partial result. Otherwise, your query's execution will continue until the RPC deadline. If it's not finished until then, you will get a DEADLINE_EXCEEDED error. Default is empty.
+  savedAnalysisQuery: string, Optional. The name of a saved query, which must be in the format of: * projects/project_number/savedQueries/saved_query_id * folders/folder_number/savedQueries/saved_query_id * organizations/organization_number/savedQueries/saved_query_id If both `analysis_query` and `saved_analysis_query` are provided, they will be merged together with the `saved_analysis_query` as base and the `analysis_query` as overrides. For more details of the merge behavior, please refer to the [MergeFrom](https://developers.google.com/protocol-buffers/docs/reference/cpp/google.protobuf.message#Message.MergeFrom.details) page. Note that you cannot override primitive fields with default value, such as 0 or empty string, etc., because we use proto3, which doesn't support field presence yet.
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
@@ -395,6 +396,7 @@ 
Method Details

       "uri": "A String", # Required. The uri of the Cloud Storage object. It's the same uri that is used by gsutil. Example: "gs://bucket_name/object_name". See [Viewing and Editing Object Metadata](https://cloud.google.com/storage/docs/viewing-editing-metadata) for more information. If the specified Cloud Storage object already exists and there is no [hold](https://cloud.google.com/storage/docs/object-holds), it will be overwritten with the analysis result.
     },
   },
+  "savedAnalysisQuery": "A String", # Optional. The name of a saved query, which must be in the format of: * projects/project_number/savedQueries/saved_query_id * folders/folder_number/savedQueries/saved_query_id * organizations/organization_number/savedQueries/saved_query_id If both `analysis_query` and `saved_analysis_query` are provided, they will be merged together with the `saved_analysis_query` as base and the `analysis_query` as overrides. For more details of the merge behavior, please refer to the [MergeFrom](https://developers.google.com/protocol-buffers/docs/reference/cpp/google.protobuf.message#Message.MergeFrom.details) doc. Note that you cannot override primitive fields with default value, such as 0 or empty string, etc., because we use proto3, which doesn't support field presence yet.
 }
 
   x__xgafv: string, V1 error format.
diff --git a/docs/dyn/cloudfunctions_v1.projects.locations.functions.html b/docs/dyn/cloudfunctions_v1.projects.locations.functions.html
index b629d95f468..ba6de2da522 100644
--- a/docs/dyn/cloudfunctions_v1.projects.locations.functions.html
+++ b/docs/dyn/cloudfunctions_v1.projects.locations.functions.html
@@ -165,6 +165,7 @@ 
Method Details

   "buildName": "A String", # Output only. The Cloud Build Name of the function deployment. `projects//locations//builds/`.
   "buildWorkerPool": "A String", # Name of the Cloud Build Custom Worker Pool that should be used to build the function. The format of this field is `projects/{project}/locations/{region}/workerPools/{workerPool}` where `{project}` and `{region}` are the project id and region respectively where the worker pool is defined and `{workerPool}` is the short name of the worker pool. If the project id is not the same as the function, then the Cloud Functions Service Agent (`service-@gcf-admin-robot.iam.gserviceaccount.com`) must be granted the role Cloud Build Custom Workers Builder (`roles/cloudbuild.customworkers.builder`) in the project.
   "description": "A String", # User-provided description of a function.
+  "dockerRepository": "A String", # User managed repository created in Artifact Registry optionally with a customer managed encryption key. If specified, deployments will use Artifact Registry. If unspecified and the deployment is eligible to use Artifact Registry, GCF will create and use a repository named 'gcf-artifacts' for every deployed region. This is the repository to which the function docker image will be pushed after it is built by Cloud Build. It must match the pattern `projects/{project}/locations/{location}/repositories/{repository}`. Cross-project repositories are not supported. Cross-location repositories are not supported. Repository format must be 'DOCKER'.
   "entryPoint": "A String", # The name of the function (as defined in source code) that will be executed. Defaults to the resource name suffix, if not specified. For backward compatibility, if function with given name is not found, then the system will try to use function named "function". For Node.js this is name of a function exported by the module specified in `source_location`.
   "environmentVariables": { # Environment variables that shall be available during function execution.
     "a_key": "A String",
@@ -183,6 +184,7 @@ 
Method Details

     "url": "A String", # Output only. The deployed url for the function.
   },
   "ingressSettings": "A String", # The ingress settings for the function, controlling what traffic can reach it.
+  "kmsKeyName": "A String", # Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources. It must match the pattern `projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}`. If specified, you must also provide an artifact registry repository using the `docker_repository` field that was created with the same KMS crypto key. The following service accounts need to be granted the role 'Cloud KMS CryptoKey Encrypter/Decrypter (roles/cloudkms.cryptoKeyEncrypterDecrypter)' on the Key/KeyRing/Project/Organization (least access preferred). 1. Google Cloud Functions service account (service-{project_number}@gcf-admin-robot.iam.gserviceaccount.com) - Required to protect the function's image. 2. Google Storage service account (service-{project_number}@gs-project-accounts.iam.gserviceaccount.com) - Required to protect the function's source code. If this service account does not exist, deploying a function without a KMS key or retrieving the service agent name provisions it. For more information, see https://cloud.google.com/storage/docs/projects#service-agents and https://cloud.google.com/storage/docs/getting-service-agent#gsutil. Google Cloud Functions delegates access to service agents to protect function resources in internal projects that are not accessible by the end user.
   "labels": { # Labels associated with this Cloud Function.
     "a_key": "A String",
   },
@@ -366,6 +368,7 @@ 
Method Details

   "buildName": "A String", # Output only. The Cloud Build Name of the function deployment. `projects//locations//builds/`.
   "buildWorkerPool": "A String", # Name of the Cloud Build Custom Worker Pool that should be used to build the function. The format of this field is `projects/{project}/locations/{region}/workerPools/{workerPool}` where `{project}` and `{region}` are the project id and region respectively where the worker pool is defined and `{workerPool}` is the short name of the worker pool. If the project id is not the same as the function, then the Cloud Functions Service Agent (`service-@gcf-admin-robot.iam.gserviceaccount.com`) must be granted the role Cloud Build Custom Workers Builder (`roles/cloudbuild.customworkers.builder`) in the project.
   "description": "A String", # User-provided description of a function.
+  "dockerRepository": "A String", # User managed repository created in Artifact Registry optionally with a customer managed encryption key. If specified, deployments will use Artifact Registry. If unspecified and the deployment is eligible to use Artifact Registry, GCF will create and use a repository named 'gcf-artifacts' for every deployed region. This is the repository to which the function docker image will be pushed after it is built by Cloud Build. It must match the pattern `projects/{project}/locations/{location}/repositories/{repository}`. Cross-project repositories are not supported. Cross-location repositories are not supported. Repository format must be 'DOCKER'.
   "entryPoint": "A String", # The name of the function (as defined in source code) that will be executed. Defaults to the resource name suffix, if not specified. For backward compatibility, if function with given name is not found, then the system will try to use function named "function". For Node.js this is name of a function exported by the module specified in `source_location`.
   "environmentVariables": { # Environment variables that shall be available during function execution.
     "a_key": "A String",
@@ -384,6 +387,7 @@ 
Method Details

     "url": "A String", # Output only. The deployed url for the function.
   },
   "ingressSettings": "A String", # The ingress settings for the function, controlling what traffic can reach it.
+  "kmsKeyName": "A String", # Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources. It must match the pattern `projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}`. If specified, you must also provide an artifact registry repository using the `docker_repository` field that was created with the same KMS crypto key. The following service accounts need to be granted the role 'Cloud KMS CryptoKey Encrypter/Decrypter (roles/cloudkms.cryptoKeyEncrypterDecrypter)' on the Key/KeyRing/Project/Organization (least access preferred). 1. Google Cloud Functions service account (service-{project_number}@gcf-admin-robot.iam.gserviceaccount.com) - Required to protect the function's image. 2. Google Storage service account (service-{project_number}@gs-project-accounts.iam.gserviceaccount.com) - Required to protect the function's source code. If this service account does not exist, deploying a function without a KMS key or retrieving the service agent name provisions it. For more information, see https://cloud.google.com/storage/docs/projects#service-agents and https://cloud.google.com/storage/docs/getting-service-agent#gsutil. Google Cloud Functions delegates access to service agents to protect function resources in internal projects that are not accessible by the end user.
   "labels": { # Labels associated with this Cloud Function.
     "a_key": "A String",
   },
@@ -436,7 +440,7 @@ 
Method Details

 
 Args:
   resource: string, REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. (required)
-  options_requestedPolicyVersion: integer, Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  options_requestedPolicyVersion: integer, Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
@@ -505,6 +509,7 @@ 
Method Details

       "buildName": "A String", # Output only. The Cloud Build Name of the function deployment. `projects//locations//builds/`.
       "buildWorkerPool": "A String", # Name of the Cloud Build Custom Worker Pool that should be used to build the function. The format of this field is `projects/{project}/locations/{region}/workerPools/{workerPool}` where `{project}` and `{region}` are the project id and region respectively where the worker pool is defined and `{workerPool}` is the short name of the worker pool. If the project id is not the same as the function, then the Cloud Functions Service Agent (`service-@gcf-admin-robot.iam.gserviceaccount.com`) must be granted the role Cloud Build Custom Workers Builder (`roles/cloudbuild.customworkers.builder`) in the project.
       "description": "A String", # User-provided description of a function.
+      "dockerRepository": "A String", # User managed repository created in Artifact Registry optionally with a customer managed encryption key. If specified, deployments will use Artifact Registry. If unspecified and the deployment is eligible to use Artifact Registry, GCF will create and use a repository named 'gcf-artifacts' for every deployed region. This is the repository to which the function docker image will be pushed after it is built by Cloud Build. It must match the pattern `projects/{project}/locations/{location}/repositories/{repository}`. Cross-project repositories are not supported. Cross-location repositories are not supported. Repository format must be 'DOCKER'.
       "entryPoint": "A String", # The name of the function (as defined in source code) that will be executed. Defaults to the resource name suffix, if not specified. For backward compatibility, if function with given name is not found, then the system will try to use function named "function". For Node.js this is name of a function exported by the module specified in `source_location`.
       "environmentVariables": { # Environment variables that shall be available during function execution.
         "a_key": "A String",
@@ -523,6 +528,7 @@ 
Method Details

         "url": "A String", # Output only. The deployed url for the function.
       },
       "ingressSettings": "A String", # The ingress settings for the function, controlling what traffic can reach it.
+      "kmsKeyName": "A String", # Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources. It must match the pattern `projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}`. If specified, you must also provide an artifact registry repository using the `docker_repository` field that was created with the same KMS crypto key. The following service accounts need to be granted the role 'Cloud KMS CryptoKey Encrypter/Decrypter (roles/cloudkms.cryptoKeyEncrypterDecrypter)' on the Key/KeyRing/Project/Organization (least access preferred). 1. Google Cloud Functions service account (service-{project_number}@gcf-admin-robot.iam.gserviceaccount.com) - Required to protect the function's image. 2. Google Storage service account (service-{project_number}@gs-project-accounts.iam.gserviceaccount.com) - Required to protect the function's source code. If this service account does not exist, deploying a function without a KMS key or retrieving the service agent name provisions it. For more information, see https://cloud.google.com/storage/docs/projects#service-agents and https://cloud.google.com/storage/docs/getting-service-agent#gsutil. Google Cloud Functions delegates access to service agents to protect function resources in internal projects that are not accessible by the end user.
       "labels": { # Labels associated with this Cloud Function.
         "a_key": "A String",
       },
@@ -607,6 +613,7 @@ 
Method Details

   "buildName": "A String", # Output only. The Cloud Build Name of the function deployment. `projects//locations//builds/`.
   "buildWorkerPool": "A String", # Name of the Cloud Build Custom Worker Pool that should be used to build the function. The format of this field is `projects/{project}/locations/{region}/workerPools/{workerPool}` where `{project}` and `{region}` are the project id and region respectively where the worker pool is defined and `{workerPool}` is the short name of the worker pool. If the project id is not the same as the function, then the Cloud Functions Service Agent (`service-@gcf-admin-robot.iam.gserviceaccount.com`) must be granted the role Cloud Build Custom Workers Builder (`roles/cloudbuild.customworkers.builder`) in the project.
   "description": "A String", # User-provided description of a function.
+  "dockerRepository": "A String", # User managed repository created in Artifact Registry optionally with a customer managed encryption key. If specified, deployments will use Artifact Registry. If unspecified and the deployment is eligible to use Artifact Registry, GCF will create and use a repository named 'gcf-artifacts' for every deployed region. This is the repository to which the function docker image will be pushed after it is built by Cloud Build. It must match the pattern `projects/{project}/locations/{location}/repositories/{repository}`. Cross-project repositories are not supported. Cross-location repositories are not supported. Repository format must be 'DOCKER'.
   "entryPoint": "A String", # The name of the function (as defined in source code) that will be executed. Defaults to the resource name suffix, if not specified. For backward compatibility, if function with given name is not found, then the system will try to use function named "function". For Node.js this is name of a function exported by the module specified in `source_location`.
   "environmentVariables": { # Environment variables that shall be available during function execution.
     "a_key": "A String",
@@ -625,6 +632,7 @@ 
Method Details

     "url": "A String", # Output only. The deployed url for the function.
   },
   "ingressSettings": "A String", # The ingress settings for the function, controlling what traffic can reach it.
+  "kmsKeyName": "A String", # Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources. It must match the pattern `projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}`. If specified, you must also provide an artifact registry repository using the `docker_repository` field that was created with the same KMS crypto key. The following service accounts need to be granted the role 'Cloud KMS CryptoKey Encrypter/Decrypter (roles/cloudkms.cryptoKeyEncrypterDecrypter)' on the Key/KeyRing/Project/Organization (least access preferred). 1. Google Cloud Functions service account (service-{project_number}@gcf-admin-robot.iam.gserviceaccount.com) - Required to protect the function's image. 2. Google Storage service account (service-{project_number}@gs-project-accounts.iam.gserviceaccount.com) - Required to protect the function's source code. If this service account does not exist, deploying a function without a KMS key or retrieving the service agent name provisions it. For more information, see https://cloud.google.com/storage/docs/projects#service-agents and https://cloud.google.com/storage/docs/getting-service-agent#gsutil. Google Cloud Functions delegates access to service agents to protect function resources in internal projects that are not accessible by the end user.
   "labels": { # Labels associated with this Cloud Function.
     "a_key": "A String",
   },
diff --git a/docs/dyn/cloudkms_v1.projects.locations.keyRings.cryptoKeys.html b/docs/dyn/cloudkms_v1.projects.locations.keyRings.cryptoKeys.html
index 2516ecf2408..cf496713fc9 100644
--- a/docs/dyn/cloudkms_v1.projects.locations.keyRings.cryptoKeys.html
+++ b/docs/dyn/cloudkms_v1.projects.locations.keyRings.cryptoKeys.html
@@ -375,7 +375,7 @@ 
Method Details

 
 Args:
   resource: string, REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. (required)
-  options_requestedPolicyVersion: integer, Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  options_requestedPolicyVersion: integer, Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
diff --git a/docs/dyn/cloudkms_v1.projects.locations.keyRings.html b/docs/dyn/cloudkms_v1.projects.locations.keyRings.html
index f0d4a464d88..845c3680f8f 100644
--- a/docs/dyn/cloudkms_v1.projects.locations.keyRings.html
+++ b/docs/dyn/cloudkms_v1.projects.locations.keyRings.html
@@ -169,7 +169,7 @@ 
Method Details

 
 Args:
   resource: string, REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. (required)
-  options_requestedPolicyVersion: integer, Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  options_requestedPolicyVersion: integer, Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
diff --git a/docs/dyn/cloudkms_v1.projects.locations.keyRings.importJobs.html b/docs/dyn/cloudkms_v1.projects.locations.keyRings.importJobs.html
index 394a0da6c49..2dd53acce60 100644
--- a/docs/dyn/cloudkms_v1.projects.locations.keyRings.importJobs.html
+++ b/docs/dyn/cloudkms_v1.projects.locations.keyRings.importJobs.html
@@ -231,7 +231,7 @@ 
Method Details

 
 Args:
   resource: string, REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. (required)
-  options_requestedPolicyVersion: integer, Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  options_requestedPolicyVersion: integer, Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
diff --git a/docs/dyn/cloudresourcemanager_v1.organizations.html b/docs/dyn/cloudresourcemanager_v1.organizations.html
index 92d3a64fa13..7e8f68727df 100644
--- a/docs/dyn/cloudresourcemanager_v1.organizations.html
+++ b/docs/dyn/cloudresourcemanager_v1.organizations.html
@@ -232,7 +232,7 @@ 
Method Details

 
 { # Request message for `GetIamPolicy` method.
   "options": { # Encapsulates settings provided to GetIamPolicy. # OPTIONAL: A `GetPolicyOptions` object for specifying options to `GetIamPolicy`.
-    "requestedPolicyVersion": 42, # Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+    "requestedPolicyVersion": 42, # Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   },
 }
 
diff --git a/docs/dyn/cloudresourcemanager_v1.projects.html b/docs/dyn/cloudresourcemanager_v1.projects.html
index fc2518ce350..277a2cc0a57 100644
--- a/docs/dyn/cloudresourcemanager_v1.projects.html
+++ b/docs/dyn/cloudresourcemanager_v1.projects.html
@@ -354,7 +354,7 @@ 
Method Details

 
 { # Request message for `GetIamPolicy` method.
   "options": { # Encapsulates settings provided to GetIamPolicy. # OPTIONAL: A `GetPolicyOptions` object for specifying options to `GetIamPolicy`.
-    "requestedPolicyVersion": 42, # Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+    "requestedPolicyVersion": 42, # Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   },
 }
 
diff --git a/docs/dyn/cloudresourcemanager_v1beta1.organizations.html b/docs/dyn/cloudresourcemanager_v1beta1.organizations.html
index c55abba6786..bae9bc5dff1 100644
--- a/docs/dyn/cloudresourcemanager_v1beta1.organizations.html
+++ b/docs/dyn/cloudresourcemanager_v1beta1.organizations.html
@@ -142,7 +142,7 @@ 
Method Details

 
 { # Request message for `GetIamPolicy` method.
   "options": { # Encapsulates settings provided to GetIamPolicy. # OPTIONAL: A `GetPolicyOptions` object for specifying options to `GetIamPolicy`.
-    "requestedPolicyVersion": 42, # Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+    "requestedPolicyVersion": 42, # Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   },
 }
 
diff --git a/docs/dyn/cloudresourcemanager_v1beta1.projects.html b/docs/dyn/cloudresourcemanager_v1beta1.projects.html
index bbfd78a975c..e39fc799f05 100644
--- a/docs/dyn/cloudresourcemanager_v1beta1.projects.html
+++ b/docs/dyn/cloudresourcemanager_v1beta1.projects.html
@@ -255,7 +255,7 @@ 
Method Details

 
 { # Request message for `GetIamPolicy` method.
   "options": { # Encapsulates settings provided to GetIamPolicy. # OPTIONAL: A `GetPolicyOptions` object for specifying options to `GetIamPolicy`.
-    "requestedPolicyVersion": 42, # Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+    "requestedPolicyVersion": 42, # Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   },
 }
 
diff --git a/docs/dyn/cloudresourcemanager_v2.folders.html b/docs/dyn/cloudresourcemanager_v2.folders.html
index a8e57512f94..d34b91c2078 100644
--- a/docs/dyn/cloudresourcemanager_v2.folders.html
+++ b/docs/dyn/cloudresourcemanager_v2.folders.html
@@ -225,7 +225,7 @@ 
Method Details

 
 { # Request message for `GetIamPolicy` method.
   "options": { # Encapsulates settings provided to GetIamPolicy. # OPTIONAL: A `GetPolicyOptions` object for specifying options to `GetIamPolicy`.
-    "requestedPolicyVersion": 42, # Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+    "requestedPolicyVersion": 42, # Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   },
 }
 
diff --git a/docs/dyn/cloudresourcemanager_v2beta1.folders.html b/docs/dyn/cloudresourcemanager_v2beta1.folders.html
index 3a5a4845599..643f900a53a 100644
--- a/docs/dyn/cloudresourcemanager_v2beta1.folders.html
+++ b/docs/dyn/cloudresourcemanager_v2beta1.folders.html
@@ -225,7 +225,7 @@ 
Method Details

 
 { # Request message for `GetIamPolicy` method.
   "options": { # Encapsulates settings provided to GetIamPolicy. # OPTIONAL: A `GetPolicyOptions` object for specifying options to `GetIamPolicy`.
-    "requestedPolicyVersion": 42, # Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+    "requestedPolicyVersion": 42, # Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   },
 }
 
diff --git a/docs/dyn/cloudresourcemanager_v3.folders.html b/docs/dyn/cloudresourcemanager_v3.folders.html
index 80d7664f190..5c1bee6c54c 100644
--- a/docs/dyn/cloudresourcemanager_v3.folders.html
+++ b/docs/dyn/cloudresourcemanager_v3.folders.html
@@ -242,7 +242,7 @@ 
Method Details

 
 { # Request message for `GetIamPolicy` method.
   "options": { # Encapsulates settings provided to GetIamPolicy. # OPTIONAL: A `GetPolicyOptions` object for specifying options to `GetIamPolicy`.
-    "requestedPolicyVersion": 42, # Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+    "requestedPolicyVersion": 42, # Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   },
 }
 
diff --git a/docs/dyn/cloudresourcemanager_v3.organizations.html b/docs/dyn/cloudresourcemanager_v3.organizations.html
index 2a450273da6..5ece80d52c2 100644
--- a/docs/dyn/cloudresourcemanager_v3.organizations.html
+++ b/docs/dyn/cloudresourcemanager_v3.organizations.html
@@ -138,7 +138,7 @@ 
Method Details

 
 { # Request message for `GetIamPolicy` method.
   "options": { # Encapsulates settings provided to GetIamPolicy. # OPTIONAL: A `GetPolicyOptions` object for specifying options to `GetIamPolicy`.
-    "requestedPolicyVersion": 42, # Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+    "requestedPolicyVersion": 42, # Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   },
 }
 
diff --git a/docs/dyn/cloudresourcemanager_v3.projects.html b/docs/dyn/cloudresourcemanager_v3.projects.html
index 715f286b499..4e79297cf91 100644
--- a/docs/dyn/cloudresourcemanager_v3.projects.html
+++ b/docs/dyn/cloudresourcemanager_v3.projects.html
@@ -250,7 +250,7 @@ 
Method Details

 
 { # Request message for `GetIamPolicy` method.
   "options": { # Encapsulates settings provided to GetIamPolicy. # OPTIONAL: A `GetPolicyOptions` object for specifying options to `GetIamPolicy`.
-    "requestedPolicyVersion": 42, # Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+    "requestedPolicyVersion": 42, # Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   },
 }
 
diff --git a/docs/dyn/cloudresourcemanager_v3.tagKeys.html b/docs/dyn/cloudresourcemanager_v3.tagKeys.html
index ba0b9d27e96..6c2abd065df 100644
--- a/docs/dyn/cloudresourcemanager_v3.tagKeys.html
+++ b/docs/dyn/cloudresourcemanager_v3.tagKeys.html
@@ -233,7 +233,7 @@ 
Method Details

 
 { # Request message for `GetIamPolicy` method.
   "options": { # Encapsulates settings provided to GetIamPolicy. # OPTIONAL: A `GetPolicyOptions` object for specifying options to `GetIamPolicy`.
-    "requestedPolicyVersion": 42, # Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+    "requestedPolicyVersion": 42, # Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   },
 }
 
diff --git a/docs/dyn/cloudresourcemanager_v3.tagValues.html b/docs/dyn/cloudresourcemanager_v3.tagValues.html
index cff3826e971..3abf842b901 100644
--- a/docs/dyn/cloudresourcemanager_v3.tagValues.html
+++ b/docs/dyn/cloudresourcemanager_v3.tagValues.html
@@ -233,7 +233,7 @@ 
Method Details

 
 { # Request message for `GetIamPolicy` method.
   "options": { # Encapsulates settings provided to GetIamPolicy. # OPTIONAL: A `GetPolicyOptions` object for specifying options to `GetIamPolicy`.
-    "requestedPolicyVersion": 42, # Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+    "requestedPolicyVersion": 42, # Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   },
 }
 
diff --git a/docs/dyn/compute_alpha.addresses.html b/docs/dyn/compute_alpha.addresses.html
index de74b3e62c5..808846991b1 100644
--- a/docs/dyn/compute_alpha.addresses.html
+++ b/docs/dyn/compute_alpha.addresses.html
@@ -243,9 +243,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -384,9 +381,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -542,9 +536,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.autoscalers.html b/docs/dyn/compute_alpha.autoscalers.html
index d501f10862e..9772d989312 100644
--- a/docs/dyn/compute_alpha.autoscalers.html
+++ b/docs/dyn/compute_alpha.autoscalers.html
@@ -295,9 +295,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -534,9 +531,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -810,9 +804,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -989,9 +980,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.backendBuckets.html b/docs/dyn/compute_alpha.backendBuckets.html
index 0a14bcae703..70f66241329 100644
--- a/docs/dyn/compute_alpha.backendBuckets.html
+++ b/docs/dyn/compute_alpha.backendBuckets.html
@@ -160,9 +160,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -232,9 +229,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -300,9 +294,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -364,7 +355,7 @@ 
Method Details

       ],
     },
     "cacheMode": "A String", # Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS Requires the origin to set valid caching headers to cache content. Responses without these headers will not be cached at Google's edge, and will require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server. FORCE_CACHE_ALL Cache all content, ignoring any "private", "no-store" or "no-cache" directives in Cache-Control response headers. Warning: this may result in Cloud CDN caching private, per-user (user identifiable) content. CACHE_ALL_STATIC Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), will not be cached.
-    "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 31,622,400s (1 year).
+    "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 86400s (1 day).
     "defaultTtl": 42, # Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). Setting a TTL of "0" means "always revalidate". The value of defaultTTL cannot be set to a value greater than that of maxTTL, but can be equal. When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
     "maxTtl": 42, # Specifies the maximum allowed TTL for cached content served by this origin. Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTTL seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. Headers sent to the client will not be modified. Setting a TTL of "0" means "always revalidate". The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
     "negativeCaching": True or False, # Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. When the cache mode is set to CACHE_ALL_STATIC or USE_ORIGIN_HEADERS, negative caching applies to responses with the specified response code that lack any Cache-Control, Expires, or Pragma: no-cache directives. When the cache mode is set to FORCE_CACHE_ALL, negative caching applies to all responses with the specified response code, and override any caching headers. By default, Cloud CDN will apply the following default TTLs to these status codes: HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s HTTP 405 (Method Not Found), 421 (Misdirected Request), 501 (Not Implemented): 60s. These defaults can be overridden in negative_caching_policy.
@@ -527,7 +518,7 @@ 
Method Details

       ],
     },
     "cacheMode": "A String", # Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS Requires the origin to set valid caching headers to cache content. Responses without these headers will not be cached at Google's edge, and will require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server. FORCE_CACHE_ALL Cache all content, ignoring any "private", "no-store" or "no-cache" directives in Cache-Control response headers. Warning: this may result in Cloud CDN caching private, per-user (user identifiable) content. CACHE_ALL_STATIC Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), will not be cached.
-    "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 31,622,400s (1 year).
+    "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 86400s (1 day).
     "defaultTtl": 42, # Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). Setting a TTL of "0" means "always revalidate". The value of defaultTTL cannot be set to a value greater than that of maxTTL, but can be equal. When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
     "maxTtl": 42, # Specifies the maximum allowed TTL for cached content served by this origin. Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTTL seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. Headers sent to the client will not be modified. Setting a TTL of "0" means "always revalidate". The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
     "negativeCaching": True or False, # Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. When the cache mode is set to CACHE_ALL_STATIC or USE_ORIGIN_HEADERS, negative caching applies to responses with the specified response code that lack any Cache-Control, Expires, or Pragma: no-cache directives. When the cache mode is set to FORCE_CACHE_ALL, negative caching applies to all responses with the specified response code, and override any caching headers. By default, Cloud CDN will apply the following default TTLs to these status codes: HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s HTTP 405 (Method Not Found), 421 (Misdirected Request), 501 (Not Implemented): 60s. These defaults can be overridden in negative_caching_policy.
@@ -587,9 +578,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -658,7 +646,7 @@ 
Method Details

           ],
         },
         "cacheMode": "A String", # Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS Requires the origin to set valid caching headers to cache content. Responses without these headers will not be cached at Google's edge, and will require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server. FORCE_CACHE_ALL Cache all content, ignoring any "private", "no-store" or "no-cache" directives in Cache-Control response headers. Warning: this may result in Cloud CDN caching private, per-user (user identifiable) content. CACHE_ALL_STATIC Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), will not be cached.
-        "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 31,622,400s (1 year).
+        "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 86400s (1 day).
         "defaultTtl": 42, # Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). Setting a TTL of "0" means "always revalidate". The value of defaultTTL cannot be set to a value greater than that of maxTTL, but can be equal. When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
         "maxTtl": 42, # Specifies the maximum allowed TTL for cached content served by this origin. Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTTL seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. Headers sent to the client will not be modified. Setting a TTL of "0" means "always revalidate". The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
         "negativeCaching": True or False, # Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. When the cache mode is set to CACHE_ALL_STATIC or USE_ORIGIN_HEADERS, negative caching applies to responses with the specified response code that lack any Cache-Control, Expires, or Pragma: no-cache directives. When the cache mode is set to FORCE_CACHE_ALL, negative caching applies to all responses with the specified response code, and override any caching headers. By default, Cloud CDN will apply the following default TTLs to these status codes: HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s HTTP 405 (Method Not Found), 421 (Misdirected Request), 501 (Not Implemented): 60s. These defaults can be overridden in negative_caching_policy.
@@ -747,7 +735,7 @@ 
Method Details

       ],
     },
     "cacheMode": "A String", # Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS Requires the origin to set valid caching headers to cache content. Responses without these headers will not be cached at Google's edge, and will require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server. FORCE_CACHE_ALL Cache all content, ignoring any "private", "no-store" or "no-cache" directives in Cache-Control response headers. Warning: this may result in Cloud CDN caching private, per-user (user identifiable) content. CACHE_ALL_STATIC Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), will not be cached.
-    "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 31,622,400s (1 year).
+    "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 86400s (1 day).
     "defaultTtl": 42, # Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). Setting a TTL of "0" means "always revalidate". The value of defaultTTL cannot be set to a value greater than that of maxTTL, but can be equal. When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
     "maxTtl": 42, # Specifies the maximum allowed TTL for cached content served by this origin. Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTTL seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. Headers sent to the client will not be modified. Setting a TTL of "0" means "always revalidate". The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
     "negativeCaching": True or False, # Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. When the cache mode is set to CACHE_ALL_STATIC or USE_ORIGIN_HEADERS, negative caching applies to responses with the specified response code that lack any Cache-Control, Expires, or Pragma: no-cache directives. When the cache mode is set to FORCE_CACHE_ALL, negative caching applies to all responses with the specified response code, and override any caching headers. By default, Cloud CDN will apply the following default TTLs to these status codes: HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s HTTP 405 (Method Not Found), 421 (Misdirected Request), 501 (Not Implemented): 60s. These defaults can be overridden in negative_caching_policy.
@@ -807,9 +795,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -881,9 +866,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1182,7 +1164,7 @@ 
Method Details

       ],
     },
     "cacheMode": "A String", # Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS Requires the origin to set valid caching headers to cache content. Responses without these headers will not be cached at Google's edge, and will require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server. FORCE_CACHE_ALL Cache all content, ignoring any "private", "no-store" or "no-cache" directives in Cache-Control response headers. Warning: this may result in Cloud CDN caching private, per-user (user identifiable) content. CACHE_ALL_STATIC Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), will not be cached.
-    "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 31,622,400s (1 year).
+    "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 86400s (1 day).
     "defaultTtl": 42, # Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). Setting a TTL of "0" means "always revalidate". The value of defaultTTL cannot be set to a value greater than that of maxTTL, but can be equal. When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
     "maxTtl": 42, # Specifies the maximum allowed TTL for cached content served by this origin. Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTTL seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. Headers sent to the client will not be modified. Setting a TTL of "0" means "always revalidate". The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
     "negativeCaching": True or False, # Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. When the cache mode is set to CACHE_ALL_STATIC or USE_ORIGIN_HEADERS, negative caching applies to responses with the specified response code that lack any Cache-Control, Expires, or Pragma: no-cache directives. When the cache mode is set to FORCE_CACHE_ALL, negative caching applies to all responses with the specified response code, and override any caching headers. By default, Cloud CDN will apply the following default TTLs to these status codes: HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s HTTP 405 (Method Not Found), 421 (Misdirected Request), 501 (Not Implemented): 60s. These defaults can be overridden in negative_caching_policy.
@@ -1242,9 +1224,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.backendServices.html b/docs/dyn/compute_alpha.backendServices.html
index 68309e49361..27690279c3d 100644
--- a/docs/dyn/compute_alpha.backendServices.html
+++ b/docs/dyn/compute_alpha.backendServices.html
@@ -172,9 +172,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -271,7 +268,7 @@ 
Method Details

               ],
             },
             "cacheMode": "A String", # Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS Requires the origin to set valid caching headers to cache content. Responses without these headers will not be cached at Google's edge, and will require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server. FORCE_CACHE_ALL Cache all content, ignoring any "private", "no-store" or "no-cache" directives in Cache-Control response headers. Warning: this may result in Cloud CDN caching private, per-user (user identifiable) content. CACHE_ALL_STATIC Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), will not be cached.
-            "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 31,622,400s (1 year).
+            "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 86400s (1 day).
             "defaultTtl": 42, # Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). Setting a TTL of "0" means "always revalidate". The value of defaultTTL cannot be set to a value greater than that of maxTTL, but can be equal. When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
             "maxTtl": 42, # Specifies the maximum allowed TTL for cached content served by this origin. Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTTL seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. Headers sent to the client will not be modified. Setting a TTL of "0" means "always revalidate". The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
             "negativeCaching": True or False, # Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. When the cache mode is set to CACHE_ALL_STATIC or USE_ORIGIN_HEADERS, negative caching applies to responses with the specified response code that lack any Cache-Control, Expires, or Pragma: no-cache directives. When the cache mode is set to FORCE_CACHE_ALL, negative caching applies to all responses with the specified response code, and override any caching headers. By default, Cloud CDN will apply the following default TTLs to these status codes: HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s HTTP 405 (Method Not Found), 421 (Misdirected Request), 501 (Not Implemented): 60s. These defaults can be overridden in negative_caching_policy.
@@ -709,9 +706,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -777,9 +771,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -866,7 +857,7 @@ 
Method Details

       ],
     },
     "cacheMode": "A String", # Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS Requires the origin to set valid caching headers to cache content. Responses without these headers will not be cached at Google's edge, and will require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server. FORCE_CACHE_ALL Cache all content, ignoring any "private", "no-store" or "no-cache" directives in Cache-Control response headers. Warning: this may result in Cloud CDN caching private, per-user (user identifiable) content. CACHE_ALL_STATIC Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), will not be cached.
-    "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 31,622,400s (1 year).
+    "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 86400s (1 day).
     "defaultTtl": 42, # Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). Setting a TTL of "0" means "always revalidate". The value of defaultTTL cannot be set to a value greater than that of maxTTL, but can be equal. When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
     "maxTtl": 42, # Specifies the maximum allowed TTL for cached content served by this origin. Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTTL seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. Headers sent to the client will not be modified. Setting a TTL of "0" means "always revalidate". The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
     "negativeCaching": True or False, # Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. When the cache mode is set to CACHE_ALL_STATIC or USE_ORIGIN_HEADERS, negative caching applies to responses with the specified response code that lack any Cache-Control, Expires, or Pragma: no-cache directives. When the cache mode is set to FORCE_CACHE_ALL, negative caching applies to all responses with the specified response code, and override any caching headers. By default, Cloud CDN will apply the following default TTLs to these status codes: HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s HTTP 405 (Method Not Found), 421 (Misdirected Request), 501 (Not Implemented): 60s. These defaults can be overridden in negative_caching_policy.
@@ -1420,7 +1411,7 @@ 
Method Details

       ],
     },
     "cacheMode": "A String", # Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS Requires the origin to set valid caching headers to cache content. Responses without these headers will not be cached at Google's edge, and will require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server. FORCE_CACHE_ALL Cache all content, ignoring any "private", "no-store" or "no-cache" directives in Cache-Control response headers. Warning: this may result in Cloud CDN caching private, per-user (user identifiable) content. CACHE_ALL_STATIC Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), will not be cached.
-    "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 31,622,400s (1 year).
+    "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 86400s (1 day).
     "defaultTtl": 42, # Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). Setting a TTL of "0" means "always revalidate". The value of defaultTTL cannot be set to a value greater than that of maxTTL, but can be equal. When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
     "maxTtl": 42, # Specifies the maximum allowed TTL for cached content served by this origin. Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTTL seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. Headers sent to the client will not be modified. Setting a TTL of "0" means "always revalidate". The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
     "negativeCaching": True or False, # Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. When the cache mode is set to CACHE_ALL_STATIC or USE_ORIGIN_HEADERS, negative caching applies to responses with the specified response code that lack any Cache-Control, Expires, or Pragma: no-cache directives. When the cache mode is set to FORCE_CACHE_ALL, negative caching applies to all responses with the specified response code, and override any caching headers. By default, Cloud CDN will apply the following default TTLs to these status codes: HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s HTTP 405 (Method Not Found), 421 (Misdirected Request), 501 (Not Implemented): 60s. These defaults can be overridden in negative_caching_policy.
@@ -1801,9 +1792,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1897,7 +1885,7 @@ 
Method Details

           ],
         },
         "cacheMode": "A String", # Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS Requires the origin to set valid caching headers to cache content. Responses without these headers will not be cached at Google's edge, and will require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server. FORCE_CACHE_ALL Cache all content, ignoring any "private", "no-store" or "no-cache" directives in Cache-Control response headers. Warning: this may result in Cloud CDN caching private, per-user (user identifiable) content. CACHE_ALL_STATIC Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), will not be cached.
-        "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 31,622,400s (1 year).
+        "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 86400s (1 day).
         "defaultTtl": 42, # Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). Setting a TTL of "0" means "always revalidate". The value of defaultTTL cannot be set to a value greater than that of maxTTL, but can be equal. When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
         "maxTtl": 42, # Specifies the maximum allowed TTL for cached content served by this origin. Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTTL seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. Headers sent to the client will not be modified. Setting a TTL of "0" means "always revalidate". The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
         "negativeCaching": True or False, # Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. When the cache mode is set to CACHE_ALL_STATIC or USE_ORIGIN_HEADERS, negative caching applies to responses with the specified response code that lack any Cache-Control, Expires, or Pragma: no-cache directives. When the cache mode is set to FORCE_CACHE_ALL, negative caching applies to all responses with the specified response code, and override any caching headers. By default, Cloud CDN will apply the following default TTLs to these status codes: HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s HTTP 405 (Method Not Found), 421 (Misdirected Request), 501 (Not Implemented): 60s. These defaults can be overridden in negative_caching_policy.
@@ -2332,7 +2320,7 @@ 
Method Details

       ],
     },
     "cacheMode": "A String", # Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS Requires the origin to set valid caching headers to cache content. Responses without these headers will not be cached at Google's edge, and will require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server. FORCE_CACHE_ALL Cache all content, ignoring any "private", "no-store" or "no-cache" directives in Cache-Control response headers. Warning: this may result in Cloud CDN caching private, per-user (user identifiable) content. CACHE_ALL_STATIC Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), will not be cached.
-    "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 31,622,400s (1 year).
+    "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 86400s (1 day).
     "defaultTtl": 42, # Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). Setting a TTL of "0" means "always revalidate". The value of defaultTTL cannot be set to a value greater than that of maxTTL, but can be equal. When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
     "maxTtl": 42, # Specifies the maximum allowed TTL for cached content served by this origin. Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTTL seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. Headers sent to the client will not be modified. Setting a TTL of "0" means "always revalidate". The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
     "negativeCaching": True or False, # Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. When the cache mode is set to CACHE_ALL_STATIC or USE_ORIGIN_HEADERS, negative caching applies to responses with the specified response code that lack any Cache-Control, Expires, or Pragma: no-cache directives. When the cache mode is set to FORCE_CACHE_ALL, negative caching applies to all responses with the specified response code, and override any caching headers. By default, Cloud CDN will apply the following default TTLs to these status codes: HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s HTTP 405 (Method Not Found), 421 (Misdirected Request), 501 (Not Implemented): 60s. These defaults can be overridden in negative_caching_policy.
@@ -2713,9 +2701,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -2787,9 +2772,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -3072,9 +3054,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -3187,7 +3166,7 @@ 
Method Details

       ],
     },
     "cacheMode": "A String", # Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS Requires the origin to set valid caching headers to cache content. Responses without these headers will not be cached at Google's edge, and will require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server. FORCE_CACHE_ALL Cache all content, ignoring any "private", "no-store" or "no-cache" directives in Cache-Control response headers. Warning: this may result in Cloud CDN caching private, per-user (user identifiable) content. CACHE_ALL_STATIC Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), will not be cached.
-    "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 31,622,400s (1 year).
+    "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 86400s (1 day).
     "defaultTtl": 42, # Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). Setting a TTL of "0" means "always revalidate". The value of defaultTTL cannot be set to a value greater than that of maxTTL, but can be equal. When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
     "maxTtl": 42, # Specifies the maximum allowed TTL for cached content served by this origin. Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTTL seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. Headers sent to the client will not be modified. Setting a TTL of "0" means "always revalidate". The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
     "negativeCaching": True or False, # Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. When the cache mode is set to CACHE_ALL_STATIC or USE_ORIGIN_HEADERS, negative caching applies to responses with the specified response code that lack any Cache-Control, Expires, or Pragma: no-cache directives. When the cache mode is set to FORCE_CACHE_ALL, negative caching applies to all responses with the specified response code, and override any caching headers. By default, Cloud CDN will apply the following default TTLs to these status codes: HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s HTTP 405 (Method Not Found), 421 (Misdirected Request), 501 (Not Implemented): 60s. These defaults can be overridden in negative_caching_policy.
@@ -3568,9 +3547,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.disks.html b/docs/dyn/compute_alpha.disks.html
index aa842b0dd2e..3d540866b42 100644
--- a/docs/dyn/compute_alpha.disks.html
+++ b/docs/dyn/compute_alpha.disks.html
@@ -171,9 +171,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -461,9 +458,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -529,9 +523,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -890,9 +881,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1104,9 +1092,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1179,9 +1164,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1469,9 +1451,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1658,9 +1637,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.externalVpnGateways.html b/docs/dyn/compute_alpha.externalVpnGateways.html
index c21c7b769dd..c3f95486bf5 100644
--- a/docs/dyn/compute_alpha.externalVpnGateways.html
+++ b/docs/dyn/compute_alpha.externalVpnGateways.html
@@ -139,9 +139,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -264,9 +261,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -413,9 +407,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.firewallPolicies.html b/docs/dyn/compute_alpha.firewallPolicies.html
index 2e713445826..cb13775e128 100644
--- a/docs/dyn/compute_alpha.firewallPolicies.html
+++ b/docs/dyn/compute_alpha.firewallPolicies.html
@@ -181,9 +181,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -301,9 +298,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -368,9 +362,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -439,9 +430,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -871,9 +859,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1094,9 +1079,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1240,9 +1222,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1361,9 +1340,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1428,9 +1404,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1495,9 +1468,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.firewalls.html b/docs/dyn/compute_alpha.firewalls.html
index 4feeead69d5..637b6fe29a1 100644
--- a/docs/dyn/compute_alpha.firewalls.html
+++ b/docs/dyn/compute_alpha.firewalls.html
@@ -142,9 +142,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -220,7 +217,7 @@ 
Method Details

     "enable": True or False, # This field denotes whether to enable logging for a particular firewall rule.
     "metadata": "A String", # This field can only be specified for a particular firewall rule if logging is enabled for that rule. This field denotes whether to include or exclude metadata for firewall logs.
   },
-  "name": "A String", # Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?`. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit.
+  "name": "A String", # Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])?. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit.
   "network": "A String", # URL of the network resource for this firewall rule. If not specified when creating a firewall rule, the default network is used: global/networks/default If you choose to specify this field, you can specify the network as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/myproject/global/networks/my-network - projects/myproject/global/networks/my-network - global/networks/default
   "priority": 42, # Priority for this rule. This is an integer between `0` and `65535`, both inclusive. The default value is `1000`. Relative priorities determine which rule takes effect if multiple rules apply. Lower values indicate higher priority. For example, a rule with priority `0` has higher precedence than a rule with priority `1`. DENY rules take precedence over ALLOW rules if they have equal priority. Note that VPC networks have implied rules with a priority of `65535`. To avoid conflicts with the implied rules, use a priority number less than `65535`.
   "selfLink": "A String", # [Output Only] Server-defined URL for the resource.
@@ -283,7 +280,7 @@ 
Method Details

     "enable": True or False, # This field denotes whether to enable logging for a particular firewall rule.
     "metadata": "A String", # This field can only be specified for a particular firewall rule if logging is enabled for that rule. This field denotes whether to include or exclude metadata for firewall logs.
   },
-  "name": "A String", # Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?`. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit.
+  "name": "A String", # Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])?. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit.
   "network": "A String", # URL of the network resource for this firewall rule. If not specified when creating a firewall rule, the default network is used: global/networks/default If you choose to specify this field, you can specify the network as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/myproject/global/networks/my-network - projects/myproject/global/networks/my-network - global/networks/default
   "priority": 42, # Priority for this rule. This is an integer between `0` and `65535`, both inclusive. The default value is `1000`. Relative priorities determine which rule takes effect if multiple rules apply. Lower values indicate higher priority. For example, a rule with priority `0` has higher precedence than a rule with priority `1`. DENY rules take precedence over ALLOW rules if they have equal priority. Note that VPC networks have implied rules with a priority of `65535`. To avoid conflicts with the implied rules, use a priority number less than `65535`.
   "selfLink": "A String", # [Output Only] Server-defined URL for the resource.
@@ -333,9 +330,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -418,7 +412,7 @@ 
Method Details

         "enable": True or False, # This field denotes whether to enable logging for a particular firewall rule.
         "metadata": "A String", # This field can only be specified for a particular firewall rule if logging is enabled for that rule. This field denotes whether to include or exclude metadata for firewall logs.
       },
-      "name": "A String", # Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?`. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit.
+      "name": "A String", # Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])?. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit.
       "network": "A String", # URL of the network resource for this firewall rule. If not specified when creating a firewall rule, the default network is used: global/networks/default If you choose to specify this field, you can specify the network as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/myproject/global/networks/my-network - projects/myproject/global/networks/my-network - global/networks/default
       "priority": 42, # Priority for this rule. This is an integer between `0` and `65535`, both inclusive. The default value is `1000`. Relative priorities determine which rule takes effect if multiple rules apply. Lower values indicate higher priority. For example, a rule with priority `0` has higher precedence than a rule with priority `1`. DENY rules take precedence over ALLOW rules if they have equal priority. Note that VPC networks have implied rules with a priority of `65535`. To avoid conflicts with the implied rules, use a priority number less than `65535`.
       "selfLink": "A String", # [Output Only] Server-defined URL for the resource.
@@ -511,7 +505,7 @@ 
Method Details

     "enable": True or False, # This field denotes whether to enable logging for a particular firewall rule.
     "metadata": "A String", # This field can only be specified for a particular firewall rule if logging is enabled for that rule. This field denotes whether to include or exclude metadata for firewall logs.
   },
-  "name": "A String", # Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?`. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit.
+  "name": "A String", # Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])?. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit.
   "network": "A String", # URL of the network resource for this firewall rule. If not specified when creating a firewall rule, the default network is used: global/networks/default If you choose to specify this field, you can specify the network as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/myproject/global/networks/my-network - projects/myproject/global/networks/my-network - global/networks/default
   "priority": 42, # Priority for this rule. This is an integer between `0` and `65535`, both inclusive. The default value is `1000`. Relative priorities determine which rule takes effect if multiple rules apply. Lower values indicate higher priority. For example, a rule with priority `0` has higher precedence than a rule with priority `1`. DENY rules take precedence over ALLOW rules if they have equal priority. Note that VPC networks have implied rules with a priority of `65535`. To avoid conflicts with the implied rules, use a priority number less than `65535`.
   "selfLink": "A String", # [Output Only] Server-defined URL for the resource.
@@ -561,9 +555,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -665,7 +656,7 @@ 
Method Details

     "enable": True or False, # This field denotes whether to enable logging for a particular firewall rule.
     "metadata": "A String", # This field can only be specified for a particular firewall rule if logging is enabled for that rule. This field denotes whether to include or exclude metadata for firewall logs.
   },
-  "name": "A String", # Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?`. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit.
+  "name": "A String", # Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])?. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit.
   "network": "A String", # URL of the network resource for this firewall rule. If not specified when creating a firewall rule, the default network is used: global/networks/default If you choose to specify this field, you can specify the network as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/myproject/global/networks/my-network - projects/myproject/global/networks/my-network - global/networks/default
   "priority": 42, # Priority for this rule. This is an integer between `0` and `65535`, both inclusive. The default value is `1000`. Relative priorities determine which rule takes effect if multiple rules apply. Lower values indicate higher priority. For example, a rule with priority `0` has higher precedence than a rule with priority `1`. DENY rules take precedence over ALLOW rules if they have equal priority. Note that VPC networks have implied rules with a priority of `65535`. To avoid conflicts with the implied rules, use a priority number less than `65535`.
   "selfLink": "A String", # [Output Only] Server-defined URL for the resource.
@@ -715,9 +706,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.forwardingRules.html b/docs/dyn/compute_alpha.forwardingRules.html
index 302b55c1dc7..907f2b3eef1 100644
--- a/docs/dyn/compute_alpha.forwardingRules.html
+++ b/docs/dyn/compute_alpha.forwardingRules.html
@@ -279,9 +279,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -480,9 +477,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -718,9 +712,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -796,9 +787,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -871,9 +859,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.futureReservations.html b/docs/dyn/compute_alpha.futureReservations.html
index c1f259f881e..d27208f9819 100644
--- a/docs/dyn/compute_alpha.futureReservations.html
+++ b/docs/dyn/compute_alpha.futureReservations.html
@@ -278,9 +278,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -351,9 +348,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -570,9 +564,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -832,9 +823,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.globalAddresses.html b/docs/dyn/compute_alpha.globalAddresses.html
index 49a42619906..bd74866ccb0 100644
--- a/docs/dyn/compute_alpha.globalAddresses.html
+++ b/docs/dyn/compute_alpha.globalAddresses.html
@@ -142,9 +142,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -301,9 +298,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -456,9 +450,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.globalForwardingRules.html b/docs/dyn/compute_alpha.globalForwardingRules.html
index 8ae1769a3e7..f9dcb66d7ba 100644
--- a/docs/dyn/compute_alpha.globalForwardingRules.html
+++ b/docs/dyn/compute_alpha.globalForwardingRules.html
@@ -145,9 +145,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -344,9 +341,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -580,9 +574,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -656,9 +647,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -730,9 +718,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.globalNetworkEndpointGroups.html b/docs/dyn/compute_alpha.globalNetworkEndpointGroups.html
index ed32453f279..863d2abc84b 100644
--- a/docs/dyn/compute_alpha.globalNetworkEndpointGroups.html
+++ b/docs/dyn/compute_alpha.globalNetworkEndpointGroups.html
@@ -157,9 +157,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -229,9 +226,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -313,9 +307,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -494,9 +485,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.globalOperations.html b/docs/dyn/compute_alpha.globalOperations.html
index 3814e714160..5c90b32c5df 100644
--- a/docs/dyn/compute_alpha.globalOperations.html
+++ b/docs/dyn/compute_alpha.globalOperations.html
@@ -143,9 +143,6 @@ 
Method Details

           "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
           "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
           "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-          "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-            "a_key": "", # Properties of the object. Contains field @type with type URL.
-          },
           "name": "A String", # [Output Only] Name of the operation.
           "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
           "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -272,9 +269,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -345,9 +339,6 @@ 
Method Details

       "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
       "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
       "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-      "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-        "a_key": "", # Properties of the object. Contains field @type with type URL.
-      },
       "name": "A String", # [Output Only] Name of the operation.
       "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
       "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -440,9 +431,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.globalOrganizationOperations.html b/docs/dyn/compute_alpha.globalOrganizationOperations.html
index 47f108fea1c..a3063a6b09c 100644
--- a/docs/dyn/compute_alpha.globalOrganizationOperations.html
+++ b/docs/dyn/compute_alpha.globalOrganizationOperations.html
@@ -143,9 +143,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -216,9 +213,6 @@ 
Method Details

       "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
       "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
       "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-      "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-        "a_key": "", # Properties of the object. Contains field @type with type URL.
-      },
       "name": "A String", # [Output Only] Name of the operation.
       "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
       "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.globalPublicDelegatedPrefixes.html b/docs/dyn/compute_alpha.globalPublicDelegatedPrefixes.html
index 1d95cc1a514..a5f119d7ade 100644
--- a/docs/dyn/compute_alpha.globalPublicDelegatedPrefixes.html
+++ b/docs/dyn/compute_alpha.globalPublicDelegatedPrefixes.html
@@ -136,9 +136,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -275,9 +272,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -451,9 +445,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.healthChecks.html b/docs/dyn/compute_alpha.healthChecks.html
index f9eb119fb8d..b98248594fe 100644
--- a/docs/dyn/compute_alpha.healthChecks.html
+++ b/docs/dyn/compute_alpha.healthChecks.html
@@ -295,9 +295,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -534,9 +531,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -810,9 +804,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -988,9 +979,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.httpHealthChecks.html b/docs/dyn/compute_alpha.httpHealthChecks.html
index 97727f5b086..885d13cadbe 100644
--- a/docs/dyn/compute_alpha.httpHealthChecks.html
+++ b/docs/dyn/compute_alpha.httpHealthChecks.html
@@ -142,9 +142,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -261,9 +258,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -417,9 +411,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -535,9 +526,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.httpsHealthChecks.html b/docs/dyn/compute_alpha.httpsHealthChecks.html
index 8f6627757d3..9dca213d090 100644
--- a/docs/dyn/compute_alpha.httpsHealthChecks.html
+++ b/docs/dyn/compute_alpha.httpsHealthChecks.html
@@ -142,9 +142,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -261,9 +258,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -417,9 +411,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -535,9 +526,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.images.html b/docs/dyn/compute_alpha.images.html
index a6d0982bebc..b71465d83da 100644
--- a/docs/dyn/compute_alpha.images.html
+++ b/docs/dyn/compute_alpha.images.html
@@ -154,9 +154,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -238,9 +235,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -804,9 +798,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1167,9 +1158,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1454,9 +1442,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.instanceGroupManagers.html b/docs/dyn/compute_alpha.instanceGroupManagers.html
index ec79bd68ca0..e11c090a5f7 100644
--- a/docs/dyn/compute_alpha.instanceGroupManagers.html
+++ b/docs/dyn/compute_alpha.instanceGroupManagers.html
@@ -222,9 +222,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -522,9 +519,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -638,9 +632,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -706,9 +697,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -784,9 +772,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -860,9 +845,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1247,9 +1229,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1951,9 +1930,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -2062,9 +2038,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -2139,9 +2112,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -2208,9 +2178,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -2284,9 +2251,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -2361,9 +2325,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -2447,9 +2408,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -2522,9 +2480,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -2600,9 +2555,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -2677,9 +2629,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -2755,9 +2704,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -2833,9 +2779,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -3086,9 +3029,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -3197,9 +3137,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.instanceGroups.html b/docs/dyn/compute_alpha.instanceGroups.html
index 59be319d6a3..5f991019ccf 100644
--- a/docs/dyn/compute_alpha.instanceGroups.html
+++ b/docs/dyn/compute_alpha.instanceGroups.html
@@ -164,9 +164,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -329,9 +326,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -460,9 +454,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -686,9 +677,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -767,9 +755,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.instanceTemplates.html b/docs/dyn/compute_alpha.instanceTemplates.html
index f77c9ed1fbb..5ad4be1b792 100644
--- a/docs/dyn/compute_alpha.instanceTemplates.html
+++ b/docs/dyn/compute_alpha.instanceTemplates.html
@@ -142,9 +142,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -196,7 +193,7 @@ 
Method Details

   "kind": "compute#instanceTemplate", # [Output Only] The resource type, which is always compute#instanceTemplate for instance templates.
   "name": "A String", # Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
   "properties": { # The instance properties for this instance template.
-    "advancedMachineFeatures": { # Specifies options for controlling advanced machine features. Options that would traditionally be configured in a BIOS belong here. Features that require operating system support may have corresponding entries in the GuestOsFeatures of an Image (e.g., whether or not the OS in the Image supports nested virtualization being enabled or disabled). # Controls for advanced machine-related behavior features. Note that for MachineImage, this is not supported yet.
+    "advancedMachineFeatures": { # Specifies options for controlling advanced machine features. Options that would traditionally be configured in a BIOS belong here. Features that require operating system support may have corresponding entries in the GuestOsFeatures of an Image (e.g., whether or not the OS in the Image supports nested virtualization being enabled or disabled). # Controls for advanced machine-related behavior features.
       "enableNestedVirtualization": True or False, # Whether to enable nested virtualization or not (default is false).
       "enableUefiNetworking": True or False, # Whether to enable UEFI networking for instance creation.
       "numaNodeCount": 42, # The number of vNUMA nodes.
@@ -204,7 +201,7 @@ 
Method Details

       "visibleCoreCount": 42, # The number of physical cores to expose to an instance. Multiply by the number of threads per core to compute the total number of virtual CPUs to expose to the instance. If unset, the number of cores is inferred from the instance's nominal CPU count and the underlying platform's SMT width.
     },
     "canIpForward": True or False, # Enables instances created based on these properties to send packets with source IP addresses other than their own and receive packets with destination IP addresses other than their own. If these instances will be used as an IP gateway or it will be set as the next-hop in a Route resource, specify true. If unsure, leave this set to false. See the Enable IP forwarding documentation for more information.
-    "confidentialInstanceConfig": { # A set of Confidential Instance options. # Specifies the Confidential Instance options. Note that for MachineImage, this is not supported yet.
+    "confidentialInstanceConfig": { # A set of Confidential Instance options. # Specifies the Confidential Instance options.
       "enableConfidentialCompute": True or False, # Defines whether the instance should have confidential compute enabled.
     },
     "description": "A String", # An optional text description for the instances that are created from these properties.
@@ -313,7 +310,7 @@ 
Method Details

         ],
       },
     ],
-    "displayDevice": { # A set of Display Device options # Display Device properties to enable support for remote display products like: Teradici, VNC and TeamViewer Note that for MachineImage, this is not supported yet.
+    "displayDevice": { # A set of Display Device options # Display Device properties to enable support for remote display products like: Teradici, VNC and TeamViewer
       "enableDisplay": True or False, # Defines whether the instance has Display enabled.
     },
     "guestAccelerators": [ # A list of guest accelerator cards' type and count to use for instances created from these properties.
@@ -348,9 +345,9 @@ 
Method Details

             "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
             "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
             "publicDnsName": "A String", # [Output Only] The public DNS domain name for the instance.
-            "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
+            "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
             "setPublicDns": True or False, # Specifies whether a public DNS 'A' record should be created for the external IP address of this access configuration.
-            "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+            "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
             "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
           },
         ],
@@ -371,9 +368,9 @@ 
Method Details

             "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
             "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
             "publicDnsName": "A String", # [Output Only] The public DNS domain name for the instance.
-            "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
+            "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
             "setPublicDns": True or False, # Specifies whether a public DNS 'A' record should be created for the external IP address of this access configuration.
-            "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+            "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
             "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
           },
         ],
@@ -397,20 +394,20 @@ 
Method Details

         "subnetwork": "A String", # The URL of the Subnetwork resource for this instance. If the network resource is in legacy mode, do not specify this field. If the network is in auto subnet mode, specifying the subnetwork is optional. If the network is in custom subnet mode, specifying the subnetwork is required. If you specify this field, you can specify the subnetwork as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/project/regions/region /subnetworks/subnetwork - regions/region/subnetworks/subnetwork
       },
     ],
-    "networkPerformanceConfig": { # Note that for MachineImage, this is not supported yet.
+    "networkPerformanceConfig": {
       "externalIpEgressBandwidthTier": "A String",
       "totalEgressBandwidthTier": "A String",
     },
-    "postKeyRevocationActionType": "A String", # PostKeyRevocationActionType of the instance.
-    "privateIpv6GoogleAccess": "A String", # The private IPv6 google access type for VMs. If not specified, use INHERIT_FROM_SUBNETWORK as default. Note that for MachineImage, this is not supported yet.
-    "reservationAffinity": { # Specifies the reservations that this instance can consume from. # Specifies the reservations that instances can consume from. Note that for MachineImage, this is not supported yet.
+    "postKeyRevocationActionType": "A String", # PostKeyRevocationActionType of the instance.(will be deprecated soon)
+    "privateIpv6GoogleAccess": "A String", # The private IPv6 google access type for VMs. If not specified, use INHERIT_FROM_SUBNETWORK as default.
+    "reservationAffinity": { # Specifies the reservations that this instance can consume from. # Specifies the reservations that instances can consume from.
       "consumeReservationType": "A String", # Specifies the type of reservation from which this instance can consume resources: ANY_RESERVATION (default), SPECIFIC_RESERVATION, or NO_RESERVATION. See Consuming reserved instances for examples.
       "key": "A String", # Corresponds to the label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify googleapis.com/reservation-name as the key and specify the name of your reservation as its value.
       "values": [ # Corresponds to the label values of a reservation resource. This can be either a name to a reservation in the same project or "projects/different-project/reservations/some-reservation-name" to target a shared reservation in the same zone but in a different project.
         "A String",
       ],
     },
-    "resourcePolicies": [ # Resource policies (names, not ULRs) applied to instances created from these properties. Note that for MachineImage, this is not supported yet.
+    "resourcePolicies": [ # Resource policies (names, not ULRs) applied to instances created from these properties.
       "A String",
     ],
     "scheduling": { # Sets the scheduling options for an Instance. NextID: 21 # Specifies the scheduling options for the instances that are created from these properties.
@@ -438,7 +435,7 @@ 
Method Details

       "preemptible": True or False, # Defines whether the instance is preemptible. This can only be set during instance creation or while the instance is stopped and therefore, in a `TERMINATED` state. See Instance Life Cycle for more information on the possible instance states.
       "provisioningModel": "A String", # Specifies the provisioning model of the instance.
     },
-    "secureTags": [ # [Input Only] Secure tags to apply to this instance. Maximum number of secure tags allowed is 50. Note that for MachineImage, this is not supported yet.
+    "secureTags": [ # [Input Only] Secure tags to apply to this instance. Maximum number of secure tags allowed is 50.
       "A String",
     ],
     "serviceAccounts": [ # A list of service accounts with specified scopes. Access tokens for these service accounts are available to the instances that are created from these properties. Use metadata queries to obtain the access tokens for these instances.
@@ -449,7 +446,7 @@ 
Method Details

         ],
       },
     ],
-    "shieldedInstanceConfig": { # A set of Shielded Instance options. # Note that for MachineImage, this is not supported yet.
+    "shieldedInstanceConfig": { # A set of Shielded Instance options.
       "enableIntegrityMonitoring": True or False, # Defines whether the instance has integrity monitoring enabled. Enabled by default.
       "enableSecureBoot": True or False, # Defines whether the instance has Secure Boot enabled. Disabled by default.
       "enableVtpm": True or False, # Defines whether the instance has the vTPM enabled. Enabled by default.
@@ -602,7 +599,7 @@ 
Method Details

   "kind": "compute#instanceTemplate", # [Output Only] The resource type, which is always compute#instanceTemplate for instance templates.
   "name": "A String", # Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
   "properties": { # The instance properties for this instance template.
-    "advancedMachineFeatures": { # Specifies options for controlling advanced machine features. Options that would traditionally be configured in a BIOS belong here. Features that require operating system support may have corresponding entries in the GuestOsFeatures of an Image (e.g., whether or not the OS in the Image supports nested virtualization being enabled or disabled). # Controls for advanced machine-related behavior features. Note that for MachineImage, this is not supported yet.
+    "advancedMachineFeatures": { # Specifies options for controlling advanced machine features. Options that would traditionally be configured in a BIOS belong here. Features that require operating system support may have corresponding entries in the GuestOsFeatures of an Image (e.g., whether or not the OS in the Image supports nested virtualization being enabled or disabled). # Controls for advanced machine-related behavior features.
       "enableNestedVirtualization": True or False, # Whether to enable nested virtualization or not (default is false).
       "enableUefiNetworking": True or False, # Whether to enable UEFI networking for instance creation.
       "numaNodeCount": 42, # The number of vNUMA nodes.
@@ -610,7 +607,7 @@ 
Method Details

       "visibleCoreCount": 42, # The number of physical cores to expose to an instance. Multiply by the number of threads per core to compute the total number of virtual CPUs to expose to the instance. If unset, the number of cores is inferred from the instance's nominal CPU count and the underlying platform's SMT width.
     },
     "canIpForward": True or False, # Enables instances created based on these properties to send packets with source IP addresses other than their own and receive packets with destination IP addresses other than their own. If these instances will be used as an IP gateway or it will be set as the next-hop in a Route resource, specify true. If unsure, leave this set to false. See the Enable IP forwarding documentation for more information.
-    "confidentialInstanceConfig": { # A set of Confidential Instance options. # Specifies the Confidential Instance options. Note that for MachineImage, this is not supported yet.
+    "confidentialInstanceConfig": { # A set of Confidential Instance options. # Specifies the Confidential Instance options.
       "enableConfidentialCompute": True or False, # Defines whether the instance should have confidential compute enabled.
     },
     "description": "A String", # An optional text description for the instances that are created from these properties.
@@ -719,7 +716,7 @@ 
Method Details

         ],
       },
     ],
-    "displayDevice": { # A set of Display Device options # Display Device properties to enable support for remote display products like: Teradici, VNC and TeamViewer Note that for MachineImage, this is not supported yet.
+    "displayDevice": { # A set of Display Device options # Display Device properties to enable support for remote display products like: Teradici, VNC and TeamViewer
       "enableDisplay": True or False, # Defines whether the instance has Display enabled.
     },
     "guestAccelerators": [ # A list of guest accelerator cards' type and count to use for instances created from these properties.
@@ -754,9 +751,9 @@ 
Method Details

             "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
             "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
             "publicDnsName": "A String", # [Output Only] The public DNS domain name for the instance.
-            "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
+            "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
             "setPublicDns": True or False, # Specifies whether a public DNS 'A' record should be created for the external IP address of this access configuration.
-            "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+            "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
             "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
           },
         ],
@@ -777,9 +774,9 @@ 
Method Details

             "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
             "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
             "publicDnsName": "A String", # [Output Only] The public DNS domain name for the instance.
-            "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
+            "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
             "setPublicDns": True or False, # Specifies whether a public DNS 'A' record should be created for the external IP address of this access configuration.
-            "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+            "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
             "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
           },
         ],
@@ -803,20 +800,20 @@ 
Method Details

         "subnetwork": "A String", # The URL of the Subnetwork resource for this instance. If the network resource is in legacy mode, do not specify this field. If the network is in auto subnet mode, specifying the subnetwork is optional. If the network is in custom subnet mode, specifying the subnetwork is required. If you specify this field, you can specify the subnetwork as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/project/regions/region /subnetworks/subnetwork - regions/region/subnetworks/subnetwork
       },
     ],
-    "networkPerformanceConfig": { # Note that for MachineImage, this is not supported yet.
+    "networkPerformanceConfig": {
       "externalIpEgressBandwidthTier": "A String",
       "totalEgressBandwidthTier": "A String",
     },
-    "postKeyRevocationActionType": "A String", # PostKeyRevocationActionType of the instance.
-    "privateIpv6GoogleAccess": "A String", # The private IPv6 google access type for VMs. If not specified, use INHERIT_FROM_SUBNETWORK as default. Note that for MachineImage, this is not supported yet.
-    "reservationAffinity": { # Specifies the reservations that this instance can consume from. # Specifies the reservations that instances can consume from. Note that for MachineImage, this is not supported yet.
+    "postKeyRevocationActionType": "A String", # PostKeyRevocationActionType of the instance.(will be deprecated soon)
+    "privateIpv6GoogleAccess": "A String", # The private IPv6 google access type for VMs. If not specified, use INHERIT_FROM_SUBNETWORK as default.
+    "reservationAffinity": { # Specifies the reservations that this instance can consume from. # Specifies the reservations that instances can consume from.
       "consumeReservationType": "A String", # Specifies the type of reservation from which this instance can consume resources: ANY_RESERVATION (default), SPECIFIC_RESERVATION, or NO_RESERVATION. See Consuming reserved instances for examples.
       "key": "A String", # Corresponds to the label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify googleapis.com/reservation-name as the key and specify the name of your reservation as its value.
       "values": [ # Corresponds to the label values of a reservation resource. This can be either a name to a reservation in the same project or "projects/different-project/reservations/some-reservation-name" to target a shared reservation in the same zone but in a different project.
         "A String",
       ],
     },
-    "resourcePolicies": [ # Resource policies (names, not ULRs) applied to instances created from these properties. Note that for MachineImage, this is not supported yet.
+    "resourcePolicies": [ # Resource policies (names, not ULRs) applied to instances created from these properties.
       "A String",
     ],
     "scheduling": { # Sets the scheduling options for an Instance. NextID: 21 # Specifies the scheduling options for the instances that are created from these properties.
@@ -844,7 +841,7 @@ 
Method Details

       "preemptible": True or False, # Defines whether the instance is preemptible. This can only be set during instance creation or while the instance is stopped and therefore, in a `TERMINATED` state. See Instance Life Cycle for more information on the possible instance states.
       "provisioningModel": "A String", # Specifies the provisioning model of the instance.
     },
-    "secureTags": [ # [Input Only] Secure tags to apply to this instance. Maximum number of secure tags allowed is 50. Note that for MachineImage, this is not supported yet.
+    "secureTags": [ # [Input Only] Secure tags to apply to this instance. Maximum number of secure tags allowed is 50.
       "A String",
     ],
     "serviceAccounts": [ # A list of service accounts with specified scopes. Access tokens for these service accounts are available to the instances that are created from these properties. Use metadata queries to obtain the access tokens for these instances.
@@ -855,7 +852,7 @@ 
Method Details

         ],
       },
     ],
-    "shieldedInstanceConfig": { # A set of Shielded Instance options. # Note that for MachineImage, this is not supported yet.
+    "shieldedInstanceConfig": { # A set of Shielded Instance options.
       "enableIntegrityMonitoring": True or False, # Defines whether the instance has integrity monitoring enabled. Enabled by default.
       "enableSecureBoot": True or False, # Defines whether the instance has Secure Boot enabled. Disabled by default.
       "enableVtpm": True or False, # Defines whether the instance has the vTPM enabled. Enabled by default.
@@ -915,9 +912,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -976,7 +970,7 @@ 
Method Details

       "kind": "compute#instanceTemplate", # [Output Only] The resource type, which is always compute#instanceTemplate for instance templates.
       "name": "A String", # Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
       "properties": { # The instance properties for this instance template.
-        "advancedMachineFeatures": { # Specifies options for controlling advanced machine features. Options that would traditionally be configured in a BIOS belong here. Features that require operating system support may have corresponding entries in the GuestOsFeatures of an Image (e.g., whether or not the OS in the Image supports nested virtualization being enabled or disabled). # Controls for advanced machine-related behavior features. Note that for MachineImage, this is not supported yet.
+        "advancedMachineFeatures": { # Specifies options for controlling advanced machine features. Options that would traditionally be configured in a BIOS belong here. Features that require operating system support may have corresponding entries in the GuestOsFeatures of an Image (e.g., whether or not the OS in the Image supports nested virtualization being enabled or disabled). # Controls for advanced machine-related behavior features.
           "enableNestedVirtualization": True or False, # Whether to enable nested virtualization or not (default is false).
           "enableUefiNetworking": True or False, # Whether to enable UEFI networking for instance creation.
           "numaNodeCount": 42, # The number of vNUMA nodes.
@@ -984,7 +978,7 @@ 
Method Details

           "visibleCoreCount": 42, # The number of physical cores to expose to an instance. Multiply by the number of threads per core to compute the total number of virtual CPUs to expose to the instance. If unset, the number of cores is inferred from the instance's nominal CPU count and the underlying platform's SMT width.
         },
         "canIpForward": True or False, # Enables instances created based on these properties to send packets with source IP addresses other than their own and receive packets with destination IP addresses other than their own. If these instances will be used as an IP gateway or it will be set as the next-hop in a Route resource, specify true. If unsure, leave this set to false. See the Enable IP forwarding documentation for more information.
-        "confidentialInstanceConfig": { # A set of Confidential Instance options. # Specifies the Confidential Instance options. Note that for MachineImage, this is not supported yet.
+        "confidentialInstanceConfig": { # A set of Confidential Instance options. # Specifies the Confidential Instance options.
           "enableConfidentialCompute": True or False, # Defines whether the instance should have confidential compute enabled.
         },
         "description": "A String", # An optional text description for the instances that are created from these properties.
@@ -1093,7 +1087,7 @@ 
Method Details

             ],
           },
         ],
-        "displayDevice": { # A set of Display Device options # Display Device properties to enable support for remote display products like: Teradici, VNC and TeamViewer Note that for MachineImage, this is not supported yet.
+        "displayDevice": { # A set of Display Device options # Display Device properties to enable support for remote display products like: Teradici, VNC and TeamViewer
           "enableDisplay": True or False, # Defines whether the instance has Display enabled.
         },
         "guestAccelerators": [ # A list of guest accelerator cards' type and count to use for instances created from these properties.
@@ -1128,9 +1122,9 @@ 
Method Details

                 "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
                 "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
                 "publicDnsName": "A String", # [Output Only] The public DNS domain name for the instance.
-                "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
+                "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
                 "setPublicDns": True or False, # Specifies whether a public DNS 'A' record should be created for the external IP address of this access configuration.
-                "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+                "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
                 "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
               },
             ],
@@ -1151,9 +1145,9 @@ 
Method Details

                 "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
                 "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
                 "publicDnsName": "A String", # [Output Only] The public DNS domain name for the instance.
-                "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
+                "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
                 "setPublicDns": True or False, # Specifies whether a public DNS 'A' record should be created for the external IP address of this access configuration.
-                "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+                "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
                 "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
               },
             ],
@@ -1177,20 +1171,20 @@ 
Method Details

             "subnetwork": "A String", # The URL of the Subnetwork resource for this instance. If the network resource is in legacy mode, do not specify this field. If the network is in auto subnet mode, specifying the subnetwork is optional. If the network is in custom subnet mode, specifying the subnetwork is required. If you specify this field, you can specify the subnetwork as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/project/regions/region /subnetworks/subnetwork - regions/region/subnetworks/subnetwork
           },
         ],
-        "networkPerformanceConfig": { # Note that for MachineImage, this is not supported yet.
+        "networkPerformanceConfig": {
           "externalIpEgressBandwidthTier": "A String",
           "totalEgressBandwidthTier": "A String",
         },
-        "postKeyRevocationActionType": "A String", # PostKeyRevocationActionType of the instance.
-        "privateIpv6GoogleAccess": "A String", # The private IPv6 google access type for VMs. If not specified, use INHERIT_FROM_SUBNETWORK as default. Note that for MachineImage, this is not supported yet.
-        "reservationAffinity": { # Specifies the reservations that this instance can consume from. # Specifies the reservations that instances can consume from. Note that for MachineImage, this is not supported yet.
+        "postKeyRevocationActionType": "A String", # PostKeyRevocationActionType of the instance.(will be deprecated soon)
+        "privateIpv6GoogleAccess": "A String", # The private IPv6 google access type for VMs. If not specified, use INHERIT_FROM_SUBNETWORK as default.
+        "reservationAffinity": { # Specifies the reservations that this instance can consume from. # Specifies the reservations that instances can consume from.
           "consumeReservationType": "A String", # Specifies the type of reservation from which this instance can consume resources: ANY_RESERVATION (default), SPECIFIC_RESERVATION, or NO_RESERVATION. See Consuming reserved instances for examples.
           "key": "A String", # Corresponds to the label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify googleapis.com/reservation-name as the key and specify the name of your reservation as its value.
           "values": [ # Corresponds to the label values of a reservation resource. This can be either a name to a reservation in the same project or "projects/different-project/reservations/some-reservation-name" to target a shared reservation in the same zone but in a different project.
             "A String",
           ],
         },
-        "resourcePolicies": [ # Resource policies (names, not ULRs) applied to instances created from these properties. Note that for MachineImage, this is not supported yet.
+        "resourcePolicies": [ # Resource policies (names, not ULRs) applied to instances created from these properties.
           "A String",
         ],
         "scheduling": { # Sets the scheduling options for an Instance. NextID: 21 # Specifies the scheduling options for the instances that are created from these properties.
@@ -1218,7 +1212,7 @@ 
Method Details

           "preemptible": True or False, # Defines whether the instance is preemptible. This can only be set during instance creation or while the instance is stopped and therefore, in a `TERMINATED` state. See Instance Life Cycle for more information on the possible instance states.
           "provisioningModel": "A String", # Specifies the provisioning model of the instance.
         },
-        "secureTags": [ # [Input Only] Secure tags to apply to this instance. Maximum number of secure tags allowed is 50. Note that for MachineImage, this is not supported yet.
+        "secureTags": [ # [Input Only] Secure tags to apply to this instance. Maximum number of secure tags allowed is 50.
           "A String",
         ],
         "serviceAccounts": [ # A list of service accounts with specified scopes. Access tokens for these service accounts are available to the instances that are created from these properties. Use metadata queries to obtain the access tokens for these instances.
@@ -1229,7 +1223,7 @@ 
Method Details

             ],
           },
         ],
-        "shieldedInstanceConfig": { # A set of Shielded Instance options. # Note that for MachineImage, this is not supported yet.
+        "shieldedInstanceConfig": { # A set of Shielded Instance options.
           "enableIntegrityMonitoring": True or False, # Defines whether the instance has integrity monitoring enabled. Enabled by default.
           "enableSecureBoot": True or False, # Defines whether the instance has Secure Boot enabled. Disabled by default.
           "enableVtpm": True or False, # Defines whether the instance has the vTPM enabled. Enabled by default.
diff --git a/docs/dyn/compute_alpha.instances.html b/docs/dyn/compute_alpha.instances.html
index 93a051a3083..42f35663f2a 100644
--- a/docs/dyn/compute_alpha.instances.html
+++ b/docs/dyn/compute_alpha.instances.html
@@ -257,9 +257,9 @@ 
Method Details

   "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
   "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
   "publicDnsName": "A String", # [Output Only] The public DNS domain name for the instance.
-  "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
+  "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
   "setPublicDns": True or False, # Specifies whether a public DNS 'A' record should be created for the external IP address of this access configuration.
-  "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+  "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
   "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
 }
 
@@ -291,9 +291,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -368,9 +365,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -598,9 +592,9 @@ 
Method Details

                   "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
                   "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
                   "publicDnsName": "A String", # [Output Only] The public DNS domain name for the instance.
-                  "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
+                  "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
                   "setPublicDns": True or False, # Specifies whether a public DNS 'A' record should be created for the external IP address of this access configuration.
-                  "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+                  "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
                   "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
                 },
               ],
@@ -621,9 +615,9 @@ 
Method Details

                   "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
                   "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
                   "publicDnsName": "A String", # [Output Only] The public DNS domain name for the instance.
-                  "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
+                  "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
                   "setPublicDns": True or False, # Specifies whether a public DNS 'A' record should be created for the external IP address of this access configuration.
-                  "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+                  "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
                   "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
                 },
               ],
@@ -945,9 +939,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1162,9 +1153,9 @@ 
Method Details

             "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
             "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
             "publicDnsName": "A String", # [Output Only] The public DNS domain name for the instance.
-            "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
+            "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
             "setPublicDns": True or False, # Specifies whether a public DNS 'A' record should be created for the external IP address of this access configuration.
-            "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+            "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
             "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
           },
         ],
@@ -1185,9 +1176,9 @@ 
Method Details

             "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
             "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
             "publicDnsName": "A String", # [Output Only] The public DNS domain name for the instance.
-            "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
+            "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
             "setPublicDns": True or False, # Specifies whether a public DNS 'A' record should be created for the external IP address of this access configuration.
-            "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+            "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
             "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
           },
         ],
@@ -1320,7 +1311,7 @@ 
Method Details

     "zone": "A String", # [Output Only] URL of the zone where the instance resides. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.
   },
   "instanceProperties": { # The instance properties defining the VM instances to be created. Required if sourceInstanceTemplate is not provided.
-    "advancedMachineFeatures": { # Specifies options for controlling advanced machine features. Options that would traditionally be configured in a BIOS belong here. Features that require operating system support may have corresponding entries in the GuestOsFeatures of an Image (e.g., whether or not the OS in the Image supports nested virtualization being enabled or disabled). # Controls for advanced machine-related behavior features. Note that for MachineImage, this is not supported yet.
+    "advancedMachineFeatures": { # Specifies options for controlling advanced machine features. Options that would traditionally be configured in a BIOS belong here. Features that require operating system support may have corresponding entries in the GuestOsFeatures of an Image (e.g., whether or not the OS in the Image supports nested virtualization being enabled or disabled). # Controls for advanced machine-related behavior features.
       "enableNestedVirtualization": True or False, # Whether to enable nested virtualization or not (default is false).
       "enableUefiNetworking": True or False, # Whether to enable UEFI networking for instance creation.
       "numaNodeCount": 42, # The number of vNUMA nodes.
@@ -1328,7 +1319,7 @@ 
Method Details

       "visibleCoreCount": 42, # The number of physical cores to expose to an instance. Multiply by the number of threads per core to compute the total number of virtual CPUs to expose to the instance. If unset, the number of cores is inferred from the instance's nominal CPU count and the underlying platform's SMT width.
     },
     "canIpForward": True or False, # Enables instances created based on these properties to send packets with source IP addresses other than their own and receive packets with destination IP addresses other than their own. If these instances will be used as an IP gateway or it will be set as the next-hop in a Route resource, specify true. If unsure, leave this set to false. See the Enable IP forwarding documentation for more information.
-    "confidentialInstanceConfig": { # A set of Confidential Instance options. # Specifies the Confidential Instance options. Note that for MachineImage, this is not supported yet.
+    "confidentialInstanceConfig": { # A set of Confidential Instance options. # Specifies the Confidential Instance options.
       "enableConfidentialCompute": True or False, # Defines whether the instance should have confidential compute enabled.
     },
     "description": "A String", # An optional text description for the instances that are created from these properties.
@@ -1437,7 +1428,7 @@ 
Method Details

         ],
       },
     ],
-    "displayDevice": { # A set of Display Device options # Display Device properties to enable support for remote display products like: Teradici, VNC and TeamViewer Note that for MachineImage, this is not supported yet.
+    "displayDevice": { # A set of Display Device options # Display Device properties to enable support for remote display products like: Teradici, VNC and TeamViewer
       "enableDisplay": True or False, # Defines whether the instance has Display enabled.
     },
     "guestAccelerators": [ # A list of guest accelerator cards' type and count to use for instances created from these properties.
@@ -1472,9 +1463,9 @@ 
Method Details

             "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
             "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
             "publicDnsName": "A String", # [Output Only] The public DNS domain name for the instance.
-            "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
+            "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
             "setPublicDns": True or False, # Specifies whether a public DNS 'A' record should be created for the external IP address of this access configuration.
-            "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+            "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
             "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
           },
         ],
@@ -1495,9 +1486,9 @@ 
Method Details

             "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
             "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
             "publicDnsName": "A String", # [Output Only] The public DNS domain name for the instance.
-            "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
+            "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
             "setPublicDns": True or False, # Specifies whether a public DNS 'A' record should be created for the external IP address of this access configuration.
-            "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+            "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
             "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
           },
         ],
@@ -1521,20 +1512,20 @@ 
Method Details

         "subnetwork": "A String", # The URL of the Subnetwork resource for this instance. If the network resource is in legacy mode, do not specify this field. If the network is in auto subnet mode, specifying the subnetwork is optional. If the network is in custom subnet mode, specifying the subnetwork is required. If you specify this field, you can specify the subnetwork as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/project/regions/region /subnetworks/subnetwork - regions/region/subnetworks/subnetwork
       },
     ],
-    "networkPerformanceConfig": { # Note that for MachineImage, this is not supported yet.
+    "networkPerformanceConfig": {
       "externalIpEgressBandwidthTier": "A String",
       "totalEgressBandwidthTier": "A String",
     },
-    "postKeyRevocationActionType": "A String", # PostKeyRevocationActionType of the instance.
-    "privateIpv6GoogleAccess": "A String", # The private IPv6 google access type for VMs. If not specified, use INHERIT_FROM_SUBNETWORK as default. Note that for MachineImage, this is not supported yet.
-    "reservationAffinity": { # Specifies the reservations that this instance can consume from. # Specifies the reservations that instances can consume from. Note that for MachineImage, this is not supported yet.
+    "postKeyRevocationActionType": "A String", # PostKeyRevocationActionType of the instance.(will be deprecated soon)
+    "privateIpv6GoogleAccess": "A String", # The private IPv6 google access type for VMs. If not specified, use INHERIT_FROM_SUBNETWORK as default.
+    "reservationAffinity": { # Specifies the reservations that this instance can consume from. # Specifies the reservations that instances can consume from.
       "consumeReservationType": "A String", # Specifies the type of reservation from which this instance can consume resources: ANY_RESERVATION (default), SPECIFIC_RESERVATION, or NO_RESERVATION. See Consuming reserved instances for examples.
       "key": "A String", # Corresponds to the label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify googleapis.com/reservation-name as the key and specify the name of your reservation as its value.
       "values": [ # Corresponds to the label values of a reservation resource. This can be either a name to a reservation in the same project or "projects/different-project/reservations/some-reservation-name" to target a shared reservation in the same zone but in a different project.
         "A String",
       ],
     },
-    "resourcePolicies": [ # Resource policies (names, not ULRs) applied to instances created from these properties. Note that for MachineImage, this is not supported yet.
+    "resourcePolicies": [ # Resource policies (names, not ULRs) applied to instances created from these properties.
       "A String",
     ],
     "scheduling": { # Sets the scheduling options for an Instance. NextID: 21 # Specifies the scheduling options for the instances that are created from these properties.
@@ -1562,7 +1553,7 @@ 
Method Details

       "preemptible": True or False, # Defines whether the instance is preemptible. This can only be set during instance creation or while the instance is stopped and therefore, in a `TERMINATED` state. See Instance Life Cycle for more information on the possible instance states.
       "provisioningModel": "A String", # Specifies the provisioning model of the instance.
     },
-    "secureTags": [ # [Input Only] Secure tags to apply to this instance. Maximum number of secure tags allowed is 50. Note that for MachineImage, this is not supported yet.
+    "secureTags": [ # [Input Only] Secure tags to apply to this instance. Maximum number of secure tags allowed is 50.
       "A String",
     ],
     "serviceAccounts": [ # A list of service accounts with specified scopes. Access tokens for these service accounts are available to the instances that are created from these properties. Use metadata queries to obtain the access tokens for these instances.
@@ -1573,7 +1564,7 @@ 
Method Details

         ],
       },
     ],
-    "shieldedInstanceConfig": { # A set of Shielded Instance options. # Note that for MachineImage, this is not supported yet.
+    "shieldedInstanceConfig": { # A set of Shielded Instance options.
       "enableIntegrityMonitoring": True or False, # Defines whether the instance has integrity monitoring enabled. Enabled by default.
       "enableSecureBoot": True or False, # Defines whether the instance has Secure Boot enabled. Disabled by default.
       "enableVtpm": True or False, # Defines whether the instance has the vTPM enabled. Enabled by default.
@@ -1636,9 +1627,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1709,9 +1697,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1779,9 +1764,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1848,9 +1830,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -2069,9 +2048,9 @@ 
Method Details

           "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
           "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
           "publicDnsName": "A String", # [Output Only] The public DNS domain name for the instance.
-          "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
+          "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
           "setPublicDns": True or False, # Specifies whether a public DNS 'A' record should be created for the external IP address of this access configuration.
-          "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+          "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
           "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
         },
       ],
@@ -2092,9 +2071,9 @@ 
Method Details

           "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
           "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
           "publicDnsName": "A String", # [Output Only] The public DNS domain name for the instance.
-          "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
+          "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
           "setPublicDns": True or False, # Specifies whether a public DNS 'A' record should be created for the external IP address of this access configuration.
-          "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+          "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
           "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
         },
       ],
@@ -2338,7 +2317,7 @@ 
Method Details

         "enable": True or False, # This field denotes whether to enable logging for a particular firewall rule.
         "metadata": "A String", # This field can only be specified for a particular firewall rule if logging is enabled for that rule. This field denotes whether to include or exclude metadata for firewall logs.
       },
-      "name": "A String", # Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?`. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit.
+      "name": "A String", # Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])?. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit.
       "network": "A String", # URL of the network resource for this firewall rule. If not specified when creating a firewall rule, the default network is used: global/networks/default If you choose to specify this field, you can specify the network as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/myproject/global/networks/my-network - projects/myproject/global/networks/my-network - global/networks/default
       "priority": 42, # Priority for this rule. This is an integer between `0` and `65535`, both inclusive. The default value is `1000`. Relative priorities determine which rule takes effect if multiple rules apply. Lower values indicate higher priority. For example, a rule with priority `0` has higher precedence than a rule with priority `1`. DENY rules take precedence over ALLOW rules if they have equal priority. Note that VPC networks have implied rules with a priority of `65535`. To avoid conflicts with the implied rules, use a priority number less than `65535`.
       "selfLink": "A String", # [Output Only] Server-defined URL for the resource.
@@ -2887,9 +2866,9 @@ 
Method Details

           "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
           "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
           "publicDnsName": "A String", # [Output Only] The public DNS domain name for the instance.
-          "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
+          "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
           "setPublicDns": True or False, # Specifies whether a public DNS 'A' record should be created for the external IP address of this access configuration.
-          "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+          "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
           "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
         },
       ],
@@ -2910,9 +2889,9 @@ 
Method Details

           "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
           "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
           "publicDnsName": "A String", # [Output Only] The public DNS domain name for the instance.
-          "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
+          "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
           "setPublicDns": True or False, # Specifies whether a public DNS 'A' record should be created for the external IP address of this access configuration.
-          "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+          "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
           "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
         },
       ],
@@ -3075,9 +3054,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -3303,9 +3279,9 @@ 
Method Details

               "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
               "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
               "publicDnsName": "A String", # [Output Only] The public DNS domain name for the instance.
-              "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
+              "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
               "setPublicDns": True or False, # Specifies whether a public DNS 'A' record should be created for the external IP address of this access configuration.
-              "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+              "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
               "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
             },
           ],
@@ -3326,9 +3302,9 @@ 
Method Details

               "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
               "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
               "publicDnsName": "A String", # [Output Only] The public DNS domain name for the instance.
-              "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
+              "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
               "setPublicDns": True or False, # Specifies whether a public DNS 'A' record should be created for the external IP address of this access configuration.
-              "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+              "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
               "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
             },
           ],
@@ -3588,9 +3564,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -3665,9 +3638,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -3733,9 +3703,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -3826,9 +3793,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -3910,9 +3874,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -3980,9 +3941,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -4270,9 +4228,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -4350,9 +4305,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -4425,9 +4377,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -4507,9 +4456,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -4582,9 +4528,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -4658,9 +4601,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -4755,9 +4695,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -4833,9 +4770,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -4908,9 +4842,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -4983,9 +4914,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -5061,9 +4989,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -5128,9 +5053,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -5196,9 +5118,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -5289,9 +5208,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -5358,9 +5274,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -5427,9 +5340,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -5675,9 +5585,9 @@ 
Method Details

           "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
           "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
           "publicDnsName": "A String", # [Output Only] The public DNS domain name for the instance.
-          "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
+          "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
           "setPublicDns": True or False, # Specifies whether a public DNS 'A' record should be created for the external IP address of this access configuration.
-          "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+          "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
           "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
         },
       ],
@@ -5698,9 +5608,9 @@ 
Method Details

           "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
           "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
           "publicDnsName": "A String", # [Output Only] The public DNS domain name for the instance.
-          "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
+          "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
           "setPublicDns": True or False, # Specifies whether a public DNS 'A' record should be created for the external IP address of this access configuration.
-          "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+          "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
           "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
         },
       ],
@@ -5874,9 +5784,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -5926,9 +5833,9 @@ 
Method Details

   "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
   "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
   "publicDnsName": "A String", # [Output Only] The public DNS domain name for the instance.
-  "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
+  "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
   "setPublicDns": True or False, # Specifies whether a public DNS 'A' record should be created for the external IP address of this access configuration.
-  "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+  "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
   "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
 }
 
@@ -5960,9 +5867,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -6035,9 +5939,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -6089,9 +5990,9 @@ 
Method Details

       "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
       "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
       "publicDnsName": "A String", # [Output Only] The public DNS domain name for the instance.
-      "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
+      "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
       "setPublicDns": True or False, # Specifies whether a public DNS 'A' record should be created for the external IP address of this access configuration.
-      "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+      "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
       "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
     },
   ],
@@ -6112,9 +6013,9 @@ 
Method Details

       "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
       "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
       "publicDnsName": "A String", # [Output Only] The public DNS domain name for the instance.
-      "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
+      "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
       "setPublicDns": True or False, # Specifies whether a public DNS 'A' record should be created for the external IP address of this access configuration.
-      "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+      "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
       "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
     },
   ],
@@ -6166,9 +6067,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -6243,9 +6141,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -6320,9 +6215,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.instantSnapshots.html b/docs/dyn/compute_alpha.instantSnapshots.html
index 8e8cc4580ea..93be904bd51 100644
--- a/docs/dyn/compute_alpha.instantSnapshots.html
+++ b/docs/dyn/compute_alpha.instantSnapshots.html
@@ -74,12 +74,6 @@
 
 
Compute Engine API . instantSnapshots

 
Instance Methods

-

-  aggregatedList(project, filter=None, includeAllScopes=None, maxResults=None, orderBy=None, pageToken=None, returnPartialSuccess=None, x__xgafv=None)

-
Retrieves an aggregated list of instantSnapshots.

-

-  aggregatedList_next(previous_request, previous_response)

-
Retrieves the next page of results.

 

   close()

 
Close httplib2 connections.

@@ -114,98 +108,6 @@ 
Instance Methods

   testIamPermissions(project, zone, resource, body=None, x__xgafv=None)

 
Returns permissions that a caller has on the specified resource.

 
Method Details

-

-    aggregatedList(project, filter=None, includeAllScopes=None, maxResults=None, orderBy=None, pageToken=None, returnPartialSuccess=None, x__xgafv=None)
-  
Retrieves an aggregated list of instantSnapshots.
-
-Args:
-  project: string, Project ID for this request. (required)
-  filter: string, A filter expression that filters resources listed in the response. The expression must specify the field name, a comparison operator, and the value that you want to use for filtering. The value must be a string, a number, or a boolean. The comparison operator must be either `=`, `!=`, `>`, or `<`. For example, if you are filtering Compute Engine instances, you can exclude instances named `example-instance` by specifying `name != example-instance`. You can also filter nested fields. For example, you could specify `scheduling.automaticRestart = false` to include instances only if they are not scheduled for automatic restarts. You can use filtering on nested fields to filter based on resource labels. To filter on multiple expressions, provide each separate expression within parentheses. For example: ``` (scheduling.automaticRestart = true) (cpuPlatform = "Intel Skylake") ``` By default, each expression is an `AND` expression. However, you can include `AND` and `OR` expressions explicitly. For example: ``` (cpuPlatform = "Intel Skylake") OR (cpuPlatform = "Intel Broadwell") AND (scheduling.automaticRestart = true) ```
-  includeAllScopes: boolean, Indicates whether every visible scope for each scope type (zone, region, global) should be included in the response. For new resource types added after this field, the flag has no effect as new resource types will always include every visible scope for each scope type in response. For resource types which predate this field, if this flag is omitted or false, only scopes of the scope types where the resource type is expected to be found will be included.
-  maxResults: integer, The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)
-  orderBy: string, Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy="creationTimestamp desc"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.
-  pageToken: string, Specifies a page token to use. Set `pageToken` to the `nextPageToken` returned by a previous list request to get the next page of results.
-  returnPartialSuccess: boolean, Opt-in for partial success behavior which provides partial results in case of failure. The default value is false.
-  x__xgafv: string, V1 error format.
-    Allowed values
-      1 - v1 error format
-      2 - v2 error format
-
-Returns:
-  An object of the form:
-
-    {
-  "id": "A String", # [Output Only] Unique identifier for the resource; defined by the server.
-  "items": { # A list of InstantSnapshotsScopedList resources.
-    "a_key": { # [Output Only] Name of the scope containing this set of instantSnapshots.
-      "instantSnapshots": [ # [Output Only] A list of instantSnapshots contained in this scope.
-        { # Represents a InstantSnapshot resource. You can use instant snapshots to create disk rollback points quickly..
-          "creationTimestamp": "A String", # [Output Only] Creation timestamp in RFC3339 text format.
-          "description": "A String", # An optional description of this resource. Provide this property when you create the resource.
-          "diskSizeGb": "A String", # [Output Only] Size of the source disk, specified in GB.
-          "guestFlush": True or False, # Whether to attempt an application consistent instant snapshot by informing the OS to prepare for the snapshot process. Currently only supported on Windows instances using the Volume Shadow Copy Service (VSS).
-          "id": "A String", # [Output Only] The unique identifier for the resource. This identifier is defined by the server.
-          "kind": "compute#instantSnapshot", # [Output Only] Type of the resource. Always compute#instantSnapshot for InstantSnapshot resources.
-          "labelFingerprint": "A String", # A fingerprint for the labels being applied to this InstantSnapshot, which is essentially a hash of the labels set used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update labels. You must always provide an up-to-date fingerprint hash in order to update or change labels, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve a InstantSnapshot.
-          "labels": { # Labels to apply to this InstantSnapshot. These can be later modified by the setLabels method. Label values may be empty.
-            "a_key": "A String",
-          },
-          "name": "A String", # Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
-          "region": "A String", # [Output Only] URL of the region where the instant snapshot resides. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.
-          "satisfiesPzs": True or False, # [Output Only] Reserved for future use.
-          "selfLink": "A String", # [Output Only] Server-defined URL for the resource.
-          "selfLinkWithId": "A String", # [Output Only] Server-defined URL for this resource's resource id.
-          "sourceDisk": "A String", # URL of the source disk used to create this instant snapshot. Note that the source disk must be in the same zone/region as the instant snapshot to be created. This can be a full or valid partial URL. For example, the following are valid values: - https://www.googleapis.com/compute/v1/projects/project/zones/zone /disks/disk - https://www.googleapis.com/compute/v1/projects/project/regions/region /disks/disk - projects/project/zones/zone/disks/disk - projects/project/regions/region/disks/disk - zones/zone/disks/disk - regions/region/disks/disk
-          "sourceDiskId": "A String", # [Output Only] The ID value of the disk used to create this InstantSnapshot. This value may be used to determine whether the InstantSnapshot was taken from the current or a previous instance of a given disk name.
-          "status": "A String", # [Output Only] The status of the instantSnapshot. This can be CREATING, DELETING, FAILED, or READY.
-          "zone": "A String", # [Output Only] URL of the zone where the instant snapshot resides. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.
-        },
-      ],
-      "warning": { # [Output Only] Informational warning which replaces the list of instantSnapshots when the list is empty.
-        "code": "A String", # [Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.
-        "data": [ # [Output Only] Metadata about this warning in key: value format. For example: "data": [ { "key": "scope", "value": "zones/us-east1-d" }
-          {
-            "key": "A String", # [Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).
-            "value": "A String", # [Output Only] A warning data value corresponding to the key.
-          },
-        ],
-        "message": "A String", # [Output Only] A human-readable description of the warning code.
-      },
-    },
-  },
-  "kind": "compute#instantSnapshotAggregatedList", # [Output Only] Type of resource. Always compute#instantSnapshotAggregatedList for aggregated lists of instantSnapshots.
-  "nextPageToken": "A String", # [Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.
-  "selfLink": "A String", # [Output Only] Server-defined URL for this resource.
-  "unreachables": [ # [Output Only] Unreachable resources.
-    "A String",
-  ],
-  "warning": { # [Output Only] Informational warning message.
-    "code": "A String", # [Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.
-    "data": [ # [Output Only] Metadata about this warning in key: value format. For example: "data": [ { "key": "scope", "value": "zones/us-east1-d" }
-      {
-        "key": "A String", # [Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).
-        "value": "A String", # [Output Only] A warning data value corresponding to the key.
-      },
-    ],
-    "message": "A String", # [Output Only] A human-readable description of the warning code.
-  },
-}

-

-
-

-    aggregatedList_next(previous_request, previous_response)
-  
Retrieves the next page of results.
-
-Args:
-  previous_request: The request for the previous page. (required)
-  previous_response: The response from the request for the previous page. (required)
-
-Returns:
-  A request object that you can call 'execute()' on to request the next
-  page. Returns None if there are no more items in the collection.
-    

-

-
 

     close()
   
Close httplib2 connections.

@@ -247,9 +149,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -334,9 +233,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -570,9 +466,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -935,9 +828,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.interconnectAttachments.html b/docs/dyn/compute_alpha.interconnectAttachments.html
index 4ba0b5a6051..b5734ba0b24 100644
--- a/docs/dyn/compute_alpha.interconnectAttachments.html
+++ b/docs/dyn/compute_alpha.interconnectAttachments.html
@@ -280,9 +280,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -583,9 +580,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -817,9 +811,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1107,9 +1098,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.interconnects.html b/docs/dyn/compute_alpha.interconnects.html
index b34058e39ef..e747534cdeb 100644
--- a/docs/dyn/compute_alpha.interconnects.html
+++ b/docs/dyn/compute_alpha.interconnects.html
@@ -154,9 +154,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -554,9 +551,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -800,9 +794,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1087,9 +1078,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.licenses.html b/docs/dyn/compute_alpha.licenses.html
index dce7922ee8f..8c59f984266 100644
--- a/docs/dyn/compute_alpha.licenses.html
+++ b/docs/dyn/compute_alpha.licenses.html
@@ -142,9 +142,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -365,9 +362,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.machineImages.html b/docs/dyn/compute_alpha.machineImages.html
index 465fbdf1d4a..bc01707228a 100644
--- a/docs/dyn/compute_alpha.machineImages.html
+++ b/docs/dyn/compute_alpha.machineImages.html
@@ -142,9 +142,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -194,277 +191,6 @@ 
Method Details

   "description": "A String", # An optional description of this resource. Provide this property when you create the resource.
   "guestFlush": True or False, # [Input Only] Whether to attempt an application consistent machine image by informing the OS to prepare for the snapshot process. Currently only supported on Windows instances using the Volume Shadow Copy Service (VSS).
   "id": "A String", # [Output Only] A unique identifier for this machine image. The server defines this identifier.
-  "instanceProperties": { # [Output Only] Properties of source instance
-    "advancedMachineFeatures": { # Specifies options for controlling advanced machine features. Options that would traditionally be configured in a BIOS belong here. Features that require operating system support may have corresponding entries in the GuestOsFeatures of an Image (e.g., whether or not the OS in the Image supports nested virtualization being enabled or disabled). # Controls for advanced machine-related behavior features. Note that for MachineImage, this is not supported yet.
-      "enableNestedVirtualization": True or False, # Whether to enable nested virtualization or not (default is false).
-      "enableUefiNetworking": True or False, # Whether to enable UEFI networking for instance creation.
-      "numaNodeCount": 42, # The number of vNUMA nodes.
-      "threadsPerCore": 42, # The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.
-      "visibleCoreCount": 42, # The number of physical cores to expose to an instance. Multiply by the number of threads per core to compute the total number of virtual CPUs to expose to the instance. If unset, the number of cores is inferred from the instance's nominal CPU count and the underlying platform's SMT width.
-    },
-    "canIpForward": True or False, # Enables instances created based on these properties to send packets with source IP addresses other than their own and receive packets with destination IP addresses other than their own. If these instances will be used as an IP gateway or it will be set as the next-hop in a Route resource, specify true. If unsure, leave this set to false. See the Enable IP forwarding documentation for more information.
-    "confidentialInstanceConfig": { # A set of Confidential Instance options. # Specifies the Confidential Instance options. Note that for MachineImage, this is not supported yet.
-      "enableConfidentialCompute": True or False, # Defines whether the instance should have confidential compute enabled.
-    },
-    "description": "A String", # An optional text description for the instances that are created from these properties.
-    "disks": [ # An array of disks that are associated with the instances that are created from these properties.
-      { # An instance-attached disk resource.
-        "autoDelete": True or False, # Specifies whether the disk will be auto-deleted when the instance is deleted (but not when the disk is detached from the instance).
-        "boot": True or False, # Indicates that this is a boot disk. The virtual machine will use the first partition of the disk for its root filesystem.
-        "deviceName": "A String", # Specifies a unique device name of your choice that is reflected into the /dev/disk/by-id/google-* tree of a Linux operating system running within the instance. This name can be used to reference the device for mounting, resizing, and so on, from within the instance. If not specified, the server chooses a default device name to apply to this disk, in the form persistent-disk-x, where x is a number assigned by Google Compute Engine. This field is only applicable for persistent disks.
-        "diskEncryptionKey": { # Encrypts or decrypts a disk using a customer-supplied encryption key. If you are creating a new disk, this field encrypts the new disk using an encryption key that you provide. If you are attaching an existing disk that is already encrypted, this field decrypts the disk using the customer-supplied encryption key. If you encrypt a disk using a customer-supplied key, you must provide the same key again when you attempt to use this resource at a later time. For example, you must provide the key when you create a snapshot or an image from the disk or when you attach the disk to a virtual machine instance. If you do not provide an encryption key, then the disk will be encrypted using an automatically generated key and you do not need to provide a key to use the disk later. Instance templates do not store customer-supplied encryption keys, so you cannot use your own keys to encrypt disks in a managed instance group.
-          "kmsKeyName": "A String", # The name of the encryption key that is stored in Google Cloud KMS. For example: "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/ key_region/cryptoKeys/key
-          "kmsKeyServiceAccount": "A String", # The service account being used for the encryption request for the given KMS key. If absent, the Compute Engine default service account is used. For example: "kmsKeyServiceAccount": "name@project_id.iam.gserviceaccount.com/
-          "rawKey": "A String", # Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource. You can provide either the rawKey or the rsaEncryptedKey. For example: "rawKey": "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0="
-          "rsaEncryptedKey": "A String", # Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit customer-supplied encryption key to either encrypt or decrypt this resource. You can provide either the rawKey or the rsaEncryptedKey. For example: "rsaEncryptedKey": "ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFH z0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFoD D6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oe==" The key must meet the following requirements before you can provide it to Compute Engine: 1. The key is wrapped using a RSA public key certificate provided by Google. 2. After being wrapped, the key must be encoded in RFC 4648 base64 encoding. Gets the RSA public key certificate provided by Google at: https://cloud-certs.storage.googleapis.com/google-cloud-csek-ingress.pem
-          "sha256": "A String", # [Output only] The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.
-        },
-        "diskSizeGb": "A String", # The size of the disk in GB.
-        "forceAttach": True or False, # [Input Only] Whether to force attach the regional disk even if it's currently attached to another instance. If you try to force attach a zonal disk to an instance, you will receive an error.
-        "guestOsFeatures": [ # A list of features to enable on the guest operating system. Applicable only for bootable images. Read Enabling guest operating system features to see a list of available options.
-          { # Guest OS features.
-            "type": "A String", # The ID of a supported feature. Read Enabling guest operating system features to see a list of available options.
-          },
-        ],
-        "index": 42, # [Output Only] A zero-based index to this disk, where 0 is reserved for the boot disk. If you have many disks attached to an instance, each disk would have a unique index number.
-        "initializeParams": { # [Input Only] Specifies the parameters for a new disk that will be created alongside the new instance. Use initialization parameters to create boot disks or local SSDs attached to the new instance. This property is mutually exclusive with the source property; you can only define one or the other, but not both. # [Input Only] Specifies the parameters for a new disk that will be created alongside the new instance. Use initialization parameters to create boot disks or local SSDs attached to the new instance. This property is mutually exclusive with the source property; you can only define one or the other, but not both.
-          "description": "A String", # An optional description. Provide this property when creating the disk.
-          "diskName": "A String", # Specifies the disk name. If not specified, the default is to use the name of the instance. If a disk with the same name already exists in the given region, the existing disk is attached to the new instance and the new disk is not created.
-          "diskSizeGb": "A String", # Specifies the size of the disk in base-2 GB. The size must be at least 10 GB. If you specify a sourceImage, which is required for boot disks, the default size is the size of the sourceImage. If you do not specify a sourceImage, the default disk size is 500 GB.
-          "diskType": "A String", # Specifies the disk type to use to create the instance. If not specified, the default is pd-standard, specified using the full URL. For example: https://www.googleapis.com/compute/v1/projects/project/zones/zone /diskTypes/pd-standard For a full list of acceptable values, see Persistent disk types. If you define this field, you can provide either the full or partial URL. For example, the following are valid values: - https://www.googleapis.com/compute/v1/projects/project/zones/zone /diskTypes/diskType - projects/project/zones/zone/diskTypes/diskType - zones/zone/diskTypes/diskType Note that for InstanceTemplate, this is the name of the disk type, not URL.
-          "guestOsFeatures": [ # A list of features to enable on the guest operating system. Applicable only for bootable images. Read Enabling guest operating system features to see a list of available options. Guest OS features are applied by merging initializeParams.guestOsFeatures and disks.guestOsFeatures
-            { # Guest OS features.
-              "type": "A String", # The ID of a supported feature. Read Enabling guest operating system features to see a list of available options.
-            },
-          ],
-          "interface": "A String", # [Deprecated] Specifies the disk interface to use for attaching this disk, which is either SCSI or NVME. The default is SCSI.
-          "labels": { # Labels to apply to this disk. These can be later modified by the disks.setLabels method. This field is only applicable for persistent disks.
-            "a_key": "A String",
-          },
-          "licenseCodes": [ # Integer license codes indicating which licenses are attached to this disk.
-            "A String",
-          ],
-          "licenses": [ # A list of publicly visible licenses. Reserved for Google's use.
-            "A String",
-          ],
-          "multiWriter": True or False, # Indicates whether or not the disk can be read/write attached to more than one instance.
-          "onUpdateAction": "A String", # Specifies which action to take on instance update with this disk. Default is to use the existing disk.
-          "provisionedIops": "A String", # Indicates how many IOPS to provision for the disk. This sets the number of I/O operations per second that the disk can handle. Values must be between 10,000 and 120,000. For more details, see the Extreme persistent disk documentation.
-          "replicaZones": [ # URLs of the zones where the disk should be replicated to. Only applicable for regional resources.
-            "A String",
-          ],
-          "resourcePolicies": [ # Resource policies applied to this disk for automatic snapshot creations. Specified using the full or partial URL. For instance template, specify only the resource policy name.
-            "A String",
-          ],
-          "sourceImage": "A String", # The source image to create this disk. When creating a new instance, one of initializeParams.sourceImage or initializeParams.sourceSnapshot or disks.source is required except for local SSD. To create a disk with one of the public operating system images, specify the image by its family name. For example, specify family/debian-9 to use the latest Debian 9 image: projects/debian-cloud/global/images/family/debian-9 Alternatively, use a specific version of a public operating system image: projects/debian-cloud/global/images/debian-9-stretch-vYYYYMMDD To create a disk with a custom image that you created, specify the image name in the following format: global/images/my-custom-image You can also specify a custom image by its image family, which returns the latest version of the image in that family. Replace the image name with family/family-name: global/images/family/my-image-family If the source image is deleted later, this field will not be set.
-          "sourceImageEncryptionKey": { # The customer-supplied encryption key of the source image. Required if the source image is protected by a customer-supplied encryption key. Instance templates do not store customer-supplied encryption keys, so you cannot create disks for instances in a managed instance group if the source images are encrypted with your own keys.
-            "kmsKeyName": "A String", # The name of the encryption key that is stored in Google Cloud KMS. For example: "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/ key_region/cryptoKeys/key
-            "kmsKeyServiceAccount": "A String", # The service account being used for the encryption request for the given KMS key. If absent, the Compute Engine default service account is used. For example: "kmsKeyServiceAccount": "name@project_id.iam.gserviceaccount.com/
-            "rawKey": "A String", # Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource. You can provide either the rawKey or the rsaEncryptedKey. For example: "rawKey": "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0="
-            "rsaEncryptedKey": "A String", # Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit customer-supplied encryption key to either encrypt or decrypt this resource. You can provide either the rawKey or the rsaEncryptedKey. For example: "rsaEncryptedKey": "ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFH z0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFoD D6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oe==" The key must meet the following requirements before you can provide it to Compute Engine: 1. The key is wrapped using a RSA public key certificate provided by Google. 2. After being wrapped, the key must be encoded in RFC 4648 base64 encoding. Gets the RSA public key certificate provided by Google at: https://cloud-certs.storage.googleapis.com/google-cloud-csek-ingress.pem
-            "sha256": "A String", # [Output only] The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.
-          },
-          "sourceSnapshot": "A String", # The source snapshot to create this disk. When creating a new instance, one of initializeParams.sourceSnapshot or initializeParams.sourceImage or disks.source is required except for local SSD. To create a disk with a snapshot that you created, specify the snapshot name in the following format: global/snapshots/my-backup If the source snapshot is deleted later, this field will not be set.
-          "sourceSnapshotEncryptionKey": { # The customer-supplied encryption key of the source snapshot.
-            "kmsKeyName": "A String", # The name of the encryption key that is stored in Google Cloud KMS. For example: "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/ key_region/cryptoKeys/key
-            "kmsKeyServiceAccount": "A String", # The service account being used for the encryption request for the given KMS key. If absent, the Compute Engine default service account is used. For example: "kmsKeyServiceAccount": "name@project_id.iam.gserviceaccount.com/
-            "rawKey": "A String", # Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource. You can provide either the rawKey or the rsaEncryptedKey. For example: "rawKey": "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0="
-            "rsaEncryptedKey": "A String", # Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit customer-supplied encryption key to either encrypt or decrypt this resource. You can provide either the rawKey or the rsaEncryptedKey. For example: "rsaEncryptedKey": "ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFH z0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFoD D6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oe==" The key must meet the following requirements before you can provide it to Compute Engine: 1. The key is wrapped using a RSA public key certificate provided by Google. 2. After being wrapped, the key must be encoded in RFC 4648 base64 encoding. Gets the RSA public key certificate provided by Google at: https://cloud-certs.storage.googleapis.com/google-cloud-csek-ingress.pem
-            "sha256": "A String", # [Output only] The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.
-          },
-        },
-        "interface": "A String", # Specifies the disk interface to use for attaching this disk, which is either SCSI or NVME. The default is SCSI. Persistent disks must always use SCSI and the request will fail if you attempt to attach a persistent disk in any other format than SCSI. Local SSDs can use either NVME or SCSI. For performance characteristics of SCSI over NVMe, see Local SSD performance.
-        "kind": "compute#attachedDisk", # [Output Only] Type of the resource. Always compute#attachedDisk for attached disks.
-        "licenses": [ # [Output Only] Any valid publicly visible licenses.
-          "A String",
-        ],
-        "locked": True or False, # [Output Only] Whether to indicate the attached disk is locked. The locked disk is not allowed to be detached from the instance, or to be used as the source of the snapshot creation, and the image creation. The instance with at least one locked attached disk is not allow to be used as source of machine image creation, instant snapshot creation, and not allowed to be deleted with --keep-disk parameter set to true for locked disks.
-        "mode": "A String", # The mode in which to attach this disk, either READ_WRITE or READ_ONLY. If not specified, the default is to attach the disk in READ_WRITE mode.
-        "savedState": "A String", # For LocalSSD disks on VM Instances in STOPPED or SUSPENDED state, this field is set to PRESERVED if the LocalSSD data has been saved to a persistent location by customer request. (see the discard_local_ssd option on Stop/Suspend). Read-only in the api.
-        "shieldedInstanceInitialState": { # Initial State for shielded instance, these are public keys which are safe to store in public # [Output Only] shielded vm initial state stored on disk
-          "dbs": [ # The Key Database (db).
-            {
-              "content": "A String", # The raw content in the secure keys file.
-              "fileType": "A String", # The file type of source file.
-            },
-          ],
-          "dbxs": [ # The forbidden key database (dbx).
-            {
-              "content": "A String", # The raw content in the secure keys file.
-              "fileType": "A String", # The file type of source file.
-            },
-          ],
-          "keks": [ # The Key Exchange Key (KEK).
-            {
-              "content": "A String", # The raw content in the secure keys file.
-              "fileType": "A String", # The file type of source file.
-            },
-          ],
-          "pk": { # The Platform Key (PK).
-            "content": "A String", # The raw content in the secure keys file.
-            "fileType": "A String", # The file type of source file.
-          },
-        },
-        "source": "A String", # Specifies a valid partial or full URL to an existing Persistent Disk resource. When creating a new instance, one of initializeParams.sourceImage or initializeParams.sourceSnapshot or disks.source is required except for local SSD. If desired, you can also attach existing non-root persistent disks using this property. This field is only applicable for persistent disks. Note that for InstanceTemplate, specify the disk name, not the URL for the disk.
-        "type": "A String", # Specifies the type of the disk, either SCRATCH or PERSISTENT. If not specified, the default is PERSISTENT.
-        "userLicenses": [ # [Output Only] A list of user provided licenses. It represents a list of URLs to the license resource. Unlike regular licenses, user provided licenses can be modified after the disk is created.
-          "A String",
-        ],
-      },
-    ],
-    "displayDevice": { # A set of Display Device options # Display Device properties to enable support for remote display products like: Teradici, VNC and TeamViewer Note that for MachineImage, this is not supported yet.
-      "enableDisplay": True or False, # Defines whether the instance has Display enabled.
-    },
-    "guestAccelerators": [ # A list of guest accelerator cards' type and count to use for instances created from these properties.
-      { # A specification of the type and number of accelerator cards attached to the instance.
-        "acceleratorCount": 42, # The number of the guest accelerator cards exposed to this instance.
-        "acceleratorType": "A String", # Full or partial URL of the accelerator type resource to attach to this instance. For example: projects/my-project/zones/us-central1-c/acceleratorTypes/nvidia-tesla-p100 If you are creating an instance template, specify only the accelerator name. See GPUs on Compute Engine for a full list of accelerator types.
-      },
-    ],
-    "labels": { # Labels to apply to instances that are created from these properties.
-      "a_key": "A String",
-    },
-    "machineType": "A String", # The machine type to use for instances that are created from these properties.
-    "metadata": { # A metadata key/value entry. # The metadata key/value pairs to assign to instances that are created from these properties. These pairs can consist of custom metadata or predefined keys. See Project and instance metadata for more information.
-      "fingerprint": "A String", # Specifies a fingerprint for this request, which is essentially a hash of the metadata's contents and used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update metadata. You must always provide an up-to-date fingerprint hash in order to update or change metadata, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve the resource.
-      "items": [ # Array of key/value pairs. The total size of all keys and values must be less than 512 KB.
-        { # Metadata
-          "key": "A String", # Key for the metadata entry. Keys must conform to the following regexp: [a-zA-Z0-9-_]+, and be less than 128 bytes in length. This is reflected as part of a URL in the metadata server. Additionally, to avoid ambiguity, keys must not conflict with any other metadata keys for the project.
-          "value": "A String", # Value for the metadata entry. These are free-form strings, and only have meaning as interpreted by the image running in the instance. The only restriction placed on values is that their size must be less than or equal to 262144 bytes (256 KiB).
-        },
-      ],
-      "kind": "compute#metadata", # [Output Only] Type of the resource. Always compute#metadata for metadata.
-    },
-    "minCpuPlatform": "A String", # Minimum cpu/platform to be used by instances. The instance may be scheduled on the specified or newer cpu/platform. Applicable values are the friendly names of CPU platforms, such as minCpuPlatform: "Intel Haswell" or minCpuPlatform: "Intel Sandy Bridge". For more information, read Specifying a Minimum CPU Platform.
-    "networkInterfaces": [ # An array of network access configurations for this interface.
-      { # A network interface resource attached to an instance.
-        "accessConfigs": [ # An array of configurations for this interface. Currently, only one access config, ONE_TO_ONE_NAT, is supported. If there are no accessConfigs specified, then this instance will have no external internet access.
-          { # An access configuration attached to an instance's network interface. Only one access config per instance is supported.
-            "externalIpv6": "A String", # [Output Only] The first IPv6 address of the external IPv6 range associated with this instance, prefix length is stored in externalIpv6PrefixLength in ipv6AccessConfig. The field is output only, an IPv6 address from a subnetwork associated with the instance will be allocated dynamically.
-            "externalIpv6PrefixLength": 42, # [Output Only] The prefix length of the external IPv6 range.
-            "kind": "compute#accessConfig", # [Output Only] Type of the resource. Always compute#accessConfig for access configs.
-            "name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access.
-            "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
-            "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
-            "publicDnsName": "A String", # [Output Only] The public DNS domain name for the instance.
-            "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
-            "setPublicDns": True or False, # Specifies whether a public DNS 'A' record should be created for the external IP address of this access configuration.
-            "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
-            "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
-          },
-        ],
-        "aliasIpRanges": [ # An array of alias IP ranges for this network interface. You can only specify this field for network interfaces in VPC networks.
-          { # An alias IP range attached to an instance's network interface.
-            "ipCidrRange": "A String", # The IP alias ranges to allocate for this interface. This IP CIDR range must belong to the specified subnetwork and cannot contain IP addresses reserved by system or used by other network interfaces. This range may be a single IP address (such as 10.2.3.4), a netmask (such as /24) or a CIDR-formatted string (such as 10.1.2.0/24).
-            "subnetworkRangeName": "A String", # The name of a subnetwork secondary IP range from which to allocate an IP alias range. If not specified, the primary range of the subnetwork is used.
-          },
-        ],
-        "fingerprint": "A String", # Fingerprint hash of contents stored in this network interface. This field will be ignored when inserting an Instance or adding a NetworkInterface. An up-to-date fingerprint must be provided in order to update the NetworkInterface. The request will fail with error 400 Bad Request if the fingerprint is not provided, or 412 Precondition Failed if the fingerprint is out of date.
-        "internalIpv6PrefixLength": 42, # [Output Only] The prefix length of the primary internal IPv6 range.
-        "ipv6AccessConfigs": [ # An array of IPv6 access configurations for this interface. Currently, only one IPv6 access config, DIRECT_IPV6, is supported. If there is no ipv6AccessConfig specified, then this instance will have no external IPv6 Internet access.
-          { # An access configuration attached to an instance's network interface. Only one access config per instance is supported.
-            "externalIpv6": "A String", # [Output Only] The first IPv6 address of the external IPv6 range associated with this instance, prefix length is stored in externalIpv6PrefixLength in ipv6AccessConfig. The field is output only, an IPv6 address from a subnetwork associated with the instance will be allocated dynamically.
-            "externalIpv6PrefixLength": 42, # [Output Only] The prefix length of the external IPv6 range.
-            "kind": "compute#accessConfig", # [Output Only] Type of the resource. Always compute#accessConfig for access configs.
-            "name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access.
-            "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
-            "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
-            "publicDnsName": "A String", # [Output Only] The public DNS domain name for the instance.
-            "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
-            "setPublicDns": True or False, # Specifies whether a public DNS 'A' record should be created for the external IP address of this access configuration.
-            "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
-            "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
-          },
-        ],
-        "ipv6AccessType": "A String", # [Output Only] One of EXTERNAL, INTERNAL to indicate whether the IP can be accessed from the Internet. This field is always inherited from its subnetwork. Valid only if stackType is IPV4_IPV6.
-        "ipv6Address": "A String", # [Output Only] An IPv6 internal network address for this network interface.
-        "kind": "compute#networkInterface", # [Output Only] Type of the resource. Always compute#networkInterface for network interfaces.
-        "name": "A String", # [Output Only] The name of the network interface, which is generated by the server. For network devices, these are eth0, eth1, etc.
-        "network": "A String", # URL of the network resource for this instance. When creating an instance, if neither the network nor the subnetwork is specified, the default network global/networks/default is used; if the network is not specified but the subnetwork is specified, the network is inferred. If you specify this property, you can specify the network as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/project/global/networks/ network - projects/project/global/networks/network - global/networks/default
-        "networkIP": "A String", # An IPv4 internal IP address to assign to the instance for this network interface. If not specified by the user, an unused internal IP is assigned by the system.
-        "nicType": "A String", # The type of vNIC to be used on this interface. This may be gVNIC or VirtioNet.
-        "queueCount": 42, # The networking queue count that's specified by users for the network interface. Both Rx and Tx queues will be set to this number. It'll be empty if not specified by the users.
-        "stackType": "A String", # The stack type for this network interface to identify whether the IPv6 feature is enabled or not. If not specified, IPV4_ONLY will be used. This field can be both set at instance creation and update network interface operations.
-        "subinterfaces": [ # SubInterfaces help enable L2 communication for the instance over subnetworks that support L2. Every network interface will get a default untagged (vlan not specified) subinterface. Users can specify additional tagged subinterfaces which are sub-fields to the Network Interface.
-          {
-            "ipAddress": "A String", # An IPv4 internal IP address to assign to the instance for this subinterface. If specified, ip_allocation_mode should be set to ALLOCATE_IP.
-            "ipAllocationMode": "A String",
-            "subnetwork": "A String", # If specified, this subnetwork must belong to the same network as that of the network interface. If not specified the subnet of network interface will be used. If you specify this property, you can specify the subnetwork as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/project/regions/region /subnetworks/subnetwork - regions/region/subnetworks/subnetwork
-            "vlan": 42, # VLAN tag. Should match the VLAN(s) supported by the subnetwork to which this subinterface is connecting.
-          },
-        ],
-        "subnetwork": "A String", # The URL of the Subnetwork resource for this instance. If the network resource is in legacy mode, do not specify this field. If the network is in auto subnet mode, specifying the subnetwork is optional. If the network is in custom subnet mode, specifying the subnetwork is required. If you specify this field, you can specify the subnetwork as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/project/regions/region /subnetworks/subnetwork - regions/region/subnetworks/subnetwork
-      },
-    ],
-    "networkPerformanceConfig": { # Note that for MachineImage, this is not supported yet.
-      "externalIpEgressBandwidthTier": "A String",
-      "totalEgressBandwidthTier": "A String",
-    },
-    "postKeyRevocationActionType": "A String", # PostKeyRevocationActionType of the instance.
-    "privateIpv6GoogleAccess": "A String", # The private IPv6 google access type for VMs. If not specified, use INHERIT_FROM_SUBNETWORK as default. Note that for MachineImage, this is not supported yet.
-    "reservationAffinity": { # Specifies the reservations that this instance can consume from. # Specifies the reservations that instances can consume from. Note that for MachineImage, this is not supported yet.
-      "consumeReservationType": "A String", # Specifies the type of reservation from which this instance can consume resources: ANY_RESERVATION (default), SPECIFIC_RESERVATION, or NO_RESERVATION. See Consuming reserved instances for examples.
-      "key": "A String", # Corresponds to the label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify googleapis.com/reservation-name as the key and specify the name of your reservation as its value.
-      "values": [ # Corresponds to the label values of a reservation resource. This can be either a name to a reservation in the same project or "projects/different-project/reservations/some-reservation-name" to target a shared reservation in the same zone but in a different project.
-        "A String",
-      ],
-    },
-    "resourcePolicies": [ # Resource policies (names, not ULRs) applied to instances created from these properties. Note that for MachineImage, this is not supported yet.
-      "A String",
-    ],
-    "scheduling": { # Sets the scheduling options for an Instance. NextID: 21 # Specifies the scheduling options for the instances that are created from these properties.
-      "automaticRestart": True or False, # Specifies whether the instance should be automatically restarted if it is terminated by Compute Engine (not terminated by a user). You can only set the automatic restart option for standard instances. Preemptible instances cannot be automatically restarted. By default, this is set to true so an instance is automatically restarted if it is terminated by Compute Engine.
-      "availabilityDomain": 42, # Specifies the availability domain (AD), which this instance should be scheduled on. The AD belongs to the spread GroupPlacementPolicy resource policy that has been assigned to the instance. Specify a value between 1-max count of availability domains in your GroupPlacementPolicy. See go/placement-policy-extension for more details.
-      "currentCpus": 42, # Current number of vCPUs available for VM. 0 or unset means default vCPUs of the current machine type.
-      "currentMemoryMb": "A String", # Current amount of memory (in MB) available for VM. 0 or unset means default amount of memory of the current machine type.
-      "hostErrorTimeoutSeconds": 42, # Specify the time in seconds for host error detection, the value must be within the range of [90, 330] with the increment of 30, if unset, the default behavior of host error recovery will be used.
-      "instanceTerminationAction": "A String", # Specifies the termination action for the instance.
-      "latencyTolerant": True or False, # Defines whether the instance is tolerant of higher cpu latency. This can only be set during instance creation, or when the instance is not currently running. It must not be set if the preemptible option is also set.
-      "locationHint": "A String", # An opaque location hint used to place the instance close to other resources. This field is for use by internal tools that use the public API.
-      "maintenanceFreezeDurationHours": 42, # Specifies the number of hours after VM instance creation where the VM won't be scheduled for maintenance.
-      "maintenanceInterval": "A String", # For more information about maintenance intervals, see Setting maintenance intervals.
-      "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node.
-      "nodeAffinities": [ # A set of node affinity and anti-affinity configurations. Refer to Configuring node affinity for more information. Overrides reservationAffinity.
-        { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled.
-          "key": "A String", # Corresponds to the label key of Node resource.
-          "operator": "A String", # Defines the operation of node selection. Valid operators are IN for affinity and NOT_IN for anti-affinity.
-          "values": [ # Corresponds to the label values of Node resource.
-            "A String",
-          ],
-        },
-      ],
-      "onHostMaintenance": "A String", # Defines the maintenance behavior for this instance. For standard instances, the default behavior is MIGRATE. For preemptible instances, the default and only possible behavior is TERMINATE. For more information, see Setting Instance Scheduling Options.
-      "preemptible": True or False, # Defines whether the instance is preemptible. This can only be set during instance creation or while the instance is stopped and therefore, in a `TERMINATED` state. See Instance Life Cycle for more information on the possible instance states.
-      "provisioningModel": "A String", # Specifies the provisioning model of the instance.
-    },
-    "secureTags": [ # [Input Only] Secure tags to apply to this instance. Maximum number of secure tags allowed is 50. Note that for MachineImage, this is not supported yet.
-      "A String",
-    ],
-    "serviceAccounts": [ # A list of service accounts with specified scopes. Access tokens for these service accounts are available to the instances that are created from these properties. Use metadata queries to obtain the access tokens for these instances.
-      { # A service account.
-        "email": "A String", # Email address of the service account.
-        "scopes": [ # The list of scopes to be made available for this service account.
-          "A String",
-        ],
-      },
-    ],
-    "shieldedInstanceConfig": { # A set of Shielded Instance options. # Note that for MachineImage, this is not supported yet.
-      "enableIntegrityMonitoring": True or False, # Defines whether the instance has integrity monitoring enabled. Enabled by default.
-      "enableSecureBoot": True or False, # Defines whether the instance has Secure Boot enabled. Disabled by default.
-      "enableVtpm": True or False, # Defines whether the instance has the vTPM enabled. Enabled by default.
-    },
-    "shieldedVmConfig": { # A set of Shielded VM options. # Specifies the Shielded VM options for the instances that are created from these properties.
-      "enableIntegrityMonitoring": True or False, # Defines whether the instance has integrity monitoring enabled.
-      "enableSecureBoot": True or False, # Defines whether the instance has Secure Boot enabled.
-      "enableVtpm": True or False, # Defines whether the instance has the vTPM enabled.
-    },
-    "tags": { # A set of instance tags. # A list of tags to apply to the instances that are created from these properties. The tags identify valid sources or targets for network firewalls. The setTags method can modify this list of tags. Each tag within the list must comply with RFC1035.
-      "fingerprint": "A String", # Specifies a fingerprint for this request, which is essentially a hash of the tags' contents and used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update tags. You must always provide an up-to-date fingerprint hash in order to update or change tags. To see the latest fingerprint, make get() request to the instance.
-      "items": [ # An array of tags. Each tag must be 1-63 characters long, and comply with RFC1035.
-        "A String",
-      ],
-    },
-  },
   "kind": "compute#machineImage", # [Output Only] The resource type, which is always compute#machineImage for machine image.
   "machineImageEncryptionKey": { # Encrypts the machine image using a customer-supplied encryption key. After you encrypt a machine image using a customer-supplied key, you must provide the same key if you use the machine image later. For example, you must provide the encryption key when you create an instance from the encrypted machine image in a future request. Customer-supplied encryption keys do not protect access to metadata of the machine image. If you do not provide an encryption key when creating the machine image, then the machine image will be encrypted using an automatically generated key and you do not need to provide a key to use the machine image later.
     "kmsKeyName": "A String", # The name of the encryption key that is stored in Google Cloud KMS. For example: "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/ key_region/cryptoKeys/key
@@ -475,14 +201,6 @@ 
Method Details

   },
   "name": "A String", # Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
   "satisfiesPzs": True or False, # [Output Only] Reserved for future use.
-  "savedDisks": [ # An array of Machine Image specific properties for disks attached to the source instance
-    { # An instance-attached disk resource.
-      "kind": "compute#savedDisk", # [Output Only] Type of the resource. Always compute#savedDisk for attached disks.
-      "sourceDisk": "A String", # Specifies a URL of the disk attached to the source instance.
-      "storageBytes": "A String", # [Output Only] Size of the individual disk snapshot used by this machine image.
-      "storageBytesStatus": "A String", # [Output Only] An indicator whether storageBytes is in a stable state or it is being adjusted as a result of shared storage reallocation. This status can either be UPDATING, meaning the size of the snapshot is being updated, or UP_TO_DATE, meaning the size of the snapshot is up-to-date.
-    },
-  ],
   "selfLink": "A String", # [Output Only] The URL for this machine image. The server defines this URL.
   "selfLinkWithId": "A String", # [Output Only] Server-defined URL for this resource with the resource id.
   "sourceDiskEncryptionKeys": [ # [Input Only] The customer-supplied encryption key of the disks attached to the source instance. Required if the source disk is protected by a customer-supplied encryption key.
@@ -566,9 +284,9 @@ 
Method Details

             "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
             "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
             "publicDnsName": "A String", # [Output Only] The public DNS domain name for the instance.
-            "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
+            "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
             "setPublicDns": True or False, # Specifies whether a public DNS 'A' record should be created for the external IP address of this access configuration.
-            "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+            "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
             "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
           },
         ],
@@ -589,9 +307,9 @@ 
Method Details

             "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
             "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
             "publicDnsName": "A String", # [Output Only] The public DNS domain name for the instance.
-            "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
+            "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
             "setPublicDns": True or False, # Specifies whether a public DNS 'A' record should be created for the external IP address of this access configuration.
-            "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+            "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
             "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
           },
         ],
@@ -615,7 +333,7 @@ 
Method Details

         "subnetwork": "A String", # The URL of the Subnetwork resource for this instance. If the network resource is in legacy mode, do not specify this field. If the network is in auto subnet mode, specifying the subnetwork is optional. If the network is in custom subnet mode, specifying the subnetwork is required. If you specify this field, you can specify the subnetwork as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/project/regions/region /subnetworks/subnetwork - regions/region/subnetworks/subnetwork
       },
     ],
-    "postKeyRevocationActionType": "A String", # PostKeyRevocationActionType of the instance.
+    "postKeyRevocationActionType": "A String", # PostKeyRevocationActionType of the instance. (will be deprecated soon)
     "scheduling": { # Sets the scheduling options for an Instance. NextID: 21 # Specifies the scheduling options for the instances that are created from this machine image.
       "automaticRestart": True or False, # Specifies whether the instance should be automatically restarted if it is terminated by Compute Engine (not terminated by a user). You can only set the automatic restart option for standard instances. Preemptible instances cannot be automatically restarted. By default, this is set to true so an instance is automatically restarted if it is terminated by Compute Engine.
       "availabilityDomain": 42, # Specifies the availability domain (AD), which this instance should be scheduled on. The AD belongs to the spread GroupPlacementPolicy resource policy that has been assigned to the instance. Specify a value between 1-max count of availability domains in your GroupPlacementPolicy. See go/placement-policy-extension for more details.
@@ -782,353 +500,74 @@ 
Method Details

   "description": "A String", # An optional description of this resource. Provide this property when you create the resource.
   "guestFlush": True or False, # [Input Only] Whether to attempt an application consistent machine image by informing the OS to prepare for the snapshot process. Currently only supported on Windows instances using the Volume Shadow Copy Service (VSS).
   "id": "A String", # [Output Only] A unique identifier for this machine image. The server defines this identifier.
-  "instanceProperties": { # [Output Only] Properties of source instance
-    "advancedMachineFeatures": { # Specifies options for controlling advanced machine features. Options that would traditionally be configured in a BIOS belong here. Features that require operating system support may have corresponding entries in the GuestOsFeatures of an Image (e.g., whether or not the OS in the Image supports nested virtualization being enabled or disabled). # Controls for advanced machine-related behavior features. Note that for MachineImage, this is not supported yet.
-      "enableNestedVirtualization": True or False, # Whether to enable nested virtualization or not (default is false).
-      "enableUefiNetworking": True or False, # Whether to enable UEFI networking for instance creation.
-      "numaNodeCount": 42, # The number of vNUMA nodes.
-      "threadsPerCore": 42, # The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.
-      "visibleCoreCount": 42, # The number of physical cores to expose to an instance. Multiply by the number of threads per core to compute the total number of virtual CPUs to expose to the instance. If unset, the number of cores is inferred from the instance's nominal CPU count and the underlying platform's SMT width.
-    },
-    "canIpForward": True or False, # Enables instances created based on these properties to send packets with source IP addresses other than their own and receive packets with destination IP addresses other than their own. If these instances will be used as an IP gateway or it will be set as the next-hop in a Route resource, specify true. If unsure, leave this set to false. See the Enable IP forwarding documentation for more information.
-    "confidentialInstanceConfig": { # A set of Confidential Instance options. # Specifies the Confidential Instance options. Note that for MachineImage, this is not supported yet.
-      "enableConfidentialCompute": True or False, # Defines whether the instance should have confidential compute enabled.
+  "kind": "compute#machineImage", # [Output Only] The resource type, which is always compute#machineImage for machine image.
+  "machineImageEncryptionKey": { # Encrypts the machine image using a customer-supplied encryption key. After you encrypt a machine image using a customer-supplied key, you must provide the same key if you use the machine image later. For example, you must provide the encryption key when you create an instance from the encrypted machine image in a future request. Customer-supplied encryption keys do not protect access to metadata of the machine image. If you do not provide an encryption key when creating the machine image, then the machine image will be encrypted using an automatically generated key and you do not need to provide a key to use the machine image later.
+    "kmsKeyName": "A String", # The name of the encryption key that is stored in Google Cloud KMS. For example: "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/ key_region/cryptoKeys/key
+    "kmsKeyServiceAccount": "A String", # The service account being used for the encryption request for the given KMS key. If absent, the Compute Engine default service account is used. For example: "kmsKeyServiceAccount": "name@project_id.iam.gserviceaccount.com/
+    "rawKey": "A String", # Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource. You can provide either the rawKey or the rsaEncryptedKey. For example: "rawKey": "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0="
+    "rsaEncryptedKey": "A String", # Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit customer-supplied encryption key to either encrypt or decrypt this resource. You can provide either the rawKey or the rsaEncryptedKey. For example: "rsaEncryptedKey": "ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFH z0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFoD D6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oe==" The key must meet the following requirements before you can provide it to Compute Engine: 1. The key is wrapped using a RSA public key certificate provided by Google. 2. After being wrapped, the key must be encoded in RFC 4648 base64 encoding. Gets the RSA public key certificate provided by Google at: https://cloud-certs.storage.googleapis.com/google-cloud-csek-ingress.pem
+    "sha256": "A String", # [Output only] The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.
+  },
+  "name": "A String", # Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
+  "satisfiesPzs": True or False, # [Output Only] Reserved for future use.
+  "selfLink": "A String", # [Output Only] The URL for this machine image. The server defines this URL.
+  "selfLinkWithId": "A String", # [Output Only] Server-defined URL for this resource with the resource id.
+  "sourceDiskEncryptionKeys": [ # [Input Only] The customer-supplied encryption key of the disks attached to the source instance. Required if the source disk is protected by a customer-supplied encryption key.
+    {
+      "diskEncryptionKey": { # The customer-supplied encryption key of the source disk. Required if the source disk is protected by a customer-supplied encryption key.
+        "kmsKeyName": "A String", # The name of the encryption key that is stored in Google Cloud KMS. For example: "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/ key_region/cryptoKeys/key
+        "kmsKeyServiceAccount": "A String", # The service account being used for the encryption request for the given KMS key. If absent, the Compute Engine default service account is used. For example: "kmsKeyServiceAccount": "name@project_id.iam.gserviceaccount.com/
+        "rawKey": "A String", # Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource. You can provide either the rawKey or the rsaEncryptedKey. For example: "rawKey": "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0="
+        "rsaEncryptedKey": "A String", # Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit customer-supplied encryption key to either encrypt or decrypt this resource. You can provide either the rawKey or the rsaEncryptedKey. For example: "rsaEncryptedKey": "ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFH z0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFoD D6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oe==" The key must meet the following requirements before you can provide it to Compute Engine: 1. The key is wrapped using a RSA public key certificate provided by Google. 2. After being wrapped, the key must be encoded in RFC 4648 base64 encoding. Gets the RSA public key certificate provided by Google at: https://cloud-certs.storage.googleapis.com/google-cloud-csek-ingress.pem
+        "sha256": "A String", # [Output only] The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.
+      },
+      "sourceDisk": "A String", # URL of the disk attached to the source instance. This can be a full or valid partial URL. For example, the following are valid values: - https://www.googleapis.com/compute/v1/projects/project/zones/zone /disks/disk - projects/project/zones/zone/disks/disk - zones/zone/disks/disk
     },
-    "description": "A String", # An optional text description for the instances that are created from these properties.
-    "disks": [ # An array of disks that are associated with the instances that are created from these properties.
+  ],
+  "sourceInstance": "A String", # The source instance used to create the machine image. You can provide this as a partial or full URL to the resource. For example, the following are valid values: - https://www.googleapis.com/compute/v1/projects/project/zones/zone /instances/instance - projects/project/zones/zone/instances/instance
+  "sourceInstanceProperties": { # [Output Only] Properties of source instance.
+    "canIpForward": True or False, # Enables instances created based on this machine image to send packets with source IP addresses other than their own and receive packets with destination IP addresses other than their own. If these instances will be used as an IP gateway or it will be set as the next-hop in a Route resource, specify true. If unsure, leave this set to false. See the Enable IP forwarding documentation for more information.
+    "deletionProtection": True or False, # Whether the instance created from this machine image should be protected against deletion.
+    "description": "A String", # An optional text description for the instances that are created from this machine image.
+    "disks": [ # An array of disks that are associated with the instances that are created from this machine image.
       { # An instance-attached disk resource.
         "autoDelete": True or False, # Specifies whether the disk will be auto-deleted when the instance is deleted (but not when the disk is detached from the instance).
         "boot": True or False, # Indicates that this is a boot disk. The virtual machine will use the first partition of the disk for its root filesystem.
-        "deviceName": "A String", # Specifies a unique device name of your choice that is reflected into the /dev/disk/by-id/google-* tree of a Linux operating system running within the instance. This name can be used to reference the device for mounting, resizing, and so on, from within the instance. If not specified, the server chooses a default device name to apply to this disk, in the form persistent-disk-x, where x is a number assigned by Google Compute Engine. This field is only applicable for persistent disks.
-        "diskEncryptionKey": { # Encrypts or decrypts a disk using a customer-supplied encryption key. If you are creating a new disk, this field encrypts the new disk using an encryption key that you provide. If you are attaching an existing disk that is already encrypted, this field decrypts the disk using the customer-supplied encryption key. If you encrypt a disk using a customer-supplied key, you must provide the same key again when you attempt to use this resource at a later time. For example, you must provide the key when you create a snapshot or an image from the disk or when you attach the disk to a virtual machine instance. If you do not provide an encryption key, then the disk will be encrypted using an automatically generated key and you do not need to provide a key to use the disk later. Instance templates do not store customer-supplied encryption keys, so you cannot use your own keys to encrypt disks in a managed instance group.
+        "deviceName": "A String", # Specifies the name of the disk attached to the source instance.
+        "diskEncryptionKey": { # The encryption key for the disk.
           "kmsKeyName": "A String", # The name of the encryption key that is stored in Google Cloud KMS. For example: "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/ key_region/cryptoKeys/key
           "kmsKeyServiceAccount": "A String", # The service account being used for the encryption request for the given KMS key. If absent, the Compute Engine default service account is used. For example: "kmsKeyServiceAccount": "name@project_id.iam.gserviceaccount.com/
           "rawKey": "A String", # Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource. You can provide either the rawKey or the rsaEncryptedKey. For example: "rawKey": "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0="
           "rsaEncryptedKey": "A String", # Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit customer-supplied encryption key to either encrypt or decrypt this resource. You can provide either the rawKey or the rsaEncryptedKey. For example: "rsaEncryptedKey": "ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFH z0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFoD D6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oe==" The key must meet the following requirements before you can provide it to Compute Engine: 1. The key is wrapped using a RSA public key certificate provided by Google. 2. After being wrapped, the key must be encoded in RFC 4648 base64 encoding. Gets the RSA public key certificate provided by Google at: https://cloud-certs.storage.googleapis.com/google-cloud-csek-ingress.pem
           "sha256": "A String", # [Output only] The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.
         },
-        "diskSizeGb": "A String", # The size of the disk in GB.
-        "forceAttach": True or False, # [Input Only] Whether to force attach the regional disk even if it's currently attached to another instance. If you try to force attach a zonal disk to an instance, you will receive an error.
+        "diskSizeGb": "A String", # The size of the disk in base-2 GB.
+        "diskType": "A String", # [Output Only] URL of the disk type resource. For example: projects/project /zones/zone/diskTypes/pd-standard or pd-ssd
         "guestOsFeatures": [ # A list of features to enable on the guest operating system. Applicable only for bootable images. Read Enabling guest operating system features to see a list of available options.
           { # Guest OS features.
             "type": "A String", # The ID of a supported feature. Read Enabling guest operating system features to see a list of available options.
           },
         ],
-        "index": 42, # [Output Only] A zero-based index to this disk, where 0 is reserved for the boot disk. If you have many disks attached to an instance, each disk would have a unique index number.
-        "initializeParams": { # [Input Only] Specifies the parameters for a new disk that will be created alongside the new instance. Use initialization parameters to create boot disks or local SSDs attached to the new instance. This property is mutually exclusive with the source property; you can only define one or the other, but not both. # [Input Only] Specifies the parameters for a new disk that will be created alongside the new instance. Use initialization parameters to create boot disks or local SSDs attached to the new instance. This property is mutually exclusive with the source property; you can only define one or the other, but not both.
-          "description": "A String", # An optional description. Provide this property when creating the disk.
-          "diskName": "A String", # Specifies the disk name. If not specified, the default is to use the name of the instance. If a disk with the same name already exists in the given region, the existing disk is attached to the new instance and the new disk is not created.
-          "diskSizeGb": "A String", # Specifies the size of the disk in base-2 GB. The size must be at least 10 GB. If you specify a sourceImage, which is required for boot disks, the default size is the size of the sourceImage. If you do not specify a sourceImage, the default disk size is 500 GB.
-          "diskType": "A String", # Specifies the disk type to use to create the instance. If not specified, the default is pd-standard, specified using the full URL. For example: https://www.googleapis.com/compute/v1/projects/project/zones/zone /diskTypes/pd-standard For a full list of acceptable values, see Persistent disk types. If you define this field, you can provide either the full or partial URL. For example, the following are valid values: - https://www.googleapis.com/compute/v1/projects/project/zones/zone /diskTypes/diskType - projects/project/zones/zone/diskTypes/diskType - zones/zone/diskTypes/diskType Note that for InstanceTemplate, this is the name of the disk type, not URL.
-          "guestOsFeatures": [ # A list of features to enable on the guest operating system. Applicable only for bootable images. Read Enabling guest operating system features to see a list of available options. Guest OS features are applied by merging initializeParams.guestOsFeatures and disks.guestOsFeatures
-            { # Guest OS features.
-              "type": "A String", # The ID of a supported feature. Read Enabling guest operating system features to see a list of available options.
-            },
-          ],
-          "interface": "A String", # [Deprecated] Specifies the disk interface to use for attaching this disk, which is either SCSI or NVME. The default is SCSI.
-          "labels": { # Labels to apply to this disk. These can be later modified by the disks.setLabels method. This field is only applicable for persistent disks.
-            "a_key": "A String",
-          },
-          "licenseCodes": [ # Integer license codes indicating which licenses are attached to this disk.
-            "A String",
-          ],
-          "licenses": [ # A list of publicly visible licenses. Reserved for Google's use.
-            "A String",
-          ],
-          "multiWriter": True or False, # Indicates whether or not the disk can be read/write attached to more than one instance.
-          "onUpdateAction": "A String", # Specifies which action to take on instance update with this disk. Default is to use the existing disk.
-          "provisionedIops": "A String", # Indicates how many IOPS to provision for the disk. This sets the number of I/O operations per second that the disk can handle. Values must be between 10,000 and 120,000. For more details, see the Extreme persistent disk documentation.
-          "replicaZones": [ # URLs of the zones where the disk should be replicated to. Only applicable for regional resources.
-            "A String",
-          ],
-          "resourcePolicies": [ # Resource policies applied to this disk for automatic snapshot creations. Specified using the full or partial URL. For instance template, specify only the resource policy name.
-            "A String",
-          ],
-          "sourceImage": "A String", # The source image to create this disk. When creating a new instance, one of initializeParams.sourceImage or initializeParams.sourceSnapshot or disks.source is required except for local SSD. To create a disk with one of the public operating system images, specify the image by its family name. For example, specify family/debian-9 to use the latest Debian 9 image: projects/debian-cloud/global/images/family/debian-9 Alternatively, use a specific version of a public operating system image: projects/debian-cloud/global/images/debian-9-stretch-vYYYYMMDD To create a disk with a custom image that you created, specify the image name in the following format: global/images/my-custom-image You can also specify a custom image by its image family, which returns the latest version of the image in that family. Replace the image name with family/family-name: global/images/family/my-image-family If the source image is deleted later, this field will not be set.
-          "sourceImageEncryptionKey": { # The customer-supplied encryption key of the source image. Required if the source image is protected by a customer-supplied encryption key. Instance templates do not store customer-supplied encryption keys, so you cannot create disks for instances in a managed instance group if the source images are encrypted with your own keys.
-            "kmsKeyName": "A String", # The name of the encryption key that is stored in Google Cloud KMS. For example: "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/ key_region/cryptoKeys/key
-            "kmsKeyServiceAccount": "A String", # The service account being used for the encryption request for the given KMS key. If absent, the Compute Engine default service account is used. For example: "kmsKeyServiceAccount": "name@project_id.iam.gserviceaccount.com/
-            "rawKey": "A String", # Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource. You can provide either the rawKey or the rsaEncryptedKey. For example: "rawKey": "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0="
-            "rsaEncryptedKey": "A String", # Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit customer-supplied encryption key to either encrypt or decrypt this resource. You can provide either the rawKey or the rsaEncryptedKey. For example: "rsaEncryptedKey": "ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFH z0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFoD D6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oe==" The key must meet the following requirements before you can provide it to Compute Engine: 1. The key is wrapped using a RSA public key certificate provided by Google. 2. After being wrapped, the key must be encoded in RFC 4648 base64 encoding. Gets the RSA public key certificate provided by Google at: https://cloud-certs.storage.googleapis.com/google-cloud-csek-ingress.pem
-            "sha256": "A String", # [Output only] The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.
-          },
-          "sourceSnapshot": "A String", # The source snapshot to create this disk. When creating a new instance, one of initializeParams.sourceSnapshot or initializeParams.sourceImage or disks.source is required except for local SSD. To create a disk with a snapshot that you created, specify the snapshot name in the following format: global/snapshots/my-backup If the source snapshot is deleted later, this field will not be set.
-          "sourceSnapshotEncryptionKey": { # The customer-supplied encryption key of the source snapshot.
-            "kmsKeyName": "A String", # The name of the encryption key that is stored in Google Cloud KMS. For example: "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/ key_region/cryptoKeys/key
-            "kmsKeyServiceAccount": "A String", # The service account being used for the encryption request for the given KMS key. If absent, the Compute Engine default service account is used. For example: "kmsKeyServiceAccount": "name@project_id.iam.gserviceaccount.com/
-            "rawKey": "A String", # Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource. You can provide either the rawKey or the rsaEncryptedKey. For example: "rawKey": "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0="
-            "rsaEncryptedKey": "A String", # Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit customer-supplied encryption key to either encrypt or decrypt this resource. You can provide either the rawKey or the rsaEncryptedKey. For example: "rsaEncryptedKey": "ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFH z0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFoD D6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oe==" The key must meet the following requirements before you can provide it to Compute Engine: 1. The key is wrapped using a RSA public key certificate provided by Google. 2. After being wrapped, the key must be encoded in RFC 4648 base64 encoding. Gets the RSA public key certificate provided by Google at: https://cloud-certs.storage.googleapis.com/google-cloud-csek-ingress.pem
-            "sha256": "A String", # [Output only] The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.
-          },
-        },
-        "interface": "A String", # Specifies the disk interface to use for attaching this disk, which is either SCSI or NVME. The default is SCSI. Persistent disks must always use SCSI and the request will fail if you attempt to attach a persistent disk in any other format than SCSI. Local SSDs can use either NVME or SCSI. For performance characteristics of SCSI over NVMe, see Local SSD performance.
-        "kind": "compute#attachedDisk", # [Output Only] Type of the resource. Always compute#attachedDisk for attached disks.
+        "index": 42, # Specifies zero-based index of the disk that is attached to the source instance.
+        "interface": "A String", # Specifies the disk interface to use for attaching this disk, which is either SCSI or NVME.
+        "kind": "compute#savedAttachedDisk", # [Output Only] Type of the resource. Always compute#attachedDisk for attached disks.
         "licenses": [ # [Output Only] Any valid publicly visible licenses.
           "A String",
         ],
-        "locked": True or False, # [Output Only] Whether to indicate the attached disk is locked. The locked disk is not allowed to be detached from the instance, or to be used as the source of the snapshot creation, and the image creation. The instance with at least one locked attached disk is not allow to be used as source of machine image creation, instant snapshot creation, and not allowed to be deleted with --keep-disk parameter set to true for locked disks.
-        "mode": "A String", # The mode in which to attach this disk, either READ_WRITE or READ_ONLY. If not specified, the default is to attach the disk in READ_WRITE mode.
-        "savedState": "A String", # For LocalSSD disks on VM Instances in STOPPED or SUSPENDED state, this field is set to PRESERVED if the LocalSSD data has been saved to a persistent location by customer request. (see the discard_local_ssd option on Stop/Suspend). Read-only in the api.
-        "shieldedInstanceInitialState": { # Initial State for shielded instance, these are public keys which are safe to store in public # [Output Only] shielded vm initial state stored on disk
-          "dbs": [ # The Key Database (db).
-            {
-              "content": "A String", # The raw content in the secure keys file.
-              "fileType": "A String", # The file type of source file.
-            },
-          ],
-          "dbxs": [ # The forbidden key database (dbx).
-            {
-              "content": "A String", # The raw content in the secure keys file.
-              "fileType": "A String", # The file type of source file.
-            },
-          ],
-          "keks": [ # The Key Exchange Key (KEK).
-            {
-              "content": "A String", # The raw content in the secure keys file.
-              "fileType": "A String", # The file type of source file.
-            },
-          ],
-          "pk": { # The Platform Key (PK).
-            "content": "A String", # The raw content in the secure keys file.
-            "fileType": "A String", # The file type of source file.
-          },
-        },
-        "source": "A String", # Specifies a valid partial or full URL to an existing Persistent Disk resource. When creating a new instance, one of initializeParams.sourceImage or initializeParams.sourceSnapshot or disks.source is required except for local SSD. If desired, you can also attach existing non-root persistent disks using this property. This field is only applicable for persistent disks. Note that for InstanceTemplate, specify the disk name, not the URL for the disk.
-        "type": "A String", # Specifies the type of the disk, either SCRATCH or PERSISTENT. If not specified, the default is PERSISTENT.
-        "userLicenses": [ # [Output Only] A list of user provided licenses. It represents a list of URLs to the license resource. Unlike regular licenses, user provided licenses can be modified after the disk is created.
-          "A String",
-        ],
+        "mode": "A String", # The mode in which this disk is attached to the source instance, either READ_WRITE or READ_ONLY.
+        "source": "A String", # Specifies a URL of the disk attached to the source instance.
+        "storageBytes": "A String", # [Output Only] A size of the storage used by the disk's snapshot by this machine image.
+        "storageBytesStatus": "A String", # [Output Only] An indicator whether storageBytes is in a stable state or it is being adjusted as a result of shared storage reallocation. This status can either be UPDATING, meaning the size of the snapshot is being updated, or UP_TO_DATE, meaning the size of the snapshot is up-to-date.
+        "type": "A String", # Specifies the type of the attached disk, either SCRATCH or PERSISTENT.
       },
     ],
-    "displayDevice": { # A set of Display Device options # Display Device properties to enable support for remote display products like: Teradici, VNC and TeamViewer Note that for MachineImage, this is not supported yet.
-      "enableDisplay": True or False, # Defines whether the instance has Display enabled.
-    },
-    "guestAccelerators": [ # A list of guest accelerator cards' type and count to use for instances created from these properties.
+    "guestAccelerators": [ # A list of guest accelerator cards' type and count to use for instances created from this machine image.
       { # A specification of the type and number of accelerator cards attached to the instance.
         "acceleratorCount": 42, # The number of the guest accelerator cards exposed to this instance.
         "acceleratorType": "A String", # Full or partial URL of the accelerator type resource to attach to this instance. For example: projects/my-project/zones/us-central1-c/acceleratorTypes/nvidia-tesla-p100 If you are creating an instance template, specify only the accelerator name. See GPUs on Compute Engine for a full list of accelerator types.
       },
     ],
-    "labels": { # Labels to apply to instances that are created from these properties.
-      "a_key": "A String",
-    },
-    "machineType": "A String", # The machine type to use for instances that are created from these properties.
-    "metadata": { # A metadata key/value entry. # The metadata key/value pairs to assign to instances that are created from these properties. These pairs can consist of custom metadata or predefined keys. See Project and instance metadata for more information.
-      "fingerprint": "A String", # Specifies a fingerprint for this request, which is essentially a hash of the metadata's contents and used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update metadata. You must always provide an up-to-date fingerprint hash in order to update or change metadata, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve the resource.
-      "items": [ # Array of key/value pairs. The total size of all keys and values must be less than 512 KB.
-        { # Metadata
-          "key": "A String", # Key for the metadata entry. Keys must conform to the following regexp: [a-zA-Z0-9-_]+, and be less than 128 bytes in length. This is reflected as part of a URL in the metadata server. Additionally, to avoid ambiguity, keys must not conflict with any other metadata keys for the project.
-          "value": "A String", # Value for the metadata entry. These are free-form strings, and only have meaning as interpreted by the image running in the instance. The only restriction placed on values is that their size must be less than or equal to 262144 bytes (256 KiB).
-        },
-      ],
-      "kind": "compute#metadata", # [Output Only] Type of the resource. Always compute#metadata for metadata.
-    },
-    "minCpuPlatform": "A String", # Minimum cpu/platform to be used by instances. The instance may be scheduled on the specified or newer cpu/platform. Applicable values are the friendly names of CPU platforms, such as minCpuPlatform: "Intel Haswell" or minCpuPlatform: "Intel Sandy Bridge". For more information, read Specifying a Minimum CPU Platform.
-    "networkInterfaces": [ # An array of network access configurations for this interface.
-      { # A network interface resource attached to an instance.
-        "accessConfigs": [ # An array of configurations for this interface. Currently, only one access config, ONE_TO_ONE_NAT, is supported. If there are no accessConfigs specified, then this instance will have no external internet access.
-          { # An access configuration attached to an instance's network interface. Only one access config per instance is supported.
-            "externalIpv6": "A String", # [Output Only] The first IPv6 address of the external IPv6 range associated with this instance, prefix length is stored in externalIpv6PrefixLength in ipv6AccessConfig. The field is output only, an IPv6 address from a subnetwork associated with the instance will be allocated dynamically.
-            "externalIpv6PrefixLength": 42, # [Output Only] The prefix length of the external IPv6 range.
-            "kind": "compute#accessConfig", # [Output Only] Type of the resource. Always compute#accessConfig for access configs.
-            "name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access.
-            "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
-            "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
-            "publicDnsName": "A String", # [Output Only] The public DNS domain name for the instance.
-            "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
-            "setPublicDns": True or False, # Specifies whether a public DNS 'A' record should be created for the external IP address of this access configuration.
-            "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
-            "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
-          },
-        ],
-        "aliasIpRanges": [ # An array of alias IP ranges for this network interface. You can only specify this field for network interfaces in VPC networks.
-          { # An alias IP range attached to an instance's network interface.
-            "ipCidrRange": "A String", # The IP alias ranges to allocate for this interface. This IP CIDR range must belong to the specified subnetwork and cannot contain IP addresses reserved by system or used by other network interfaces. This range may be a single IP address (such as 10.2.3.4), a netmask (such as /24) or a CIDR-formatted string (such as 10.1.2.0/24).
-            "subnetworkRangeName": "A String", # The name of a subnetwork secondary IP range from which to allocate an IP alias range. If not specified, the primary range of the subnetwork is used.
-          },
-        ],
-        "fingerprint": "A String", # Fingerprint hash of contents stored in this network interface. This field will be ignored when inserting an Instance or adding a NetworkInterface. An up-to-date fingerprint must be provided in order to update the NetworkInterface. The request will fail with error 400 Bad Request if the fingerprint is not provided, or 412 Precondition Failed if the fingerprint is out of date.
-        "internalIpv6PrefixLength": 42, # [Output Only] The prefix length of the primary internal IPv6 range.
-        "ipv6AccessConfigs": [ # An array of IPv6 access configurations for this interface. Currently, only one IPv6 access config, DIRECT_IPV6, is supported. If there is no ipv6AccessConfig specified, then this instance will have no external IPv6 Internet access.
-          { # An access configuration attached to an instance's network interface. Only one access config per instance is supported.
-            "externalIpv6": "A String", # [Output Only] The first IPv6 address of the external IPv6 range associated with this instance, prefix length is stored in externalIpv6PrefixLength in ipv6AccessConfig. The field is output only, an IPv6 address from a subnetwork associated with the instance will be allocated dynamically.
-            "externalIpv6PrefixLength": 42, # [Output Only] The prefix length of the external IPv6 range.
-            "kind": "compute#accessConfig", # [Output Only] Type of the resource. Always compute#accessConfig for access configs.
-            "name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access.
-            "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
-            "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
-            "publicDnsName": "A String", # [Output Only] The public DNS domain name for the instance.
-            "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
-            "setPublicDns": True or False, # Specifies whether a public DNS 'A' record should be created for the external IP address of this access configuration.
-            "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
-            "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
-          },
-        ],
-        "ipv6AccessType": "A String", # [Output Only] One of EXTERNAL, INTERNAL to indicate whether the IP can be accessed from the Internet. This field is always inherited from its subnetwork. Valid only if stackType is IPV4_IPV6.
-        "ipv6Address": "A String", # [Output Only] An IPv6 internal network address for this network interface.
-        "kind": "compute#networkInterface", # [Output Only] Type of the resource. Always compute#networkInterface for network interfaces.
-        "name": "A String", # [Output Only] The name of the network interface, which is generated by the server. For network devices, these are eth0, eth1, etc.
-        "network": "A String", # URL of the network resource for this instance. When creating an instance, if neither the network nor the subnetwork is specified, the default network global/networks/default is used; if the network is not specified but the subnetwork is specified, the network is inferred. If you specify this property, you can specify the network as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/project/global/networks/ network - projects/project/global/networks/network - global/networks/default
-        "networkIP": "A String", # An IPv4 internal IP address to assign to the instance for this network interface. If not specified by the user, an unused internal IP is assigned by the system.
-        "nicType": "A String", # The type of vNIC to be used on this interface. This may be gVNIC or VirtioNet.
-        "queueCount": 42, # The networking queue count that's specified by users for the network interface. Both Rx and Tx queues will be set to this number. It'll be empty if not specified by the users.
-        "stackType": "A String", # The stack type for this network interface to identify whether the IPv6 feature is enabled or not. If not specified, IPV4_ONLY will be used. This field can be both set at instance creation and update network interface operations.
-        "subinterfaces": [ # SubInterfaces help enable L2 communication for the instance over subnetworks that support L2. Every network interface will get a default untagged (vlan not specified) subinterface. Users can specify additional tagged subinterfaces which are sub-fields to the Network Interface.
-          {
-            "ipAddress": "A String", # An IPv4 internal IP address to assign to the instance for this subinterface. If specified, ip_allocation_mode should be set to ALLOCATE_IP.
-            "ipAllocationMode": "A String",
-            "subnetwork": "A String", # If specified, this subnetwork must belong to the same network as that of the network interface. If not specified the subnet of network interface will be used. If you specify this property, you can specify the subnetwork as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/project/regions/region /subnetworks/subnetwork - regions/region/subnetworks/subnetwork
-            "vlan": 42, # VLAN tag. Should match the VLAN(s) supported by the subnetwork to which this subinterface is connecting.
-          },
-        ],
-        "subnetwork": "A String", # The URL of the Subnetwork resource for this instance. If the network resource is in legacy mode, do not specify this field. If the network is in auto subnet mode, specifying the subnetwork is optional. If the network is in custom subnet mode, specifying the subnetwork is required. If you specify this field, you can specify the subnetwork as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/project/regions/region /subnetworks/subnetwork - regions/region/subnetworks/subnetwork
-      },
-    ],
-    "networkPerformanceConfig": { # Note that for MachineImage, this is not supported yet.
-      "externalIpEgressBandwidthTier": "A String",
-      "totalEgressBandwidthTier": "A String",
-    },
-    "postKeyRevocationActionType": "A String", # PostKeyRevocationActionType of the instance.
-    "privateIpv6GoogleAccess": "A String", # The private IPv6 google access type for VMs. If not specified, use INHERIT_FROM_SUBNETWORK as default. Note that for MachineImage, this is not supported yet.
-    "reservationAffinity": { # Specifies the reservations that this instance can consume from. # Specifies the reservations that instances can consume from. Note that for MachineImage, this is not supported yet.
-      "consumeReservationType": "A String", # Specifies the type of reservation from which this instance can consume resources: ANY_RESERVATION (default), SPECIFIC_RESERVATION, or NO_RESERVATION. See Consuming reserved instances for examples.
-      "key": "A String", # Corresponds to the label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify googleapis.com/reservation-name as the key and specify the name of your reservation as its value.
-      "values": [ # Corresponds to the label values of a reservation resource. This can be either a name to a reservation in the same project or "projects/different-project/reservations/some-reservation-name" to target a shared reservation in the same zone but in a different project.
-        "A String",
-      ],
-    },
-    "resourcePolicies": [ # Resource policies (names, not ULRs) applied to instances created from these properties. Note that for MachineImage, this is not supported yet.
-      "A String",
-    ],
-    "scheduling": { # Sets the scheduling options for an Instance. NextID: 21 # Specifies the scheduling options for the instances that are created from these properties.
-      "automaticRestart": True or False, # Specifies whether the instance should be automatically restarted if it is terminated by Compute Engine (not terminated by a user). You can only set the automatic restart option for standard instances. Preemptible instances cannot be automatically restarted. By default, this is set to true so an instance is automatically restarted if it is terminated by Compute Engine.
-      "availabilityDomain": 42, # Specifies the availability domain (AD), which this instance should be scheduled on. The AD belongs to the spread GroupPlacementPolicy resource policy that has been assigned to the instance. Specify a value between 1-max count of availability domains in your GroupPlacementPolicy. See go/placement-policy-extension for more details.
-      "currentCpus": 42, # Current number of vCPUs available for VM. 0 or unset means default vCPUs of the current machine type.
-      "currentMemoryMb": "A String", # Current amount of memory (in MB) available for VM. 0 or unset means default amount of memory of the current machine type.
-      "hostErrorTimeoutSeconds": 42, # Specify the time in seconds for host error detection, the value must be within the range of [90, 330] with the increment of 30, if unset, the default behavior of host error recovery will be used.
-      "instanceTerminationAction": "A String", # Specifies the termination action for the instance.
-      "latencyTolerant": True or False, # Defines whether the instance is tolerant of higher cpu latency. This can only be set during instance creation, or when the instance is not currently running. It must not be set if the preemptible option is also set.
-      "locationHint": "A String", # An opaque location hint used to place the instance close to other resources. This field is for use by internal tools that use the public API.
-      "maintenanceFreezeDurationHours": 42, # Specifies the number of hours after VM instance creation where the VM won't be scheduled for maintenance.
-      "maintenanceInterval": "A String", # For more information about maintenance intervals, see Setting maintenance intervals.
-      "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node.
-      "nodeAffinities": [ # A set of node affinity and anti-affinity configurations. Refer to Configuring node affinity for more information. Overrides reservationAffinity.
-        { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled.
-          "key": "A String", # Corresponds to the label key of Node resource.
-          "operator": "A String", # Defines the operation of node selection. Valid operators are IN for affinity and NOT_IN for anti-affinity.
-          "values": [ # Corresponds to the label values of Node resource.
-            "A String",
-          ],
-        },
-      ],
-      "onHostMaintenance": "A String", # Defines the maintenance behavior for this instance. For standard instances, the default behavior is MIGRATE. For preemptible instances, the default and only possible behavior is TERMINATE. For more information, see Setting Instance Scheduling Options.
-      "preemptible": True or False, # Defines whether the instance is preemptible. This can only be set during instance creation or while the instance is stopped and therefore, in a `TERMINATED` state. See Instance Life Cycle for more information on the possible instance states.
-      "provisioningModel": "A String", # Specifies the provisioning model of the instance.
-    },
-    "secureTags": [ # [Input Only] Secure tags to apply to this instance. Maximum number of secure tags allowed is 50. Note that for MachineImage, this is not supported yet.
-      "A String",
-    ],
-    "serviceAccounts": [ # A list of service accounts with specified scopes. Access tokens for these service accounts are available to the instances that are created from these properties. Use metadata queries to obtain the access tokens for these instances.
-      { # A service account.
-        "email": "A String", # Email address of the service account.
-        "scopes": [ # The list of scopes to be made available for this service account.
-          "A String",
-        ],
-      },
-    ],
-    "shieldedInstanceConfig": { # A set of Shielded Instance options. # Note that for MachineImage, this is not supported yet.
-      "enableIntegrityMonitoring": True or False, # Defines whether the instance has integrity monitoring enabled. Enabled by default.
-      "enableSecureBoot": True or False, # Defines whether the instance has Secure Boot enabled. Disabled by default.
-      "enableVtpm": True or False, # Defines whether the instance has the vTPM enabled. Enabled by default.
-    },
-    "shieldedVmConfig": { # A set of Shielded VM options. # Specifies the Shielded VM options for the instances that are created from these properties.
-      "enableIntegrityMonitoring": True or False, # Defines whether the instance has integrity monitoring enabled.
-      "enableSecureBoot": True or False, # Defines whether the instance has Secure Boot enabled.
-      "enableVtpm": True or False, # Defines whether the instance has the vTPM enabled.
-    },
-    "tags": { # A set of instance tags. # A list of tags to apply to the instances that are created from these properties. The tags identify valid sources or targets for network firewalls. The setTags method can modify this list of tags. Each tag within the list must comply with RFC1035.
-      "fingerprint": "A String", # Specifies a fingerprint for this request, which is essentially a hash of the tags' contents and used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update tags. You must always provide an up-to-date fingerprint hash in order to update or change tags. To see the latest fingerprint, make get() request to the instance.
-      "items": [ # An array of tags. Each tag must be 1-63 characters long, and comply with RFC1035.
-        "A String",
-      ],
-    },
-  },
-  "kind": "compute#machineImage", # [Output Only] The resource type, which is always compute#machineImage for machine image.
-  "machineImageEncryptionKey": { # Encrypts the machine image using a customer-supplied encryption key. After you encrypt a machine image using a customer-supplied key, you must provide the same key if you use the machine image later. For example, you must provide the encryption key when you create an instance from the encrypted machine image in a future request. Customer-supplied encryption keys do not protect access to metadata of the machine image. If you do not provide an encryption key when creating the machine image, then the machine image will be encrypted using an automatically generated key and you do not need to provide a key to use the machine image later.
-    "kmsKeyName": "A String", # The name of the encryption key that is stored in Google Cloud KMS. For example: "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/ key_region/cryptoKeys/key
-    "kmsKeyServiceAccount": "A String", # The service account being used for the encryption request for the given KMS key. If absent, the Compute Engine default service account is used. For example: "kmsKeyServiceAccount": "name@project_id.iam.gserviceaccount.com/
-    "rawKey": "A String", # Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource. You can provide either the rawKey or the rsaEncryptedKey. For example: "rawKey": "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0="
-    "rsaEncryptedKey": "A String", # Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit customer-supplied encryption key to either encrypt or decrypt this resource. You can provide either the rawKey or the rsaEncryptedKey. For example: "rsaEncryptedKey": "ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFH z0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFoD D6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oe==" The key must meet the following requirements before you can provide it to Compute Engine: 1. The key is wrapped using a RSA public key certificate provided by Google. 2. After being wrapped, the key must be encoded in RFC 4648 base64 encoding. Gets the RSA public key certificate provided by Google at: https://cloud-certs.storage.googleapis.com/google-cloud-csek-ingress.pem
-    "sha256": "A String", # [Output only] The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.
-  },
-  "name": "A String", # Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
-  "satisfiesPzs": True or False, # [Output Only] Reserved for future use.
-  "savedDisks": [ # An array of Machine Image specific properties for disks attached to the source instance
-    { # An instance-attached disk resource.
-      "kind": "compute#savedDisk", # [Output Only] Type of the resource. Always compute#savedDisk for attached disks.
-      "sourceDisk": "A String", # Specifies a URL of the disk attached to the source instance.
-      "storageBytes": "A String", # [Output Only] Size of the individual disk snapshot used by this machine image.
-      "storageBytesStatus": "A String", # [Output Only] An indicator whether storageBytes is in a stable state or it is being adjusted as a result of shared storage reallocation. This status can either be UPDATING, meaning the size of the snapshot is being updated, or UP_TO_DATE, meaning the size of the snapshot is up-to-date.
-    },
-  ],
-  "selfLink": "A String", # [Output Only] The URL for this machine image. The server defines this URL.
-  "selfLinkWithId": "A String", # [Output Only] Server-defined URL for this resource with the resource id.
-  "sourceDiskEncryptionKeys": [ # [Input Only] The customer-supplied encryption key of the disks attached to the source instance. Required if the source disk is protected by a customer-supplied encryption key.
-    {
-      "diskEncryptionKey": { # The customer-supplied encryption key of the source disk. Required if the source disk is protected by a customer-supplied encryption key.
-        "kmsKeyName": "A String", # The name of the encryption key that is stored in Google Cloud KMS. For example: "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/ key_region/cryptoKeys/key
-        "kmsKeyServiceAccount": "A String", # The service account being used for the encryption request for the given KMS key. If absent, the Compute Engine default service account is used. For example: "kmsKeyServiceAccount": "name@project_id.iam.gserviceaccount.com/
-        "rawKey": "A String", # Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource. You can provide either the rawKey or the rsaEncryptedKey. For example: "rawKey": "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0="
-        "rsaEncryptedKey": "A String", # Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit customer-supplied encryption key to either encrypt or decrypt this resource. You can provide either the rawKey or the rsaEncryptedKey. For example: "rsaEncryptedKey": "ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFH z0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFoD D6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oe==" The key must meet the following requirements before you can provide it to Compute Engine: 1. The key is wrapped using a RSA public key certificate provided by Google. 2. After being wrapped, the key must be encoded in RFC 4648 base64 encoding. Gets the RSA public key certificate provided by Google at: https://cloud-certs.storage.googleapis.com/google-cloud-csek-ingress.pem
-        "sha256": "A String", # [Output only] The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.
-      },
-      "sourceDisk": "A String", # URL of the disk attached to the source instance. This can be a full or valid partial URL. For example, the following are valid values: - https://www.googleapis.com/compute/v1/projects/project/zones/zone /disks/disk - projects/project/zones/zone/disks/disk - zones/zone/disks/disk
-    },
-  ],
-  "sourceInstance": "A String", # The source instance used to create the machine image. You can provide this as a partial or full URL to the resource. For example, the following are valid values: - https://www.googleapis.com/compute/v1/projects/project/zones/zone /instances/instance - projects/project/zones/zone/instances/instance
-  "sourceInstanceProperties": { # [Output Only] Properties of source instance.
-    "canIpForward": True or False, # Enables instances created based on this machine image to send packets with source IP addresses other than their own and receive packets with destination IP addresses other than their own. If these instances will be used as an IP gateway or it will be set as the next-hop in a Route resource, specify true. If unsure, leave this set to false. See the Enable IP forwarding documentation for more information.
-    "deletionProtection": True or False, # Whether the instance created from this machine image should be protected against deletion.
-    "description": "A String", # An optional text description for the instances that are created from this machine image.
-    "disks": [ # An array of disks that are associated with the instances that are created from this machine image.
-      { # An instance-attached disk resource.
-        "autoDelete": True or False, # Specifies whether the disk will be auto-deleted when the instance is deleted (but not when the disk is detached from the instance).
-        "boot": True or False, # Indicates that this is a boot disk. The virtual machine will use the first partition of the disk for its root filesystem.
-        "deviceName": "A String", # Specifies the name of the disk attached to the source instance.
-        "diskEncryptionKey": { # The encryption key for the disk.
-          "kmsKeyName": "A String", # The name of the encryption key that is stored in Google Cloud KMS. For example: "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/ key_region/cryptoKeys/key
-          "kmsKeyServiceAccount": "A String", # The service account being used for the encryption request for the given KMS key. If absent, the Compute Engine default service account is used. For example: "kmsKeyServiceAccount": "name@project_id.iam.gserviceaccount.com/
-          "rawKey": "A String", # Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource. You can provide either the rawKey or the rsaEncryptedKey. For example: "rawKey": "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0="
-          "rsaEncryptedKey": "A String", # Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit customer-supplied encryption key to either encrypt or decrypt this resource. You can provide either the rawKey or the rsaEncryptedKey. For example: "rsaEncryptedKey": "ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFH z0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFoD D6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oe==" The key must meet the following requirements before you can provide it to Compute Engine: 1. The key is wrapped using a RSA public key certificate provided by Google. 2. After being wrapped, the key must be encoded in RFC 4648 base64 encoding. Gets the RSA public key certificate provided by Google at: https://cloud-certs.storage.googleapis.com/google-cloud-csek-ingress.pem
-          "sha256": "A String", # [Output only] The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.
-        },
-        "diskSizeGb": "A String", # The size of the disk in base-2 GB.
-        "diskType": "A String", # [Output Only] URL of the disk type resource. For example: projects/project /zones/zone/diskTypes/pd-standard or pd-ssd
-        "guestOsFeatures": [ # A list of features to enable on the guest operating system. Applicable only for bootable images. Read Enabling guest operating system features to see a list of available options.
-          { # Guest OS features.
-            "type": "A String", # The ID of a supported feature. Read Enabling guest operating system features to see a list of available options.
-          },
-        ],
-        "index": 42, # Specifies zero-based index of the disk that is attached to the source instance.
-        "interface": "A String", # Specifies the disk interface to use for attaching this disk, which is either SCSI or NVME.
-        "kind": "compute#savedAttachedDisk", # [Output Only] Type of the resource. Always compute#attachedDisk for attached disks.
-        "licenses": [ # [Output Only] Any valid publicly visible licenses.
-          "A String",
-        ],
-        "mode": "A String", # The mode in which this disk is attached to the source instance, either READ_WRITE or READ_ONLY.
-        "source": "A String", # Specifies a URL of the disk attached to the source instance.
-        "storageBytes": "A String", # [Output Only] A size of the storage used by the disk's snapshot by this machine image.
-        "storageBytesStatus": "A String", # [Output Only] An indicator whether storageBytes is in a stable state or it is being adjusted as a result of shared storage reallocation. This status can either be UPDATING, meaning the size of the snapshot is being updated, or UP_TO_DATE, meaning the size of the snapshot is up-to-date.
-        "type": "A String", # Specifies the type of the attached disk, either SCRATCH or PERSISTENT.
-      },
-    ],
-    "guestAccelerators": [ # A list of guest accelerator cards' type and count to use for instances created from this machine image.
-      { # A specification of the type and number of accelerator cards attached to the instance.
-        "acceleratorCount": 42, # The number of the guest accelerator cards exposed to this instance.
-        "acceleratorType": "A String", # Full or partial URL of the accelerator type resource to attach to this instance. For example: projects/my-project/zones/us-central1-c/acceleratorTypes/nvidia-tesla-p100 If you are creating an instance template, specify only the accelerator name. See GPUs on Compute Engine for a full list of accelerator types.
-      },
-    ],
-    "labels": { # Labels to apply to instances that are created from this machine image.
+    "labels": { # Labels to apply to instances that are created from this machine image.
       "a_key": "A String",
     },
     "machineType": "A String", # The machine type to use for instances that are created from this machine image.
@@ -1154,9 +593,9 @@ 
Method Details

             "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
             "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
             "publicDnsName": "A String", # [Output Only] The public DNS domain name for the instance.
-            "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
+            "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
             "setPublicDns": True or False, # Specifies whether a public DNS 'A' record should be created for the external IP address of this access configuration.
-            "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+            "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
             "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
           },
         ],
@@ -1177,9 +616,9 @@ 
Method Details

             "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
             "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
             "publicDnsName": "A String", # [Output Only] The public DNS domain name for the instance.
-            "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
+            "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
             "setPublicDns": True or False, # Specifies whether a public DNS 'A' record should be created for the external IP address of this access configuration.
-            "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+            "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
             "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
           },
         ],
@@ -1203,7 +642,7 @@ 
Method Details

         "subnetwork": "A String", # The URL of the Subnetwork resource for this instance. If the network resource is in legacy mode, do not specify this field. If the network is in auto subnet mode, specifying the subnetwork is optional. If the network is in custom subnet mode, specifying the subnetwork is required. If you specify this field, you can specify the subnetwork as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/project/regions/region /subnetworks/subnetwork - regions/region/subnetworks/subnetwork
       },
     ],
-    "postKeyRevocationActionType": "A String", # PostKeyRevocationActionType of the instance.
+    "postKeyRevocationActionType": "A String", # PostKeyRevocationActionType of the instance. (will be deprecated soon)
     "scheduling": { # Sets the scheduling options for an Instance. NextID: 21 # Specifies the scheduling options for the instances that are created from this machine image.
       "automaticRestart": True or False, # Specifies whether the instance should be automatically restarted if it is terminated by Compute Engine (not terminated by a user). You can only set the automatic restart option for standard instances. Preemptible instances cannot be automatically restarted. By default, this is set to true so an instance is automatically restarted if it is terminated by Compute Engine.
       "availabilityDomain": 42, # Specifies the availability domain (AD), which this instance should be scheduled on. The AD belongs to the spread GroupPlacementPolicy resource policy that has been assigned to the instance. Specify a value between 1-max count of availability domains in your GroupPlacementPolicy. See go/placement-policy-extension for more details.
@@ -1280,9 +719,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1339,277 +775,6 @@ 
Method Details

       "description": "A String", # An optional description of this resource. Provide this property when you create the resource.
       "guestFlush": True or False, # [Input Only] Whether to attempt an application consistent machine image by informing the OS to prepare for the snapshot process. Currently only supported on Windows instances using the Volume Shadow Copy Service (VSS).
       "id": "A String", # [Output Only] A unique identifier for this machine image. The server defines this identifier.
-      "instanceProperties": { # [Output Only] Properties of source instance
-        "advancedMachineFeatures": { # Specifies options for controlling advanced machine features. Options that would traditionally be configured in a BIOS belong here. Features that require operating system support may have corresponding entries in the GuestOsFeatures of an Image (e.g., whether or not the OS in the Image supports nested virtualization being enabled or disabled). # Controls for advanced machine-related behavior features. Note that for MachineImage, this is not supported yet.
-          "enableNestedVirtualization": True or False, # Whether to enable nested virtualization or not (default is false).
-          "enableUefiNetworking": True or False, # Whether to enable UEFI networking for instance creation.
-          "numaNodeCount": 42, # The number of vNUMA nodes.
-          "threadsPerCore": 42, # The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.
-          "visibleCoreCount": 42, # The number of physical cores to expose to an instance. Multiply by the number of threads per core to compute the total number of virtual CPUs to expose to the instance. If unset, the number of cores is inferred from the instance's nominal CPU count and the underlying platform's SMT width.
-        },
-        "canIpForward": True or False, # Enables instances created based on these properties to send packets with source IP addresses other than their own and receive packets with destination IP addresses other than their own. If these instances will be used as an IP gateway or it will be set as the next-hop in a Route resource, specify true. If unsure, leave this set to false. See the Enable IP forwarding documentation for more information.
-        "confidentialInstanceConfig": { # A set of Confidential Instance options. # Specifies the Confidential Instance options. Note that for MachineImage, this is not supported yet.
-          "enableConfidentialCompute": True or False, # Defines whether the instance should have confidential compute enabled.
-        },
-        "description": "A String", # An optional text description for the instances that are created from these properties.
-        "disks": [ # An array of disks that are associated with the instances that are created from these properties.
-          { # An instance-attached disk resource.
-            "autoDelete": True or False, # Specifies whether the disk will be auto-deleted when the instance is deleted (but not when the disk is detached from the instance).
-            "boot": True or False, # Indicates that this is a boot disk. The virtual machine will use the first partition of the disk for its root filesystem.
-            "deviceName": "A String", # Specifies a unique device name of your choice that is reflected into the /dev/disk/by-id/google-* tree of a Linux operating system running within the instance. This name can be used to reference the device for mounting, resizing, and so on, from within the instance. If not specified, the server chooses a default device name to apply to this disk, in the form persistent-disk-x, where x is a number assigned by Google Compute Engine. This field is only applicable for persistent disks.
-            "diskEncryptionKey": { # Encrypts or decrypts a disk using a customer-supplied encryption key. If you are creating a new disk, this field encrypts the new disk using an encryption key that you provide. If you are attaching an existing disk that is already encrypted, this field decrypts the disk using the customer-supplied encryption key. If you encrypt a disk using a customer-supplied key, you must provide the same key again when you attempt to use this resource at a later time. For example, you must provide the key when you create a snapshot or an image from the disk or when you attach the disk to a virtual machine instance. If you do not provide an encryption key, then the disk will be encrypted using an automatically generated key and you do not need to provide a key to use the disk later. Instance templates do not store customer-supplied encryption keys, so you cannot use your own keys to encrypt disks in a managed instance group.
-              "kmsKeyName": "A String", # The name of the encryption key that is stored in Google Cloud KMS. For example: "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/ key_region/cryptoKeys/key
-              "kmsKeyServiceAccount": "A String", # The service account being used for the encryption request for the given KMS key. If absent, the Compute Engine default service account is used. For example: "kmsKeyServiceAccount": "name@project_id.iam.gserviceaccount.com/
-              "rawKey": "A String", # Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource. You can provide either the rawKey or the rsaEncryptedKey. For example: "rawKey": "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0="
-              "rsaEncryptedKey": "A String", # Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit customer-supplied encryption key to either encrypt or decrypt this resource. You can provide either the rawKey or the rsaEncryptedKey. For example: "rsaEncryptedKey": "ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFH z0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFoD D6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oe==" The key must meet the following requirements before you can provide it to Compute Engine: 1. The key is wrapped using a RSA public key certificate provided by Google. 2. After being wrapped, the key must be encoded in RFC 4648 base64 encoding. Gets the RSA public key certificate provided by Google at: https://cloud-certs.storage.googleapis.com/google-cloud-csek-ingress.pem
-              "sha256": "A String", # [Output only] The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.
-            },
-            "diskSizeGb": "A String", # The size of the disk in GB.
-            "forceAttach": True or False, # [Input Only] Whether to force attach the regional disk even if it's currently attached to another instance. If you try to force attach a zonal disk to an instance, you will receive an error.
-            "guestOsFeatures": [ # A list of features to enable on the guest operating system. Applicable only for bootable images. Read Enabling guest operating system features to see a list of available options.
-              { # Guest OS features.
-                "type": "A String", # The ID of a supported feature. Read Enabling guest operating system features to see a list of available options.
-              },
-            ],
-            "index": 42, # [Output Only] A zero-based index to this disk, where 0 is reserved for the boot disk. If you have many disks attached to an instance, each disk would have a unique index number.
-            "initializeParams": { # [Input Only] Specifies the parameters for a new disk that will be created alongside the new instance. Use initialization parameters to create boot disks or local SSDs attached to the new instance. This property is mutually exclusive with the source property; you can only define one or the other, but not both. # [Input Only] Specifies the parameters for a new disk that will be created alongside the new instance. Use initialization parameters to create boot disks or local SSDs attached to the new instance. This property is mutually exclusive with the source property; you can only define one or the other, but not both.
-              "description": "A String", # An optional description. Provide this property when creating the disk.
-              "diskName": "A String", # Specifies the disk name. If not specified, the default is to use the name of the instance. If a disk with the same name already exists in the given region, the existing disk is attached to the new instance and the new disk is not created.
-              "diskSizeGb": "A String", # Specifies the size of the disk in base-2 GB. The size must be at least 10 GB. If you specify a sourceImage, which is required for boot disks, the default size is the size of the sourceImage. If you do not specify a sourceImage, the default disk size is 500 GB.
-              "diskType": "A String", # Specifies the disk type to use to create the instance. If not specified, the default is pd-standard, specified using the full URL. For example: https://www.googleapis.com/compute/v1/projects/project/zones/zone /diskTypes/pd-standard For a full list of acceptable values, see Persistent disk types. If you define this field, you can provide either the full or partial URL. For example, the following are valid values: - https://www.googleapis.com/compute/v1/projects/project/zones/zone /diskTypes/diskType - projects/project/zones/zone/diskTypes/diskType - zones/zone/diskTypes/diskType Note that for InstanceTemplate, this is the name of the disk type, not URL.
-              "guestOsFeatures": [ # A list of features to enable on the guest operating system. Applicable only for bootable images. Read Enabling guest operating system features to see a list of available options. Guest OS features are applied by merging initializeParams.guestOsFeatures and disks.guestOsFeatures
-                { # Guest OS features.
-                  "type": "A String", # The ID of a supported feature. Read Enabling guest operating system features to see a list of available options.
-                },
-              ],
-              "interface": "A String", # [Deprecated] Specifies the disk interface to use for attaching this disk, which is either SCSI or NVME. The default is SCSI.
-              "labels": { # Labels to apply to this disk. These can be later modified by the disks.setLabels method. This field is only applicable for persistent disks.
-                "a_key": "A String",
-              },
-              "licenseCodes": [ # Integer license codes indicating which licenses are attached to this disk.
-                "A String",
-              ],
-              "licenses": [ # A list of publicly visible licenses. Reserved for Google's use.
-                "A String",
-              ],
-              "multiWriter": True or False, # Indicates whether or not the disk can be read/write attached to more than one instance.
-              "onUpdateAction": "A String", # Specifies which action to take on instance update with this disk. Default is to use the existing disk.
-              "provisionedIops": "A String", # Indicates how many IOPS to provision for the disk. This sets the number of I/O operations per second that the disk can handle. Values must be between 10,000 and 120,000. For more details, see the Extreme persistent disk documentation.
-              "replicaZones": [ # URLs of the zones where the disk should be replicated to. Only applicable for regional resources.
-                "A String",
-              ],
-              "resourcePolicies": [ # Resource policies applied to this disk for automatic snapshot creations. Specified using the full or partial URL. For instance template, specify only the resource policy name.
-                "A String",
-              ],
-              "sourceImage": "A String", # The source image to create this disk. When creating a new instance, one of initializeParams.sourceImage or initializeParams.sourceSnapshot or disks.source is required except for local SSD. To create a disk with one of the public operating system images, specify the image by its family name. For example, specify family/debian-9 to use the latest Debian 9 image: projects/debian-cloud/global/images/family/debian-9 Alternatively, use a specific version of a public operating system image: projects/debian-cloud/global/images/debian-9-stretch-vYYYYMMDD To create a disk with a custom image that you created, specify the image name in the following format: global/images/my-custom-image You can also specify a custom image by its image family, which returns the latest version of the image in that family. Replace the image name with family/family-name: global/images/family/my-image-family If the source image is deleted later, this field will not be set.
-              "sourceImageEncryptionKey": { # The customer-supplied encryption key of the source image. Required if the source image is protected by a customer-supplied encryption key. Instance templates do not store customer-supplied encryption keys, so you cannot create disks for instances in a managed instance group if the source images are encrypted with your own keys.
-                "kmsKeyName": "A String", # The name of the encryption key that is stored in Google Cloud KMS. For example: "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/ key_region/cryptoKeys/key
-                "kmsKeyServiceAccount": "A String", # The service account being used for the encryption request for the given KMS key. If absent, the Compute Engine default service account is used. For example: "kmsKeyServiceAccount": "name@project_id.iam.gserviceaccount.com/
-                "rawKey": "A String", # Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource. You can provide either the rawKey or the rsaEncryptedKey. For example: "rawKey": "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0="
-                "rsaEncryptedKey": "A String", # Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit customer-supplied encryption key to either encrypt or decrypt this resource. You can provide either the rawKey or the rsaEncryptedKey. For example: "rsaEncryptedKey": "ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFH z0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFoD D6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oe==" The key must meet the following requirements before you can provide it to Compute Engine: 1. The key is wrapped using a RSA public key certificate provided by Google. 2. After being wrapped, the key must be encoded in RFC 4648 base64 encoding. Gets the RSA public key certificate provided by Google at: https://cloud-certs.storage.googleapis.com/google-cloud-csek-ingress.pem
-                "sha256": "A String", # [Output only] The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.
-              },
-              "sourceSnapshot": "A String", # The source snapshot to create this disk. When creating a new instance, one of initializeParams.sourceSnapshot or initializeParams.sourceImage or disks.source is required except for local SSD. To create a disk with a snapshot that you created, specify the snapshot name in the following format: global/snapshots/my-backup If the source snapshot is deleted later, this field will not be set.
-              "sourceSnapshotEncryptionKey": { # The customer-supplied encryption key of the source snapshot.
-                "kmsKeyName": "A String", # The name of the encryption key that is stored in Google Cloud KMS. For example: "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/ key_region/cryptoKeys/key
-                "kmsKeyServiceAccount": "A String", # The service account being used for the encryption request for the given KMS key. If absent, the Compute Engine default service account is used. For example: "kmsKeyServiceAccount": "name@project_id.iam.gserviceaccount.com/
-                "rawKey": "A String", # Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource. You can provide either the rawKey or the rsaEncryptedKey. For example: "rawKey": "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0="
-                "rsaEncryptedKey": "A String", # Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit customer-supplied encryption key to either encrypt or decrypt this resource. You can provide either the rawKey or the rsaEncryptedKey. For example: "rsaEncryptedKey": "ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFH z0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFoD D6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oe==" The key must meet the following requirements before you can provide it to Compute Engine: 1. The key is wrapped using a RSA public key certificate provided by Google. 2. After being wrapped, the key must be encoded in RFC 4648 base64 encoding. Gets the RSA public key certificate provided by Google at: https://cloud-certs.storage.googleapis.com/google-cloud-csek-ingress.pem
-                "sha256": "A String", # [Output only] The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.
-              },
-            },
-            "interface": "A String", # Specifies the disk interface to use for attaching this disk, which is either SCSI or NVME. The default is SCSI. Persistent disks must always use SCSI and the request will fail if you attempt to attach a persistent disk in any other format than SCSI. Local SSDs can use either NVME or SCSI. For performance characteristics of SCSI over NVMe, see Local SSD performance.
-            "kind": "compute#attachedDisk", # [Output Only] Type of the resource. Always compute#attachedDisk for attached disks.
-            "licenses": [ # [Output Only] Any valid publicly visible licenses.
-              "A String",
-            ],
-            "locked": True or False, # [Output Only] Whether to indicate the attached disk is locked. The locked disk is not allowed to be detached from the instance, or to be used as the source of the snapshot creation, and the image creation. The instance with at least one locked attached disk is not allow to be used as source of machine image creation, instant snapshot creation, and not allowed to be deleted with --keep-disk parameter set to true for locked disks.
-            "mode": "A String", # The mode in which to attach this disk, either READ_WRITE or READ_ONLY. If not specified, the default is to attach the disk in READ_WRITE mode.
-            "savedState": "A String", # For LocalSSD disks on VM Instances in STOPPED or SUSPENDED state, this field is set to PRESERVED if the LocalSSD data has been saved to a persistent location by customer request. (see the discard_local_ssd option on Stop/Suspend). Read-only in the api.
-            "shieldedInstanceInitialState": { # Initial State for shielded instance, these are public keys which are safe to store in public # [Output Only] shielded vm initial state stored on disk
-              "dbs": [ # The Key Database (db).
-                {
-                  "content": "A String", # The raw content in the secure keys file.
-                  "fileType": "A String", # The file type of source file.
-                },
-              ],
-              "dbxs": [ # The forbidden key database (dbx).
-                {
-                  "content": "A String", # The raw content in the secure keys file.
-                  "fileType": "A String", # The file type of source file.
-                },
-              ],
-              "keks": [ # The Key Exchange Key (KEK).
-                {
-                  "content": "A String", # The raw content in the secure keys file.
-                  "fileType": "A String", # The file type of source file.
-                },
-              ],
-              "pk": { # The Platform Key (PK).
-                "content": "A String", # The raw content in the secure keys file.
-                "fileType": "A String", # The file type of source file.
-              },
-            },
-            "source": "A String", # Specifies a valid partial or full URL to an existing Persistent Disk resource. When creating a new instance, one of initializeParams.sourceImage or initializeParams.sourceSnapshot or disks.source is required except for local SSD. If desired, you can also attach existing non-root persistent disks using this property. This field is only applicable for persistent disks. Note that for InstanceTemplate, specify the disk name, not the URL for the disk.
-            "type": "A String", # Specifies the type of the disk, either SCRATCH or PERSISTENT. If not specified, the default is PERSISTENT.
-            "userLicenses": [ # [Output Only] A list of user provided licenses. It represents a list of URLs to the license resource. Unlike regular licenses, user provided licenses can be modified after the disk is created.
-              "A String",
-            ],
-          },
-        ],
-        "displayDevice": { # A set of Display Device options # Display Device properties to enable support for remote display products like: Teradici, VNC and TeamViewer Note that for MachineImage, this is not supported yet.
-          "enableDisplay": True or False, # Defines whether the instance has Display enabled.
-        },
-        "guestAccelerators": [ # A list of guest accelerator cards' type and count to use for instances created from these properties.
-          { # A specification of the type and number of accelerator cards attached to the instance.
-            "acceleratorCount": 42, # The number of the guest accelerator cards exposed to this instance.
-            "acceleratorType": "A String", # Full or partial URL of the accelerator type resource to attach to this instance. For example: projects/my-project/zones/us-central1-c/acceleratorTypes/nvidia-tesla-p100 If you are creating an instance template, specify only the accelerator name. See GPUs on Compute Engine for a full list of accelerator types.
-          },
-        ],
-        "labels": { # Labels to apply to instances that are created from these properties.
-          "a_key": "A String",
-        },
-        "machineType": "A String", # The machine type to use for instances that are created from these properties.
-        "metadata": { # A metadata key/value entry. # The metadata key/value pairs to assign to instances that are created from these properties. These pairs can consist of custom metadata or predefined keys. See Project and instance metadata for more information.
-          "fingerprint": "A String", # Specifies a fingerprint for this request, which is essentially a hash of the metadata's contents and used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update metadata. You must always provide an up-to-date fingerprint hash in order to update or change metadata, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve the resource.
-          "items": [ # Array of key/value pairs. The total size of all keys and values must be less than 512 KB.
-            { # Metadata
-              "key": "A String", # Key for the metadata entry. Keys must conform to the following regexp: [a-zA-Z0-9-_]+, and be less than 128 bytes in length. This is reflected as part of a URL in the metadata server. Additionally, to avoid ambiguity, keys must not conflict with any other metadata keys for the project.
-              "value": "A String", # Value for the metadata entry. These are free-form strings, and only have meaning as interpreted by the image running in the instance. The only restriction placed on values is that their size must be less than or equal to 262144 bytes (256 KiB).
-            },
-          ],
-          "kind": "compute#metadata", # [Output Only] Type of the resource. Always compute#metadata for metadata.
-        },
-        "minCpuPlatform": "A String", # Minimum cpu/platform to be used by instances. The instance may be scheduled on the specified or newer cpu/platform. Applicable values are the friendly names of CPU platforms, such as minCpuPlatform: "Intel Haswell" or minCpuPlatform: "Intel Sandy Bridge". For more information, read Specifying a Minimum CPU Platform.
-        "networkInterfaces": [ # An array of network access configurations for this interface.
-          { # A network interface resource attached to an instance.
-            "accessConfigs": [ # An array of configurations for this interface. Currently, only one access config, ONE_TO_ONE_NAT, is supported. If there are no accessConfigs specified, then this instance will have no external internet access.
-              { # An access configuration attached to an instance's network interface. Only one access config per instance is supported.
-                "externalIpv6": "A String", # [Output Only] The first IPv6 address of the external IPv6 range associated with this instance, prefix length is stored in externalIpv6PrefixLength in ipv6AccessConfig. The field is output only, an IPv6 address from a subnetwork associated with the instance will be allocated dynamically.
-                "externalIpv6PrefixLength": 42, # [Output Only] The prefix length of the external IPv6 range.
-                "kind": "compute#accessConfig", # [Output Only] Type of the resource. Always compute#accessConfig for access configs.
-                "name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access.
-                "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
-                "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
-                "publicDnsName": "A String", # [Output Only] The public DNS domain name for the instance.
-                "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
-                "setPublicDns": True or False, # Specifies whether a public DNS 'A' record should be created for the external IP address of this access configuration.
-                "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
-                "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
-              },
-            ],
-            "aliasIpRanges": [ # An array of alias IP ranges for this network interface. You can only specify this field for network interfaces in VPC networks.
-              { # An alias IP range attached to an instance's network interface.
-                "ipCidrRange": "A String", # The IP alias ranges to allocate for this interface. This IP CIDR range must belong to the specified subnetwork and cannot contain IP addresses reserved by system or used by other network interfaces. This range may be a single IP address (such as 10.2.3.4), a netmask (such as /24) or a CIDR-formatted string (such as 10.1.2.0/24).
-                "subnetworkRangeName": "A String", # The name of a subnetwork secondary IP range from which to allocate an IP alias range. If not specified, the primary range of the subnetwork is used.
-              },
-            ],
-            "fingerprint": "A String", # Fingerprint hash of contents stored in this network interface. This field will be ignored when inserting an Instance or adding a NetworkInterface. An up-to-date fingerprint must be provided in order to update the NetworkInterface. The request will fail with error 400 Bad Request if the fingerprint is not provided, or 412 Precondition Failed if the fingerprint is out of date.
-            "internalIpv6PrefixLength": 42, # [Output Only] The prefix length of the primary internal IPv6 range.
-            "ipv6AccessConfigs": [ # An array of IPv6 access configurations for this interface. Currently, only one IPv6 access config, DIRECT_IPV6, is supported. If there is no ipv6AccessConfig specified, then this instance will have no external IPv6 Internet access.
-              { # An access configuration attached to an instance's network interface. Only one access config per instance is supported.
-                "externalIpv6": "A String", # [Output Only] The first IPv6 address of the external IPv6 range associated with this instance, prefix length is stored in externalIpv6PrefixLength in ipv6AccessConfig. The field is output only, an IPv6 address from a subnetwork associated with the instance will be allocated dynamically.
-                "externalIpv6PrefixLength": 42, # [Output Only] The prefix length of the external IPv6 range.
-                "kind": "compute#accessConfig", # [Output Only] Type of the resource. Always compute#accessConfig for access configs.
-                "name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access.
-                "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
-                "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
-                "publicDnsName": "A String", # [Output Only] The public DNS domain name for the instance.
-                "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
-                "setPublicDns": True or False, # Specifies whether a public DNS 'A' record should be created for the external IP address of this access configuration.
-                "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
-                "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
-              },
-            ],
-            "ipv6AccessType": "A String", # [Output Only] One of EXTERNAL, INTERNAL to indicate whether the IP can be accessed from the Internet. This field is always inherited from its subnetwork. Valid only if stackType is IPV4_IPV6.
-            "ipv6Address": "A String", # [Output Only] An IPv6 internal network address for this network interface.
-            "kind": "compute#networkInterface", # [Output Only] Type of the resource. Always compute#networkInterface for network interfaces.
-            "name": "A String", # [Output Only] The name of the network interface, which is generated by the server. For network devices, these are eth0, eth1, etc.
-            "network": "A String", # URL of the network resource for this instance. When creating an instance, if neither the network nor the subnetwork is specified, the default network global/networks/default is used; if the network is not specified but the subnetwork is specified, the network is inferred. If you specify this property, you can specify the network as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/project/global/networks/ network - projects/project/global/networks/network - global/networks/default
-            "networkIP": "A String", # An IPv4 internal IP address to assign to the instance for this network interface. If not specified by the user, an unused internal IP is assigned by the system.
-            "nicType": "A String", # The type of vNIC to be used on this interface. This may be gVNIC or VirtioNet.
-            "queueCount": 42, # The networking queue count that's specified by users for the network interface. Both Rx and Tx queues will be set to this number. It'll be empty if not specified by the users.
-            "stackType": "A String", # The stack type for this network interface to identify whether the IPv6 feature is enabled or not. If not specified, IPV4_ONLY will be used. This field can be both set at instance creation and update network interface operations.
-            "subinterfaces": [ # SubInterfaces help enable L2 communication for the instance over subnetworks that support L2. Every network interface will get a default untagged (vlan not specified) subinterface. Users can specify additional tagged subinterfaces which are sub-fields to the Network Interface.
-              {
-                "ipAddress": "A String", # An IPv4 internal IP address to assign to the instance for this subinterface. If specified, ip_allocation_mode should be set to ALLOCATE_IP.
-                "ipAllocationMode": "A String",
-                "subnetwork": "A String", # If specified, this subnetwork must belong to the same network as that of the network interface. If not specified the subnet of network interface will be used. If you specify this property, you can specify the subnetwork as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/project/regions/region /subnetworks/subnetwork - regions/region/subnetworks/subnetwork
-                "vlan": 42, # VLAN tag. Should match the VLAN(s) supported by the subnetwork to which this subinterface is connecting.
-              },
-            ],
-            "subnetwork": "A String", # The URL of the Subnetwork resource for this instance. If the network resource is in legacy mode, do not specify this field. If the network is in auto subnet mode, specifying the subnetwork is optional. If the network is in custom subnet mode, specifying the subnetwork is required. If you specify this field, you can specify the subnetwork as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/project/regions/region /subnetworks/subnetwork - regions/region/subnetworks/subnetwork
-          },
-        ],
-        "networkPerformanceConfig": { # Note that for MachineImage, this is not supported yet.
-          "externalIpEgressBandwidthTier": "A String",
-          "totalEgressBandwidthTier": "A String",
-        },
-        "postKeyRevocationActionType": "A String", # PostKeyRevocationActionType of the instance.
-        "privateIpv6GoogleAccess": "A String", # The private IPv6 google access type for VMs. If not specified, use INHERIT_FROM_SUBNETWORK as default. Note that for MachineImage, this is not supported yet.
-        "reservationAffinity": { # Specifies the reservations that this instance can consume from. # Specifies the reservations that instances can consume from. Note that for MachineImage, this is not supported yet.
-          "consumeReservationType": "A String", # Specifies the type of reservation from which this instance can consume resources: ANY_RESERVATION (default), SPECIFIC_RESERVATION, or NO_RESERVATION. See Consuming reserved instances for examples.
-          "key": "A String", # Corresponds to the label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify googleapis.com/reservation-name as the key and specify the name of your reservation as its value.
-          "values": [ # Corresponds to the label values of a reservation resource. This can be either a name to a reservation in the same project or "projects/different-project/reservations/some-reservation-name" to target a shared reservation in the same zone but in a different project.
-            "A String",
-          ],
-        },
-        "resourcePolicies": [ # Resource policies (names, not ULRs) applied to instances created from these properties. Note that for MachineImage, this is not supported yet.
-          "A String",
-        ],
-        "scheduling": { # Sets the scheduling options for an Instance. NextID: 21 # Specifies the scheduling options for the instances that are created from these properties.
-          "automaticRestart": True or False, # Specifies whether the instance should be automatically restarted if it is terminated by Compute Engine (not terminated by a user). You can only set the automatic restart option for standard instances. Preemptible instances cannot be automatically restarted. By default, this is set to true so an instance is automatically restarted if it is terminated by Compute Engine.
-          "availabilityDomain": 42, # Specifies the availability domain (AD), which this instance should be scheduled on. The AD belongs to the spread GroupPlacementPolicy resource policy that has been assigned to the instance. Specify a value between 1-max count of availability domains in your GroupPlacementPolicy. See go/placement-policy-extension for more details.
-          "currentCpus": 42, # Current number of vCPUs available for VM. 0 or unset means default vCPUs of the current machine type.
-          "currentMemoryMb": "A String", # Current amount of memory (in MB) available for VM. 0 or unset means default amount of memory of the current machine type.
-          "hostErrorTimeoutSeconds": 42, # Specify the time in seconds for host error detection, the value must be within the range of [90, 330] with the increment of 30, if unset, the default behavior of host error recovery will be used.
-          "instanceTerminationAction": "A String", # Specifies the termination action for the instance.
-          "latencyTolerant": True or False, # Defines whether the instance is tolerant of higher cpu latency. This can only be set during instance creation, or when the instance is not currently running. It must not be set if the preemptible option is also set.
-          "locationHint": "A String", # An opaque location hint used to place the instance close to other resources. This field is for use by internal tools that use the public API.
-          "maintenanceFreezeDurationHours": 42, # Specifies the number of hours after VM instance creation where the VM won't be scheduled for maintenance.
-          "maintenanceInterval": "A String", # For more information about maintenance intervals, see Setting maintenance intervals.
-          "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node.
-          "nodeAffinities": [ # A set of node affinity and anti-affinity configurations. Refer to Configuring node affinity for more information. Overrides reservationAffinity.
-            { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled.
-              "key": "A String", # Corresponds to the label key of Node resource.
-              "operator": "A String", # Defines the operation of node selection. Valid operators are IN for affinity and NOT_IN for anti-affinity.
-              "values": [ # Corresponds to the label values of Node resource.
-                "A String",
-              ],
-            },
-          ],
-          "onHostMaintenance": "A String", # Defines the maintenance behavior for this instance. For standard instances, the default behavior is MIGRATE. For preemptible instances, the default and only possible behavior is TERMINATE. For more information, see Setting Instance Scheduling Options.
-          "preemptible": True or False, # Defines whether the instance is preemptible. This can only be set during instance creation or while the instance is stopped and therefore, in a `TERMINATED` state. See Instance Life Cycle for more information on the possible instance states.
-          "provisioningModel": "A String", # Specifies the provisioning model of the instance.
-        },
-        "secureTags": [ # [Input Only] Secure tags to apply to this instance. Maximum number of secure tags allowed is 50. Note that for MachineImage, this is not supported yet.
-          "A String",
-        ],
-        "serviceAccounts": [ # A list of service accounts with specified scopes. Access tokens for these service accounts are available to the instances that are created from these properties. Use metadata queries to obtain the access tokens for these instances.
-          { # A service account.
-            "email": "A String", # Email address of the service account.
-            "scopes": [ # The list of scopes to be made available for this service account.
-              "A String",
-            ],
-          },
-        ],
-        "shieldedInstanceConfig": { # A set of Shielded Instance options. # Note that for MachineImage, this is not supported yet.
-          "enableIntegrityMonitoring": True or False, # Defines whether the instance has integrity monitoring enabled. Enabled by default.
-          "enableSecureBoot": True or False, # Defines whether the instance has Secure Boot enabled. Disabled by default.
-          "enableVtpm": True or False, # Defines whether the instance has the vTPM enabled. Enabled by default.
-        },
-        "shieldedVmConfig": { # A set of Shielded VM options. # Specifies the Shielded VM options for the instances that are created from these properties.
-          "enableIntegrityMonitoring": True or False, # Defines whether the instance has integrity monitoring enabled.
-          "enableSecureBoot": True or False, # Defines whether the instance has Secure Boot enabled.
-          "enableVtpm": True or False, # Defines whether the instance has the vTPM enabled.
-        },
-        "tags": { # A set of instance tags. # A list of tags to apply to the instances that are created from these properties. The tags identify valid sources or targets for network firewalls. The setTags method can modify this list of tags. Each tag within the list must comply with RFC1035.
-          "fingerprint": "A String", # Specifies a fingerprint for this request, which is essentially a hash of the tags' contents and used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update tags. You must always provide an up-to-date fingerprint hash in order to update or change tags. To see the latest fingerprint, make get() request to the instance.
-          "items": [ # An array of tags. Each tag must be 1-63 characters long, and comply with RFC1035.
-            "A String",
-          ],
-        },
-      },
       "kind": "compute#machineImage", # [Output Only] The resource type, which is always compute#machineImage for machine image.
       "machineImageEncryptionKey": { # Encrypts the machine image using a customer-supplied encryption key. After you encrypt a machine image using a customer-supplied key, you must provide the same key if you use the machine image later. For example, you must provide the encryption key when you create an instance from the encrypted machine image in a future request. Customer-supplied encryption keys do not protect access to metadata of the machine image. If you do not provide an encryption key when creating the machine image, then the machine image will be encrypted using an automatically generated key and you do not need to provide a key to use the machine image later.
         "kmsKeyName": "A String", # The name of the encryption key that is stored in Google Cloud KMS. For example: "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/ key_region/cryptoKeys/key
@@ -1620,14 +785,6 @@ 
Method Details

       },
       "name": "A String", # Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
       "satisfiesPzs": True or False, # [Output Only] Reserved for future use.
-      "savedDisks": [ # An array of Machine Image specific properties for disks attached to the source instance
-        { # An instance-attached disk resource.
-          "kind": "compute#savedDisk", # [Output Only] Type of the resource. Always compute#savedDisk for attached disks.
-          "sourceDisk": "A String", # Specifies a URL of the disk attached to the source instance.
-          "storageBytes": "A String", # [Output Only] Size of the individual disk snapshot used by this machine image.
-          "storageBytesStatus": "A String", # [Output Only] An indicator whether storageBytes is in a stable state or it is being adjusted as a result of shared storage reallocation. This status can either be UPDATING, meaning the size of the snapshot is being updated, or UP_TO_DATE, meaning the size of the snapshot is up-to-date.
-        },
-      ],
       "selfLink": "A String", # [Output Only] The URL for this machine image. The server defines this URL.
       "selfLinkWithId": "A String", # [Output Only] Server-defined URL for this resource with the resource id.
       "sourceDiskEncryptionKeys": [ # [Input Only] The customer-supplied encryption key of the disks attached to the source instance. Required if the source disk is protected by a customer-supplied encryption key.
@@ -1711,9 +868,9 @@ 
Method Details

                 "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
                 "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
                 "publicDnsName": "A String", # [Output Only] The public DNS domain name for the instance.
-                "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
+                "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
                 "setPublicDns": True or False, # Specifies whether a public DNS 'A' record should be created for the external IP address of this access configuration.
-                "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+                "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
                 "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
               },
             ],
@@ -1734,9 +891,9 @@ 
Method Details

                 "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
                 "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
                 "publicDnsName": "A String", # [Output Only] The public DNS domain name for the instance.
-                "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
+                "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
                 "setPublicDns": True or False, # Specifies whether a public DNS 'A' record should be created for the external IP address of this access configuration.
-                "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+                "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
                 "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
               },
             ],
@@ -1760,7 +917,7 @@ 
Method Details

             "subnetwork": "A String", # The URL of the Subnetwork resource for this instance. If the network resource is in legacy mode, do not specify this field. If the network is in auto subnet mode, specifying the subnetwork is optional. If the network is in custom subnet mode, specifying the subnetwork is required. If you specify this field, you can specify the subnetwork as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/project/regions/region /subnetworks/subnetwork - regions/region/subnetworks/subnetwork
           },
         ],
-        "postKeyRevocationActionType": "A String", # PostKeyRevocationActionType of the instance.
+        "postKeyRevocationActionType": "A String", # PostKeyRevocationActionType of the instance. (will be deprecated soon)
         "scheduling": { # Sets the scheduling options for an Instance. NextID: 21 # Specifies the scheduling options for the instances that are created from this machine image.
           "automaticRestart": True or False, # Specifies whether the instance should be automatically restarted if it is terminated by Compute Engine (not terminated by a user). You can only set the automatic restart option for standard instances. Preemptible instances cannot be automatically restarted. By default, this is set to true so an instance is automatically restarted if it is terminated by Compute Engine.
           "availabilityDomain": 42, # Specifies the availability domain (AD), which this instance should be scheduled on. The AD belongs to the spread GroupPlacementPolicy resource policy that has been assigned to the instance. Specify a value between 1-max count of availability domains in your GroupPlacementPolicy. See go/placement-policy-extension for more details.
diff --git a/docs/dyn/compute_alpha.networkEdgeSecurityServices.html b/docs/dyn/compute_alpha.networkEdgeSecurityServices.html
index 39d81dacc8b..fcf0d0f19bb 100644
--- a/docs/dyn/compute_alpha.networkEdgeSecurityServices.html
+++ b/docs/dyn/compute_alpha.networkEdgeSecurityServices.html
@@ -221,9 +221,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -335,9 +332,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -421,9 +415,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.networkEndpointGroups.html b/docs/dyn/compute_alpha.networkEndpointGroups.html
index 5c538775d37..290e08343e3 100644
--- a/docs/dyn/compute_alpha.networkEndpointGroups.html
+++ b/docs/dyn/compute_alpha.networkEndpointGroups.html
@@ -285,9 +285,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -358,9 +355,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -443,9 +437,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -626,9 +617,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.networkFirewallPolicies.html b/docs/dyn/compute_alpha.networkFirewallPolicies.html
index 9de2e6d6e91..cc047a1e0a6 100644
--- a/docs/dyn/compute_alpha.networkFirewallPolicies.html
+++ b/docs/dyn/compute_alpha.networkFirewallPolicies.html
@@ -176,9 +176,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -299,9 +296,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -367,9 +361,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -439,9 +430,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -875,9 +863,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1150,9 +1135,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1272,9 +1254,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1340,9 +1319,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1408,9 +1384,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.networks.html b/docs/dyn/compute_alpha.networks.html
index c6eeee35f6e..dee937c12ff 100644
--- a/docs/dyn/compute_alpha.networks.html
+++ b/docs/dyn/compute_alpha.networks.html
@@ -192,9 +192,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -264,9 +261,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -460,7 +454,7 @@ 
Method Details

         "enable": True or False, # This field denotes whether to enable logging for a particular firewall rule.
         "metadata": "A String", # This field can only be specified for a particular firewall rule if logging is enabled for that rule. This field denotes whether to include or exclude metadata for firewall logs.
       },
-      "name": "A String", # Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?`. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit.
+      "name": "A String", # Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])?. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit.
       "network": "A String", # URL of the network resource for this firewall rule. If not specified when creating a firewall rule, the default network is used: global/networks/default If you choose to specify this field, you can specify the network as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/myproject/global/networks/my-network - projects/myproject/global/networks/my-network - global/networks/default
       "priority": 42, # Priority for this rule. This is an integer between `0` and `65535`, both inclusive. The default value is `1000`. Relative priorities determine which rule takes effect if multiple rules apply. Lower values indicate higher priority. For example, a rule with priority `0` has higher precedence than a rule with priority `1`. DENY rules take precedence over ALLOW rules if they have equal priority. Note that VPC networks have implied rules with a priority of `65535`. To avoid conflicts with the implied rules, use a priority number less than `65535`.
       "selfLink": "A String", # [Output Only] Server-defined URL for the resource.
@@ -647,9 +641,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1044,9 +1035,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1118,9 +1106,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1185,9 +1170,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1303,9 +1285,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.nodeGroups.html b/docs/dyn/compute_alpha.nodeGroups.html
index ecbf17ecf23..49ec3a19fcb 100644
--- a/docs/dyn/compute_alpha.nodeGroups.html
+++ b/docs/dyn/compute_alpha.nodeGroups.html
@@ -169,9 +169,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -358,9 +355,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -435,9 +429,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -720,9 +711,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1018,9 +1006,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1305,9 +1290,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.nodeTemplates.html b/docs/dyn/compute_alpha.nodeTemplates.html
index c81656fbd81..b7dcf258a2c 100644
--- a/docs/dyn/compute_alpha.nodeTemplates.html
+++ b/docs/dyn/compute_alpha.nodeTemplates.html
@@ -258,9 +258,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -528,9 +525,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.organizationSecurityPolicies.html b/docs/dyn/compute_alpha.organizationSecurityPolicies.html
index cde64ffa618..c097aa56c7a 100644
--- a/docs/dyn/compute_alpha.organizationSecurityPolicies.html
+++ b/docs/dyn/compute_alpha.organizationSecurityPolicies.html
@@ -171,9 +171,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -319,9 +316,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -391,9 +385,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -457,9 +448,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -907,9 +895,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1180,9 +1165,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1373,9 +1355,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1522,9 +1501,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1589,9 +1565,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1656,9 +1629,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.packetMirrorings.html b/docs/dyn/compute_alpha.packetMirrorings.html
index 6631c814c23..b5dbde72232 100644
--- a/docs/dyn/compute_alpha.packetMirrorings.html
+++ b/docs/dyn/compute_alpha.packetMirrorings.html
@@ -263,9 +263,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -444,9 +441,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -662,9 +656,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.projects.html b/docs/dyn/compute_alpha.projects.html
index 7df77edd41a..32805bc059e 100644
--- a/docs/dyn/compute_alpha.projects.html
+++ b/docs/dyn/compute_alpha.projects.html
@@ -165,9 +165,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -241,9 +238,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -307,9 +301,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -383,9 +374,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -703,9 +691,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -777,9 +762,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -857,9 +839,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -930,9 +909,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1003,9 +979,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1077,9 +1050,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.publicAdvertisedPrefixes.html b/docs/dyn/compute_alpha.publicAdvertisedPrefixes.html
index 6253b710501..8041a2b3144 100644
--- a/docs/dyn/compute_alpha.publicAdvertisedPrefixes.html
+++ b/docs/dyn/compute_alpha.publicAdvertisedPrefixes.html
@@ -136,9 +136,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -269,9 +266,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -439,9 +433,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.publicDelegatedPrefixes.html b/docs/dyn/compute_alpha.publicDelegatedPrefixes.html
index c6acc25b3d4..c6bb910273c 100644
--- a/docs/dyn/compute_alpha.publicDelegatedPrefixes.html
+++ b/docs/dyn/compute_alpha.publicDelegatedPrefixes.html
@@ -240,9 +240,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -381,9 +378,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -559,9 +553,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.regionAutoscalers.html b/docs/dyn/compute_alpha.regionAutoscalers.html
index 076a5ef27cc..8fa816deb60 100644
--- a/docs/dyn/compute_alpha.regionAutoscalers.html
+++ b/docs/dyn/compute_alpha.regionAutoscalers.html
@@ -143,9 +143,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -382,9 +379,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -658,9 +652,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -837,9 +828,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.regionBackendServices.html b/docs/dyn/compute_alpha.regionBackendServices.html
index aeb7bce018a..d37dd24f179 100644
--- a/docs/dyn/compute_alpha.regionBackendServices.html
+++ b/docs/dyn/compute_alpha.regionBackendServices.html
@@ -152,9 +152,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -242,7 +239,7 @@ 
Method Details

       ],
     },
     "cacheMode": "A String", # Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS Requires the origin to set valid caching headers to cache content. Responses without these headers will not be cached at Google's edge, and will require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server. FORCE_CACHE_ALL Cache all content, ignoring any "private", "no-store" or "no-cache" directives in Cache-Control response headers. Warning: this may result in Cloud CDN caching private, per-user (user identifiable) content. CACHE_ALL_STATIC Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), will not be cached.
-    "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 31,622,400s (1 year).
+    "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 86400s (1 day).
     "defaultTtl": 42, # Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). Setting a TTL of "0" means "always revalidate". The value of defaultTTL cannot be set to a value greater than that of maxTTL, but can be equal. When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
     "maxTtl": 42, # Specifies the maximum allowed TTL for cached content served by this origin. Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTTL seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. Headers sent to the client will not be modified. Setting a TTL of "0" means "always revalidate". The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
     "negativeCaching": True or False, # Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. When the cache mode is set to CACHE_ALL_STATIC or USE_ORIGIN_HEADERS, negative caching applies to responses with the specified response code that lack any Cache-Control, Expires, or Pragma: no-cache directives. When the cache mode is set to FORCE_CACHE_ALL, negative caching applies to all responses with the specified response code, and override any caching headers. By default, Cloud CDN will apply the following default TTLs to these status codes: HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s HTTP 405 (Method Not Found), 421 (Misdirected Request), 501 (Not Implemented): 60s. These defaults can be overridden in negative_caching_policy.
@@ -799,7 +796,7 @@ 
Method Details

       ],
     },
     "cacheMode": "A String", # Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS Requires the origin to set valid caching headers to cache content. Responses without these headers will not be cached at Google's edge, and will require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server. FORCE_CACHE_ALL Cache all content, ignoring any "private", "no-store" or "no-cache" directives in Cache-Control response headers. Warning: this may result in Cloud CDN caching private, per-user (user identifiable) content. CACHE_ALL_STATIC Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), will not be cached.
-    "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 31,622,400s (1 year).
+    "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 86400s (1 day).
     "defaultTtl": 42, # Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). Setting a TTL of "0" means "always revalidate". The value of defaultTTL cannot be set to a value greater than that of maxTTL, but can be equal. When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
     "maxTtl": 42, # Specifies the maximum allowed TTL for cached content served by this origin. Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTTL seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. Headers sent to the client will not be modified. Setting a TTL of "0" means "always revalidate". The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
     "negativeCaching": True or False, # Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. When the cache mode is set to CACHE_ALL_STATIC or USE_ORIGIN_HEADERS, negative caching applies to responses with the specified response code that lack any Cache-Control, Expires, or Pragma: no-cache directives. When the cache mode is set to FORCE_CACHE_ALL, negative caching applies to all responses with the specified response code, and override any caching headers. By default, Cloud CDN will apply the following default TTLs to these status codes: HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s HTTP 405 (Method Not Found), 421 (Misdirected Request), 501 (Not Implemented): 60s. These defaults can be overridden in negative_caching_policy.
@@ -1180,9 +1177,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1277,7 +1271,7 @@ 
Method Details

           ],
         },
         "cacheMode": "A String", # Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS Requires the origin to set valid caching headers to cache content. Responses without these headers will not be cached at Google's edge, and will require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server. FORCE_CACHE_ALL Cache all content, ignoring any "private", "no-store" or "no-cache" directives in Cache-Control response headers. Warning: this may result in Cloud CDN caching private, per-user (user identifiable) content. CACHE_ALL_STATIC Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), will not be cached.
-        "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 31,622,400s (1 year).
+        "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 86400s (1 day).
         "defaultTtl": 42, # Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). Setting a TTL of "0" means "always revalidate". The value of defaultTTL cannot be set to a value greater than that of maxTTL, but can be equal. When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
         "maxTtl": 42, # Specifies the maximum allowed TTL for cached content served by this origin. Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTTL seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. Headers sent to the client will not be modified. Setting a TTL of "0" means "always revalidate". The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
         "negativeCaching": True or False, # Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. When the cache mode is set to CACHE_ALL_STATIC or USE_ORIGIN_HEADERS, negative caching applies to responses with the specified response code that lack any Cache-Control, Expires, or Pragma: no-cache directives. When the cache mode is set to FORCE_CACHE_ALL, negative caching applies to all responses with the specified response code, and override any caching headers. By default, Cloud CDN will apply the following default TTLs to these status codes: HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s HTTP 405 (Method Not Found), 421 (Misdirected Request), 501 (Not Implemented): 60s. These defaults can be overridden in negative_caching_policy.
@@ -1713,7 +1707,7 @@ 
Method Details

       ],
     },
     "cacheMode": "A String", # Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS Requires the origin to set valid caching headers to cache content. Responses without these headers will not be cached at Google's edge, and will require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server. FORCE_CACHE_ALL Cache all content, ignoring any "private", "no-store" or "no-cache" directives in Cache-Control response headers. Warning: this may result in Cloud CDN caching private, per-user (user identifiable) content. CACHE_ALL_STATIC Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), will not be cached.
-    "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 31,622,400s (1 year).
+    "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 86400s (1 day).
     "defaultTtl": 42, # Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). Setting a TTL of "0" means "always revalidate". The value of defaultTTL cannot be set to a value greater than that of maxTTL, but can be equal. When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
     "maxTtl": 42, # Specifies the maximum allowed TTL for cached content served by this origin. Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTTL seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. Headers sent to the client will not be modified. Setting a TTL of "0" means "always revalidate". The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
     "negativeCaching": True or False, # Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. When the cache mode is set to CACHE_ALL_STATIC or USE_ORIGIN_HEADERS, negative caching applies to responses with the specified response code that lack any Cache-Control, Expires, or Pragma: no-cache directives. When the cache mode is set to FORCE_CACHE_ALL, negative caching applies to all responses with the specified response code, and override any caching headers. By default, Cloud CDN will apply the following default TTLs to these status codes: HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s HTTP 405 (Method Not Found), 421 (Misdirected Request), 501 (Not Implemented): 60s. These defaults can be overridden in negative_caching_policy.
@@ -2094,9 +2088,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -2423,7 +2414,7 @@ 
Method Details

       ],
     },
     "cacheMode": "A String", # Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS Requires the origin to set valid caching headers to cache content. Responses without these headers will not be cached at Google's edge, and will require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server. FORCE_CACHE_ALL Cache all content, ignoring any "private", "no-store" or "no-cache" directives in Cache-Control response headers. Warning: this may result in Cloud CDN caching private, per-user (user identifiable) content. CACHE_ALL_STATIC Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), will not be cached.
-    "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 31,622,400s (1 year).
+    "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 86400s (1 day).
     "defaultTtl": 42, # Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). Setting a TTL of "0" means "always revalidate". The value of defaultTTL cannot be set to a value greater than that of maxTTL, but can be equal. When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
     "maxTtl": 42, # Specifies the maximum allowed TTL for cached content served by this origin. Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTTL seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. Headers sent to the client will not be modified. Setting a TTL of "0" means "always revalidate". The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
     "negativeCaching": True or False, # Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. When the cache mode is set to CACHE_ALL_STATIC or USE_ORIGIN_HEADERS, negative caching applies to responses with the specified response code that lack any Cache-Control, Expires, or Pragma: no-cache directives. When the cache mode is set to FORCE_CACHE_ALL, negative caching applies to all responses with the specified response code, and override any caching headers. By default, Cloud CDN will apply the following default TTLs to these status codes: HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s HTTP 405 (Method Not Found), 421 (Misdirected Request), 501 (Not Implemented): 60s. These defaults can be overridden in negative_caching_policy.
@@ -2804,9 +2795,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.regionCommitments.html b/docs/dyn/compute_alpha.regionCommitments.html
index d67050f93f4..e28039092a2 100644
--- a/docs/dyn/compute_alpha.regionCommitments.html
+++ b/docs/dyn/compute_alpha.regionCommitments.html
@@ -493,9 +493,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -823,9 +820,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -952,9 +946,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.regionDisks.html b/docs/dyn/compute_alpha.regionDisks.html
index 57ebbdd99de..201b2fbf947 100644
--- a/docs/dyn/compute_alpha.regionDisks.html
+++ b/docs/dyn/compute_alpha.regionDisks.html
@@ -165,9 +165,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -301,9 +298,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -369,9 +363,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -730,9 +721,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -944,9 +932,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1019,9 +1004,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1309,9 +1291,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1498,9 +1477,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.regionHealthCheckServices.html b/docs/dyn/compute_alpha.regionHealthCheckServices.html
index 7592d2860cb..2a5b650c6e5 100644
--- a/docs/dyn/compute_alpha.regionHealthCheckServices.html
+++ b/docs/dyn/compute_alpha.regionHealthCheckServices.html
@@ -239,9 +239,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -372,9 +369,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -542,9 +536,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.regionHealthChecks.html b/docs/dyn/compute_alpha.regionHealthChecks.html
index 150d78f64e2..0fd77ac6863 100644
--- a/docs/dyn/compute_alpha.regionHealthChecks.html
+++ b/docs/dyn/compute_alpha.regionHealthChecks.html
@@ -143,9 +143,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -384,9 +381,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -662,9 +656,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -842,9 +833,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.regionInstanceGroupManagers.html b/docs/dyn/compute_alpha.regionInstanceGroupManagers.html
index a4104bf574a..c2e5299ce26 100644
--- a/docs/dyn/compute_alpha.regionInstanceGroupManagers.html
+++ b/docs/dyn/compute_alpha.regionInstanceGroupManagers.html
@@ -216,9 +216,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -296,9 +293,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -412,9 +406,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -480,9 +471,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -559,9 +547,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -635,9 +620,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1022,9 +1004,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1726,9 +1705,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1837,9 +1813,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1914,9 +1887,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1983,9 +1953,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -2059,9 +2026,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -2136,9 +2100,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -2222,9 +2183,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -2297,9 +2255,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -2375,9 +2330,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -2452,9 +2404,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -2530,9 +2479,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -2608,9 +2554,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -2861,9 +2804,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -2972,9 +2912,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.regionInstanceGroups.html b/docs/dyn/compute_alpha.regionInstanceGroups.html
index 6517d7518ad..36b9c22b5ae 100644
--- a/docs/dyn/compute_alpha.regionInstanceGroups.html
+++ b/docs/dyn/compute_alpha.regionInstanceGroups.html
@@ -340,9 +340,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.regionInstances.html b/docs/dyn/compute_alpha.regionInstances.html
index 4851ab75615..69ce2c3e186 100644
--- a/docs/dyn/compute_alpha.regionInstances.html
+++ b/docs/dyn/compute_alpha.regionInstances.html
@@ -266,9 +266,9 @@ 
Method Details

             "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
             "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
             "publicDnsName": "A String", # [Output Only] The public DNS domain name for the instance.
-            "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
+            "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
             "setPublicDns": True or False, # Specifies whether a public DNS 'A' record should be created for the external IP address of this access configuration.
-            "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+            "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
             "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
           },
         ],
@@ -289,9 +289,9 @@ 
Method Details

             "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
             "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
             "publicDnsName": "A String", # [Output Only] The public DNS domain name for the instance.
-            "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
+            "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
             "setPublicDns": True or False, # Specifies whether a public DNS 'A' record should be created for the external IP address of this access configuration.
-            "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+            "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
             "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
           },
         ],
@@ -424,7 +424,7 @@ 
Method Details

     "zone": "A String", # [Output Only] URL of the zone where the instance resides. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.
   },
   "instanceProperties": { # The instance properties defining the VM instances to be created. Required if sourceInstanceTemplate is not provided.
-    "advancedMachineFeatures": { # Specifies options for controlling advanced machine features. Options that would traditionally be configured in a BIOS belong here. Features that require operating system support may have corresponding entries in the GuestOsFeatures of an Image (e.g., whether or not the OS in the Image supports nested virtualization being enabled or disabled). # Controls for advanced machine-related behavior features. Note that for MachineImage, this is not supported yet.
+    "advancedMachineFeatures": { # Specifies options for controlling advanced machine features. Options that would traditionally be configured in a BIOS belong here. Features that require operating system support may have corresponding entries in the GuestOsFeatures of an Image (e.g., whether or not the OS in the Image supports nested virtualization being enabled or disabled). # Controls for advanced machine-related behavior features.
       "enableNestedVirtualization": True or False, # Whether to enable nested virtualization or not (default is false).
       "enableUefiNetworking": True or False, # Whether to enable UEFI networking for instance creation.
       "numaNodeCount": 42, # The number of vNUMA nodes.
@@ -432,7 +432,7 @@ 
Method Details

       "visibleCoreCount": 42, # The number of physical cores to expose to an instance. Multiply by the number of threads per core to compute the total number of virtual CPUs to expose to the instance. If unset, the number of cores is inferred from the instance's nominal CPU count and the underlying platform's SMT width.
     },
     "canIpForward": True or False, # Enables instances created based on these properties to send packets with source IP addresses other than their own and receive packets with destination IP addresses other than their own. If these instances will be used as an IP gateway or it will be set as the next-hop in a Route resource, specify true. If unsure, leave this set to false. See the Enable IP forwarding documentation for more information.
-    "confidentialInstanceConfig": { # A set of Confidential Instance options. # Specifies the Confidential Instance options. Note that for MachineImage, this is not supported yet.
+    "confidentialInstanceConfig": { # A set of Confidential Instance options. # Specifies the Confidential Instance options.
       "enableConfidentialCompute": True or False, # Defines whether the instance should have confidential compute enabled.
     },
     "description": "A String", # An optional text description for the instances that are created from these properties.
@@ -541,7 +541,7 @@ 
Method Details

         ],
       },
     ],
-    "displayDevice": { # A set of Display Device options # Display Device properties to enable support for remote display products like: Teradici, VNC and TeamViewer Note that for MachineImage, this is not supported yet.
+    "displayDevice": { # A set of Display Device options # Display Device properties to enable support for remote display products like: Teradici, VNC and TeamViewer
       "enableDisplay": True or False, # Defines whether the instance has Display enabled.
     },
     "guestAccelerators": [ # A list of guest accelerator cards' type and count to use for instances created from these properties.
@@ -576,9 +576,9 @@ 
Method Details

             "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
             "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
             "publicDnsName": "A String", # [Output Only] The public DNS domain name for the instance.
-            "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
+            "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
             "setPublicDns": True or False, # Specifies whether a public DNS 'A' record should be created for the external IP address of this access configuration.
-            "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+            "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
             "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
           },
         ],
@@ -599,9 +599,9 @@ 
Method Details

             "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
             "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
             "publicDnsName": "A String", # [Output Only] The public DNS domain name for the instance.
-            "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
+            "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
             "setPublicDns": True or False, # Specifies whether a public DNS 'A' record should be created for the external IP address of this access configuration.
-            "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+            "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
             "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
           },
         ],
@@ -625,20 +625,20 @@ 
Method Details

         "subnetwork": "A String", # The URL of the Subnetwork resource for this instance. If the network resource is in legacy mode, do not specify this field. If the network is in auto subnet mode, specifying the subnetwork is optional. If the network is in custom subnet mode, specifying the subnetwork is required. If you specify this field, you can specify the subnetwork as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/project/regions/region /subnetworks/subnetwork - regions/region/subnetworks/subnetwork
       },
     ],
-    "networkPerformanceConfig": { # Note that for MachineImage, this is not supported yet.
+    "networkPerformanceConfig": {
       "externalIpEgressBandwidthTier": "A String",
       "totalEgressBandwidthTier": "A String",
     },
-    "postKeyRevocationActionType": "A String", # PostKeyRevocationActionType of the instance.
-    "privateIpv6GoogleAccess": "A String", # The private IPv6 google access type for VMs. If not specified, use INHERIT_FROM_SUBNETWORK as default. Note that for MachineImage, this is not supported yet.
-    "reservationAffinity": { # Specifies the reservations that this instance can consume from. # Specifies the reservations that instances can consume from. Note that for MachineImage, this is not supported yet.
+    "postKeyRevocationActionType": "A String", # PostKeyRevocationActionType of the instance.(will be deprecated soon)
+    "privateIpv6GoogleAccess": "A String", # The private IPv6 google access type for VMs. If not specified, use INHERIT_FROM_SUBNETWORK as default.
+    "reservationAffinity": { # Specifies the reservations that this instance can consume from. # Specifies the reservations that instances can consume from.
       "consumeReservationType": "A String", # Specifies the type of reservation from which this instance can consume resources: ANY_RESERVATION (default), SPECIFIC_RESERVATION, or NO_RESERVATION. See Consuming reserved instances for examples.
       "key": "A String", # Corresponds to the label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify googleapis.com/reservation-name as the key and specify the name of your reservation as its value.
       "values": [ # Corresponds to the label values of a reservation resource. This can be either a name to a reservation in the same project or "projects/different-project/reservations/some-reservation-name" to target a shared reservation in the same zone but in a different project.
         "A String",
       ],
     },
-    "resourcePolicies": [ # Resource policies (names, not ULRs) applied to instances created from these properties. Note that for MachineImage, this is not supported yet.
+    "resourcePolicies": [ # Resource policies (names, not ULRs) applied to instances created from these properties.
       "A String",
     ],
     "scheduling": { # Sets the scheduling options for an Instance. NextID: 21 # Specifies the scheduling options for the instances that are created from these properties.
@@ -666,7 +666,7 @@ 
Method Details

       "preemptible": True or False, # Defines whether the instance is preemptible. This can only be set during instance creation or while the instance is stopped and therefore, in a `TERMINATED` state. See Instance Life Cycle for more information on the possible instance states.
       "provisioningModel": "A String", # Specifies the provisioning model of the instance.
     },
-    "secureTags": [ # [Input Only] Secure tags to apply to this instance. Maximum number of secure tags allowed is 50. Note that for MachineImage, this is not supported yet.
+    "secureTags": [ # [Input Only] Secure tags to apply to this instance. Maximum number of secure tags allowed is 50.
       "A String",
     ],
     "serviceAccounts": [ # A list of service accounts with specified scopes. Access tokens for these service accounts are available to the instances that are created from these properties. Use metadata queries to obtain the access tokens for these instances.
@@ -677,7 +677,7 @@ 
Method Details

         ],
       },
     ],
-    "shieldedInstanceConfig": { # A set of Shielded Instance options. # Note that for MachineImage, this is not supported yet.
+    "shieldedInstanceConfig": { # A set of Shielded Instance options.
       "enableIntegrityMonitoring": True or False, # Defines whether the instance has integrity monitoring enabled. Enabled by default.
       "enableSecureBoot": True or False, # Defines whether the instance has Secure Boot enabled. Disabled by default.
       "enableVtpm": True or False, # Defines whether the instance has the vTPM enabled. Enabled by default.
@@ -740,9 +740,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.regionInstantSnapshots.html b/docs/dyn/compute_alpha.regionInstantSnapshots.html
index 9d91752748d..a4f176d5abf 100644
--- a/docs/dyn/compute_alpha.regionInstantSnapshots.html
+++ b/docs/dyn/compute_alpha.regionInstantSnapshots.html
@@ -149,9 +149,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -236,9 +233,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -472,9 +466,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -837,9 +828,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.regionNetworkEndpointGroups.html b/docs/dyn/compute_alpha.regionNetworkEndpointGroups.html
index 2e6617af760..39751af01c5 100644
--- a/docs/dyn/compute_alpha.regionNetworkEndpointGroups.html
+++ b/docs/dyn/compute_alpha.regionNetworkEndpointGroups.html
@@ -134,9 +134,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -317,9 +314,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.regionNetworkFirewallPolicies.html b/docs/dyn/compute_alpha.regionNetworkFirewallPolicies.html
index 457937edddb..5f431ce1fee 100644
--- a/docs/dyn/compute_alpha.regionNetworkFirewallPolicies.html
+++ b/docs/dyn/compute_alpha.regionNetworkFirewallPolicies.html
@@ -180,9 +180,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -304,9 +301,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -373,9 +367,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -446,9 +437,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -706,7 +694,7 @@ 
Method Details

         "enable": True or False, # This field denotes whether to enable logging for a particular firewall rule.
         "metadata": "A String", # This field can only be specified for a particular firewall rule if logging is enabled for that rule. This field denotes whether to include or exclude metadata for firewall logs.
       },
-      "name": "A String", # Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?`. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit.
+      "name": "A String", # Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])?. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit.
       "network": "A String", # URL of the network resource for this firewall rule. If not specified when creating a firewall rule, the default network is used: global/networks/default If you choose to specify this field, you can specify the network as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/myproject/global/networks/my-network - projects/myproject/global/networks/my-network - global/networks/default
       "priority": 42, # Priority for this rule. This is an integer between `0` and `65535`, both inclusive. The default value is `1000`. Relative priorities determine which rule takes effect if multiple rules apply. Lower values indicate higher priority. For example, a rule with priority `0` has higher precedence than a rule with priority `1`. DENY rules take precedence over ALLOW rules if they have equal priority. Note that VPC networks have implied rules with a priority of `65535`. To avoid conflicts with the implied rules, use a priority number less than `65535`.
       "selfLink": "A String", # [Output Only] Server-defined URL for the resource.
@@ -1020,9 +1008,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1297,9 +1282,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1420,9 +1402,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1489,9 +1468,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1558,9 +1534,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.regionNotificationEndpoints.html b/docs/dyn/compute_alpha.regionNotificationEndpoints.html
index 654a50ed835..240193d1cc5 100644
--- a/docs/dyn/compute_alpha.regionNotificationEndpoints.html
+++ b/docs/dyn/compute_alpha.regionNotificationEndpoints.html
@@ -233,9 +233,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -360,9 +357,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.regionOperations.html b/docs/dyn/compute_alpha.regionOperations.html
index 0fdeaadc334..a23ffc82fad 100644
--- a/docs/dyn/compute_alpha.regionOperations.html
+++ b/docs/dyn/compute_alpha.regionOperations.html
@@ -148,9 +148,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -222,9 +219,6 @@ 
Method Details

       "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
       "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
       "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-      "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-        "a_key": "", # Properties of the object. Contains field @type with type URL.
-      },
       "name": "A String", # [Output Only] Name of the operation.
       "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
       "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -318,9 +312,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.regionSecurityPolicies.html b/docs/dyn/compute_alpha.regionSecurityPolicies.html
index ae10ae816d8..b0a274b6723 100644
--- a/docs/dyn/compute_alpha.regionSecurityPolicies.html
+++ b/docs/dyn/compute_alpha.regionSecurityPolicies.html
@@ -137,9 +137,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -473,9 +470,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -848,9 +842,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.regionSslCertificates.html b/docs/dyn/compute_alpha.regionSslCertificates.html
index 7d36529975d..dafbe827ee8 100644
--- a/docs/dyn/compute_alpha.regionSslCertificates.html
+++ b/docs/dyn/compute_alpha.regionSslCertificates.html
@@ -137,9 +137,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -286,9 +283,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.regionTargetHttpProxies.html b/docs/dyn/compute_alpha.regionTargetHttpProxies.html
index f7a163fa1a4..1c9cdf2c666 100644
--- a/docs/dyn/compute_alpha.regionTargetHttpProxies.html
+++ b/docs/dyn/compute_alpha.regionTargetHttpProxies.html
@@ -140,9 +140,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -261,9 +258,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -406,9 +400,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.regionTargetHttpsProxies.html b/docs/dyn/compute_alpha.regionTargetHttpsProxies.html
index 14a4892f79f..de4d2ff5a1c 100644
--- a/docs/dyn/compute_alpha.regionTargetHttpsProxies.html
+++ b/docs/dyn/compute_alpha.regionTargetHttpsProxies.html
@@ -143,9 +143,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -284,9 +281,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -441,9 +435,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -516,9 +507,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.regionUrlMaps.html b/docs/dyn/compute_alpha.regionUrlMaps.html
index 599629d9c3a..21633f97d05 100644
--- a/docs/dyn/compute_alpha.regionUrlMaps.html
+++ b/docs/dyn/compute_alpha.regionUrlMaps.html
@@ -149,9 +149,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1370,9 +1367,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1446,9 +1440,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -2704,9 +2695,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -3374,9 +3362,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.reservations.html b/docs/dyn/compute_alpha.reservations.html
index 9278ab38c36..23de53c1924 100644
--- a/docs/dyn/compute_alpha.reservations.html
+++ b/docs/dyn/compute_alpha.reservations.html
@@ -279,9 +279,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -579,9 +576,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -761,9 +755,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1132,9 +1123,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.resourcePolicies.html b/docs/dyn/compute_alpha.resourcePolicies.html
index d91e6ea311b..ca16aa569dc 100644
--- a/docs/dyn/compute_alpha.resourcePolicies.html
+++ b/docs/dyn/compute_alpha.resourcePolicies.html
@@ -307,9 +307,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -673,9 +670,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.routers.html b/docs/dyn/compute_alpha.routers.html
index 5cad9b4a83f..a7c5a45f6f6 100644
--- a/docs/dyn/compute_alpha.routers.html
+++ b/docs/dyn/compute_alpha.routers.html
@@ -357,9 +357,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1080,9 +1077,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1456,9 +1450,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1959,9 +1950,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.routes.html b/docs/dyn/compute_alpha.routes.html
index 5f442cb043f..1c056f3fa21 100644
--- a/docs/dyn/compute_alpha.routes.html
+++ b/docs/dyn/compute_alpha.routes.html
@@ -136,9 +136,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -315,9 +312,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.securityPolicies.html b/docs/dyn/compute_alpha.securityPolicies.html
index 7eb1e84c4d8..29af9ff64eb 100644
--- a/docs/dyn/compute_alpha.securityPolicies.html
+++ b/docs/dyn/compute_alpha.securityPolicies.html
@@ -240,9 +240,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -507,9 +504,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -937,9 +931,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1350,9 +1341,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1500,9 +1488,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1567,9 +1552,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1643,9 +1625,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.serviceAttachments.html b/docs/dyn/compute_alpha.serviceAttachments.html
index bf512291104..ba1e3743402 100644
--- a/docs/dyn/compute_alpha.serviceAttachments.html
+++ b/docs/dyn/compute_alpha.serviceAttachments.html
@@ -260,9 +260,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -528,9 +525,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -728,9 +722,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.snapshots.html b/docs/dyn/compute_alpha.snapshots.html
index 7b8eef608d4..7473b7da180 100644
--- a/docs/dyn/compute_alpha.snapshots.html
+++ b/docs/dyn/compute_alpha.snapshots.html
@@ -145,9 +145,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -452,9 +449,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -850,9 +844,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.sslCertificates.html b/docs/dyn/compute_alpha.sslCertificates.html
index c6aa88674db..4f2bd7eb2c5 100644
--- a/docs/dyn/compute_alpha.sslCertificates.html
+++ b/docs/dyn/compute_alpha.sslCertificates.html
@@ -243,9 +243,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -390,9 +387,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.sslPolicies.html b/docs/dyn/compute_alpha.sslPolicies.html
index 6cb467b861e..3d0e09dbc67 100644
--- a/docs/dyn/compute_alpha.sslPolicies.html
+++ b/docs/dyn/compute_alpha.sslPolicies.html
@@ -142,9 +142,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -403,9 +400,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -727,9 +721,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.subnetworks.html b/docs/dyn/compute_alpha.subnetworks.html
index 663df55ccf8..c746eef9bf1 100644
--- a/docs/dyn/compute_alpha.subnetworks.html
+++ b/docs/dyn/compute_alpha.subnetworks.html
@@ -289,9 +289,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -364,9 +361,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -666,9 +660,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -966,9 +957,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -1253,9 +1241,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.targetGrpcProxies.html b/docs/dyn/compute_alpha.targetGrpcProxies.html
index 35e3acba13a..f8905cc1d0e 100644
--- a/docs/dyn/compute_alpha.targetGrpcProxies.html
+++ b/docs/dyn/compute_alpha.targetGrpcProxies.html
@@ -139,9 +139,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -250,9 +247,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -398,9 +392,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.targetHttpProxies.html b/docs/dyn/compute_alpha.targetHttpProxies.html
index 99023c1d541..9ad6fdf0718 100644
--- a/docs/dyn/compute_alpha.targetHttpProxies.html
+++ b/docs/dyn/compute_alpha.targetHttpProxies.html
@@ -235,9 +235,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -354,9 +351,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -510,9 +504,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -584,9 +575,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.targetHttpsProxies.html b/docs/dyn/compute_alpha.targetHttpsProxies.html
index a3be8d63a47..37545ea663a 100644
--- a/docs/dyn/compute_alpha.targetHttpsProxies.html
+++ b/docs/dyn/compute_alpha.targetHttpsProxies.html
@@ -257,9 +257,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -396,9 +393,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -572,9 +566,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -646,9 +637,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -720,9 +708,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -796,9 +781,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -870,9 +852,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -944,9 +923,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.targetInstances.html b/docs/dyn/compute_alpha.targetInstances.html
index a08c06f4d1c..2a015a82d61 100644
--- a/docs/dyn/compute_alpha.targetInstances.html
+++ b/docs/dyn/compute_alpha.targetInstances.html
@@ -227,9 +227,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -342,9 +339,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.targetPools.html b/docs/dyn/compute_alpha.targetPools.html
index 9c60ef084e9..83060f7f3c6 100644
--- a/docs/dyn/compute_alpha.targetPools.html
+++ b/docs/dyn/compute_alpha.targetPools.html
@@ -167,9 +167,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -246,9 +243,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -409,9 +403,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -579,9 +570,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -731,9 +719,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -810,9 +795,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -886,9 +868,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.targetSslProxies.html b/docs/dyn/compute_alpha.targetSslProxies.html
index 0582db937c1..550dba9ac46 100644
--- a/docs/dyn/compute_alpha.targetSslProxies.html
+++ b/docs/dyn/compute_alpha.targetSslProxies.html
@@ -151,9 +151,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -268,9 +265,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -410,9 +404,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -484,9 +475,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -558,9 +546,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -634,9 +619,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -708,9 +690,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.targetTcpProxies.html b/docs/dyn/compute_alpha.targetTcpProxies.html
index 9bfa4e7ab43..2fc39b9c196 100644
--- a/docs/dyn/compute_alpha.targetTcpProxies.html
+++ b/docs/dyn/compute_alpha.targetTcpProxies.html
@@ -142,9 +142,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -251,9 +248,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -389,9 +383,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -463,9 +454,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.targetVpnGateways.html b/docs/dyn/compute_alpha.targetVpnGateways.html
index ddc88dd04ba..3029a65c861 100644
--- a/docs/dyn/compute_alpha.targetVpnGateways.html
+++ b/docs/dyn/compute_alpha.targetVpnGateways.html
@@ -238,9 +238,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -369,9 +366,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -522,9 +516,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.urlMaps.html b/docs/dyn/compute_alpha.urlMaps.html
index 39d35aa8ffd..05f1fdbf856 100644
--- a/docs/dyn/compute_alpha.urlMaps.html
+++ b/docs/dyn/compute_alpha.urlMaps.html
@@ -791,9 +791,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -2010,9 +2007,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -2085,9 +2079,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -3341,9 +3332,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -4009,9 +3997,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.vpnGateways.html b/docs/dyn/compute_alpha.vpnGateways.html
index f3655f64b2a..ad3b144458e 100644
--- a/docs/dyn/compute_alpha.vpnGateways.html
+++ b/docs/dyn/compute_alpha.vpnGateways.html
@@ -242,9 +242,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -414,9 +411,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -568,9 +562,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.vpnTunnels.html b/docs/dyn/compute_alpha.vpnTunnels.html
index 3bbaf7de391..6a354ccdf1b 100644
--- a/docs/dyn/compute_alpha.vpnTunnels.html
+++ b/docs/dyn/compute_alpha.vpnTunnels.html
@@ -249,9 +249,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -402,9 +399,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -566,9 +560,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_alpha.zoneOperations.html b/docs/dyn/compute_alpha.zoneOperations.html
index 883b9e4faa6..05cc6ba9783 100644
--- a/docs/dyn/compute_alpha.zoneOperations.html
+++ b/docs/dyn/compute_alpha.zoneOperations.html
@@ -148,9 +148,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -222,9 +219,6 @@ 
Method Details

       "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
       "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
       "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-      "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-        "a_key": "", # Properties of the object. Contains field @type with type URL.
-      },
       "name": "A String", # [Output Only] Name of the operation.
       "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
       "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
@@ -318,9 +312,6 @@ 
Method Details

   "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
   "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
   "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "metadata": { # [Output Only] Service-specific metadata attached to this operation.
-    "a_key": "", # Properties of the object. Contains field @type with type URL.
-  },
   "name": "A String", # [Output Only] Name of the operation.
   "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
   "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
diff --git a/docs/dyn/compute_beta.backendBuckets.html b/docs/dyn/compute_beta.backendBuckets.html
index 17236504e95..bb863d4ce6d 100644
--- a/docs/dyn/compute_beta.backendBuckets.html
+++ b/docs/dyn/compute_beta.backendBuckets.html
@@ -352,7 +352,7 @@ 
Method Details

       ],
     },
     "cacheMode": "A String", # Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS Requires the origin to set valid caching headers to cache content. Responses without these headers will not be cached at Google's edge, and will require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server. FORCE_CACHE_ALL Cache all content, ignoring any "private", "no-store" or "no-cache" directives in Cache-Control response headers. Warning: this may result in Cloud CDN caching private, per-user (user identifiable) content. CACHE_ALL_STATIC Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), will not be cached.
-    "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 31,622,400s (1 year).
+    "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 86400s (1 day).
     "defaultTtl": 42, # Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). Setting a TTL of "0" means "always revalidate". The value of defaultTTL cannot be set to a value greater than that of maxTTL, but can be equal. When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
     "maxTtl": 42, # Specifies the maximum allowed TTL for cached content served by this origin. Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTTL seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. Headers sent to the client will not be modified. Setting a TTL of "0" means "always revalidate". The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
     "negativeCaching": True or False, # Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. When the cache mode is set to CACHE_ALL_STATIC or USE_ORIGIN_HEADERS, negative caching applies to responses with the specified response code that lack any Cache-Control, Expires, or Pragma: no-cache directives. When the cache mode is set to FORCE_CACHE_ALL, negative caching applies to all responses with the specified response code, and override any caching headers. By default, Cloud CDN will apply the following default TTLs to these status codes: HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s HTTP 405 (Method Not Found), 421 (Misdirected Request), 501 (Not Implemented): 60s. These defaults can be overridden in negative_caching_policy.
@@ -514,7 +514,7 @@ 
Method Details

       ],
     },
     "cacheMode": "A String", # Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS Requires the origin to set valid caching headers to cache content. Responses without these headers will not be cached at Google's edge, and will require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server. FORCE_CACHE_ALL Cache all content, ignoring any "private", "no-store" or "no-cache" directives in Cache-Control response headers. Warning: this may result in Cloud CDN caching private, per-user (user identifiable) content. CACHE_ALL_STATIC Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), will not be cached.
-    "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 31,622,400s (1 year).
+    "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 86400s (1 day).
     "defaultTtl": 42, # Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). Setting a TTL of "0" means "always revalidate". The value of defaultTTL cannot be set to a value greater than that of maxTTL, but can be equal. When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
     "maxTtl": 42, # Specifies the maximum allowed TTL for cached content served by this origin. Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTTL seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. Headers sent to the client will not be modified. Setting a TTL of "0" means "always revalidate". The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
     "negativeCaching": True or False, # Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. When the cache mode is set to CACHE_ALL_STATIC or USE_ORIGIN_HEADERS, negative caching applies to responses with the specified response code that lack any Cache-Control, Expires, or Pragma: no-cache directives. When the cache mode is set to FORCE_CACHE_ALL, negative caching applies to all responses with the specified response code, and override any caching headers. By default, Cloud CDN will apply the following default TTLs to these status codes: HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s HTTP 405 (Method Not Found), 421 (Misdirected Request), 501 (Not Implemented): 60s. These defaults can be overridden in negative_caching_policy.
@@ -640,7 +640,7 @@ 
Method Details

           ],
         },
         "cacheMode": "A String", # Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS Requires the origin to set valid caching headers to cache content. Responses without these headers will not be cached at Google's edge, and will require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server. FORCE_CACHE_ALL Cache all content, ignoring any "private", "no-store" or "no-cache" directives in Cache-Control response headers. Warning: this may result in Cloud CDN caching private, per-user (user identifiable) content. CACHE_ALL_STATIC Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), will not be cached.
-        "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 31,622,400s (1 year).
+        "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 86400s (1 day).
         "defaultTtl": 42, # Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). Setting a TTL of "0" means "always revalidate". The value of defaultTTL cannot be set to a value greater than that of maxTTL, but can be equal. When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
         "maxTtl": 42, # Specifies the maximum allowed TTL for cached content served by this origin. Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTTL seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. Headers sent to the client will not be modified. Setting a TTL of "0" means "always revalidate". The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
         "negativeCaching": True or False, # Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. When the cache mode is set to CACHE_ALL_STATIC or USE_ORIGIN_HEADERS, negative caching applies to responses with the specified response code that lack any Cache-Control, Expires, or Pragma: no-cache directives. When the cache mode is set to FORCE_CACHE_ALL, negative caching applies to all responses with the specified response code, and override any caching headers. By default, Cloud CDN will apply the following default TTLs to these status codes: HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s HTTP 405 (Method Not Found), 421 (Misdirected Request), 501 (Not Implemented): 60s. These defaults can be overridden in negative_caching_policy.
@@ -728,7 +728,7 @@ 
Method Details

       ],
     },
     "cacheMode": "A String", # Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS Requires the origin to set valid caching headers to cache content. Responses without these headers will not be cached at Google's edge, and will require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server. FORCE_CACHE_ALL Cache all content, ignoring any "private", "no-store" or "no-cache" directives in Cache-Control response headers. Warning: this may result in Cloud CDN caching private, per-user (user identifiable) content. CACHE_ALL_STATIC Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), will not be cached.
-    "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 31,622,400s (1 year).
+    "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 86400s (1 day).
     "defaultTtl": 42, # Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). Setting a TTL of "0" means "always revalidate". The value of defaultTTL cannot be set to a value greater than that of maxTTL, but can be equal. When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
     "maxTtl": 42, # Specifies the maximum allowed TTL for cached content served by this origin. Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTTL seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. Headers sent to the client will not be modified. Setting a TTL of "0" means "always revalidate". The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
     "negativeCaching": True or False, # Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. When the cache mode is set to CACHE_ALL_STATIC or USE_ORIGIN_HEADERS, negative caching applies to responses with the specified response code that lack any Cache-Control, Expires, or Pragma: no-cache directives. When the cache mode is set to FORCE_CACHE_ALL, negative caching applies to all responses with the specified response code, and override any caching headers. By default, Cloud CDN will apply the following default TTLs to these status codes: HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s HTTP 405 (Method Not Found), 421 (Misdirected Request), 501 (Not Implemented): 60s. These defaults can be overridden in negative_caching_policy.
@@ -1154,7 +1154,7 @@ 
Method Details

       ],
     },
     "cacheMode": "A String", # Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS Requires the origin to set valid caching headers to cache content. Responses without these headers will not be cached at Google's edge, and will require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server. FORCE_CACHE_ALL Cache all content, ignoring any "private", "no-store" or "no-cache" directives in Cache-Control response headers. Warning: this may result in Cloud CDN caching private, per-user (user identifiable) content. CACHE_ALL_STATIC Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), will not be cached.
-    "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 31,622,400s (1 year).
+    "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 86400s (1 day).
     "defaultTtl": 42, # Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). Setting a TTL of "0" means "always revalidate". The value of defaultTTL cannot be set to a value greater than that of maxTTL, but can be equal. When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
     "maxTtl": 42, # Specifies the maximum allowed TTL for cached content served by this origin. Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTTL seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. Headers sent to the client will not be modified. Setting a TTL of "0" means "always revalidate". The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
     "negativeCaching": True or False, # Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. When the cache mode is set to CACHE_ALL_STATIC or USE_ORIGIN_HEADERS, negative caching applies to responses with the specified response code that lack any Cache-Control, Expires, or Pragma: no-cache directives. When the cache mode is set to FORCE_CACHE_ALL, negative caching applies to all responses with the specified response code, and override any caching headers. By default, Cloud CDN will apply the following default TTLs to these status codes: HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s HTTP 405 (Method Not Found), 421 (Misdirected Request), 501 (Not Implemented): 60s. These defaults can be overridden in negative_caching_policy.
diff --git a/docs/dyn/compute_beta.backendServices.html b/docs/dyn/compute_beta.backendServices.html
index f71093906c4..56030e0be34 100644
--- a/docs/dyn/compute_beta.backendServices.html
+++ b/docs/dyn/compute_beta.backendServices.html
@@ -267,7 +267,7 @@ 
Method Details

               ],
             },
             "cacheMode": "A String", # Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS Requires the origin to set valid caching headers to cache content. Responses without these headers will not be cached at Google's edge, and will require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server. FORCE_CACHE_ALL Cache all content, ignoring any "private", "no-store" or "no-cache" directives in Cache-Control response headers. Warning: this may result in Cloud CDN caching private, per-user (user identifiable) content. CACHE_ALL_STATIC Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), will not be cached.
-            "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 31,622,400s (1 year).
+            "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 86400s (1 day).
             "defaultTtl": 42, # Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). Setting a TTL of "0" means "always revalidate". The value of defaultTTL cannot be set to a value greater than that of maxTTL, but can be equal. When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
             "maxTtl": 42, # Specifies the maximum allowed TTL for cached content served by this origin. Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTTL seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. Headers sent to the client will not be modified. Setting a TTL of "0" means "always revalidate". The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
             "negativeCaching": True or False, # Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. When the cache mode is set to CACHE_ALL_STATIC or USE_ORIGIN_HEADERS, negative caching applies to responses with the specified response code that lack any Cache-Control, Expires, or Pragma: no-cache directives. When the cache mode is set to FORCE_CACHE_ALL, negative caching applies to all responses with the specified response code, and override any caching headers. By default, Cloud CDN will apply the following default TTLs to these status codes: HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s HTTP 405 (Method Not Found), 421 (Misdirected Request), 501 (Not Implemented): 60s. These defaults can be overridden in negative_caching_policy.
@@ -391,7 +391,6 @@ 
Method Details

           "sessionAffinity": "A String", # Type of session affinity to use. The default is NONE. For a detailed description of session affinity options, see: [Session affinity](https://cloud.google.com/load-balancing/docs/backend-service#session_affinity). Not supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true.
           "subsetting": { # Subsetting configuration for this BackendService. Currently this is applicable only for Internal TCP/UDP load balancing, Internal HTTP(S) load balancing and Traffic Director.
             "policy": "A String",
-            "subsetSize": 42, # The number of backends per backend group assigned to each proxy instance or each service mesh client. An input parameter to the `CONSISTENT_HASH_SUBSETTING` algorithm. Can only be set if `policy` is set to `CONSISTENT_HASH_SUBSETTING`. Can only be set if load balancing scheme is `INTERNAL_MANAGED` or `INTERNAL_SELF_MANAGED`. `subset_size` is optional for Internal HTTP(S) load balancing and required for Traffic Director. If you do not provide this value, Cloud Load Balancing will calculate it dynamically to optimize the number of proxies/clients visible to each backend and vice versa. Must be greater than 0. If `subset_size` is larger than the number of backends/endpoints, then subsetting is disabled.
           },
           "timeoutSec": 42, # Not supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true. Instead, use maxStreamDuration.
         },
@@ -630,7 +629,7 @@ 
Method Details

       ],
     },
     "cacheMode": "A String", # Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS Requires the origin to set valid caching headers to cache content. Responses without these headers will not be cached at Google's edge, and will require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server. FORCE_CACHE_ALL Cache all content, ignoring any "private", "no-store" or "no-cache" directives in Cache-Control response headers. Warning: this may result in Cloud CDN caching private, per-user (user identifiable) content. CACHE_ALL_STATIC Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), will not be cached.
-    "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 31,622,400s (1 year).
+    "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 86400s (1 day).
     "defaultTtl": 42, # Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). Setting a TTL of "0" means "always revalidate". The value of defaultTTL cannot be set to a value greater than that of maxTTL, but can be equal. When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
     "maxTtl": 42, # Specifies the maximum allowed TTL for cached content served by this origin. Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTTL seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. Headers sent to the client will not be modified. Setting a TTL of "0" means "always revalidate". The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
     "negativeCaching": True or False, # Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. When the cache mode is set to CACHE_ALL_STATIC or USE_ORIGIN_HEADERS, negative caching applies to responses with the specified response code that lack any Cache-Control, Expires, or Pragma: no-cache directives. When the cache mode is set to FORCE_CACHE_ALL, negative caching applies to all responses with the specified response code, and override any caching headers. By default, Cloud CDN will apply the following default TTLs to these status codes: HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s HTTP 405 (Method Not Found), 421 (Misdirected Request), 501 (Not Implemented): 60s. These defaults can be overridden in negative_caching_policy.
@@ -754,7 +753,6 @@ 
Method Details

   "sessionAffinity": "A String", # Type of session affinity to use. The default is NONE. For a detailed description of session affinity options, see: [Session affinity](https://cloud.google.com/load-balancing/docs/backend-service#session_affinity). Not supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true.
   "subsetting": { # Subsetting configuration for this BackendService. Currently this is applicable only for Internal TCP/UDP load balancing, Internal HTTP(S) load balancing and Traffic Director.
     "policy": "A String",
-    "subsetSize": 42, # The number of backends per backend group assigned to each proxy instance or each service mesh client. An input parameter to the `CONSISTENT_HASH_SUBSETTING` algorithm. Can only be set if `policy` is set to `CONSISTENT_HASH_SUBSETTING`. Can only be set if load balancing scheme is `INTERNAL_MANAGED` or `INTERNAL_SELF_MANAGED`. `subset_size` is optional for Internal HTTP(S) load balancing and required for Traffic Director. If you do not provide this value, Cloud Load Balancing will calculate it dynamically to optimize the number of proxies/clients visible to each backend and vice versa. Must be greater than 0. If `subset_size` is larger than the number of backends/endpoints, then subsetting is disabled.
   },
   "timeoutSec": 42, # Not supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true. Instead, use maxStreamDuration.
 }
@@ -960,7 +958,7 @@

Method Details

], }, "cacheMode": "A String", # Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS Requires the origin to set valid caching headers to cache content. Responses without these headers will not be cached at Google's edge, and will require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server. FORCE_CACHE_ALL Cache all content, ignoring any "private", "no-store" or "no-cache" directives in Cache-Control response headers. Warning: this may result in Cloud CDN caching private, per-user (user identifiable) content. CACHE_ALL_STATIC Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), will not be cached. - "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 31,622,400s (1 year). + "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 86400s (1 day). "defaultTtl": 42, # Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). Setting a TTL of "0" means "always revalidate". The value of defaultTTL cannot be set to a value greater than that of maxTTL, but can be equal. When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. "maxTtl": 42, # Specifies the maximum allowed TTL for cached content served by this origin. Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTTL seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. Headers sent to the client will not be modified. Setting a TTL of "0" means "always revalidate". The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. "negativeCaching": True or False, # Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. When the cache mode is set to CACHE_ALL_STATIC or USE_ORIGIN_HEADERS, negative caching applies to responses with the specified response code that lack any Cache-Control, Expires, or Pragma: no-cache directives. When the cache mode is set to FORCE_CACHE_ALL, negative caching applies to all responses with the specified response code, and override any caching headers. By default, Cloud CDN will apply the following default TTLs to these status codes: HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s HTTP 405 (Method Not Found), 421 (Misdirected Request), 501 (Not Implemented): 60s. These defaults can be overridden in negative_caching_policy. @@ -1084,7 +1082,6 @@

Method Details

"sessionAffinity": "A String", # Type of session affinity to use. The default is NONE. For a detailed description of session affinity options, see: [Session affinity](https://cloud.google.com/load-balancing/docs/backend-service#session_affinity). Not supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true. "subsetting": { # Subsetting configuration for this BackendService. Currently this is applicable only for Internal TCP/UDP load balancing, Internal HTTP(S) load balancing and Traffic Director. "policy": "A String", - "subsetSize": 42, # The number of backends per backend group assigned to each proxy instance or each service mesh client. An input parameter to the `CONSISTENT_HASH_SUBSETTING` algorithm. Can only be set if `policy` is set to `CONSISTENT_HASH_SUBSETTING`. Can only be set if load balancing scheme is `INTERNAL_MANAGED` or `INTERNAL_SELF_MANAGED`. `subset_size` is optional for Internal HTTP(S) load balancing and required for Traffic Director. If you do not provide this value, Cloud Load Balancing will calculate it dynamically to optimize the number of proxies/clients visible to each backend and vice versa. Must be greater than 0. If `subset_size` is larger than the number of backends/endpoints, then subsetting is disabled. }, "timeoutSec": 42, # Not supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true. Instead, use maxStreamDuration. } @@ -1209,7 +1206,7 @@

Method Details

], }, "cacheMode": "A String", # Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS Requires the origin to set valid caching headers to cache content. Responses without these headers will not be cached at Google's edge, and will require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server. FORCE_CACHE_ALL Cache all content, ignoring any "private", "no-store" or "no-cache" directives in Cache-Control response headers. Warning: this may result in Cloud CDN caching private, per-user (user identifiable) content. CACHE_ALL_STATIC Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), will not be cached. - "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 31,622,400s (1 year). + "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 86400s (1 day). "defaultTtl": 42, # Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). Setting a TTL of "0" means "always revalidate". The value of defaultTTL cannot be set to a value greater than that of maxTTL, but can be equal. When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. "maxTtl": 42, # Specifies the maximum allowed TTL for cached content served by this origin. Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTTL seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. Headers sent to the client will not be modified. Setting a TTL of "0" means "always revalidate". The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. "negativeCaching": True or False, # Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. When the cache mode is set to CACHE_ALL_STATIC or USE_ORIGIN_HEADERS, negative caching applies to responses with the specified response code that lack any Cache-Control, Expires, or Pragma: no-cache directives. When the cache mode is set to FORCE_CACHE_ALL, negative caching applies to all responses with the specified response code, and override any caching headers. By default, Cloud CDN will apply the following default TTLs to these status codes: HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s HTTP 405 (Method Not Found), 421 (Misdirected Request), 501 (Not Implemented): 60s. These defaults can be overridden in negative_caching_policy. @@ -1333,7 +1330,6 @@

Method Details

"sessionAffinity": "A String", # Type of session affinity to use. The default is NONE. For a detailed description of session affinity options, see: [Session affinity](https://cloud.google.com/load-balancing/docs/backend-service#session_affinity). Not supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true. "subsetting": { # Subsetting configuration for this BackendService. Currently this is applicable only for Internal TCP/UDP load balancing, Internal HTTP(S) load balancing and Traffic Director. "policy": "A String", - "subsetSize": 42, # The number of backends per backend group assigned to each proxy instance or each service mesh client. An input parameter to the `CONSISTENT_HASH_SUBSETTING` algorithm. Can only be set if `policy` is set to `CONSISTENT_HASH_SUBSETTING`. Can only be set if load balancing scheme is `INTERNAL_MANAGED` or `INTERNAL_SELF_MANAGED`. `subset_size` is optional for Internal HTTP(S) load balancing and required for Traffic Director. If you do not provide this value, Cloud Load Balancing will calculate it dynamically to optimize the number of proxies/clients visible to each backend and vice versa. Must be greater than 0. If `subset_size` is larger than the number of backends/endpoints, then subsetting is disabled. }, "timeoutSec": 42, # Not supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true. Instead, use maxStreamDuration. }, @@ -1420,7 +1416,7 @@

Method Details

], }, "cacheMode": "A String", # Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS Requires the origin to set valid caching headers to cache content. Responses without these headers will not be cached at Google's edge, and will require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server. FORCE_CACHE_ALL Cache all content, ignoring any "private", "no-store" or "no-cache" directives in Cache-Control response headers. Warning: this may result in Cloud CDN caching private, per-user (user identifiable) content. CACHE_ALL_STATIC Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), will not be cached. - "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 31,622,400s (1 year). + "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 86400s (1 day). "defaultTtl": 42, # Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). Setting a TTL of "0" means "always revalidate". The value of defaultTTL cannot be set to a value greater than that of maxTTL, but can be equal. When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. "maxTtl": 42, # Specifies the maximum allowed TTL for cached content served by this origin. Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTTL seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. Headers sent to the client will not be modified. Setting a TTL of "0" means "always revalidate". The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. "negativeCaching": True or False, # Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. When the cache mode is set to CACHE_ALL_STATIC or USE_ORIGIN_HEADERS, negative caching applies to responses with the specified response code that lack any Cache-Control, Expires, or Pragma: no-cache directives. When the cache mode is set to FORCE_CACHE_ALL, negative caching applies to all responses with the specified response code, and override any caching headers. By default, Cloud CDN will apply the following default TTLs to these status codes: HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s HTTP 405 (Method Not Found), 421 (Misdirected Request), 501 (Not Implemented): 60s. These defaults can be overridden in negative_caching_policy. @@ -1544,7 +1540,6 @@

Method Details

"sessionAffinity": "A String", # Type of session affinity to use. The default is NONE. For a detailed description of session affinity options, see: [Session affinity](https://cloud.google.com/load-balancing/docs/backend-service#session_affinity). Not supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true. "subsetting": { # Subsetting configuration for this BackendService. Currently this is applicable only for Internal TCP/UDP load balancing, Internal HTTP(S) load balancing and Traffic Director. "policy": "A String", - "subsetSize": 42, # The number of backends per backend group assigned to each proxy instance or each service mesh client. An input parameter to the `CONSISTENT_HASH_SUBSETTING` algorithm. Can only be set if `policy` is set to `CONSISTENT_HASH_SUBSETTING`. Can only be set if load balancing scheme is `INTERNAL_MANAGED` or `INTERNAL_SELF_MANAGED`. `subset_size` is optional for Internal HTTP(S) load balancing and required for Traffic Director. If you do not provide this value, Cloud Load Balancing will calculate it dynamically to optimize the number of proxies/clients visible to each backend and vice versa. Must be greater than 0. If `subset_size` is larger than the number of backends/endpoints, then subsetting is disabled. }, "timeoutSec": 42, # Not supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true. Instead, use maxStreamDuration. } @@ -2039,7 +2034,7 @@

Method Details

], }, "cacheMode": "A String", # Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS Requires the origin to set valid caching headers to cache content. Responses without these headers will not be cached at Google's edge, and will require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server. FORCE_CACHE_ALL Cache all content, ignoring any "private", "no-store" or "no-cache" directives in Cache-Control response headers. Warning: this may result in Cloud CDN caching private, per-user (user identifiable) content. CACHE_ALL_STATIC Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), will not be cached. - "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 31,622,400s (1 year). + "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 86400s (1 day). "defaultTtl": 42, # Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). Setting a TTL of "0" means "always revalidate". The value of defaultTTL cannot be set to a value greater than that of maxTTL, but can be equal. When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. "maxTtl": 42, # Specifies the maximum allowed TTL for cached content served by this origin. Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTTL seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. Headers sent to the client will not be modified. Setting a TTL of "0" means "always revalidate". The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. "negativeCaching": True or False, # Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. When the cache mode is set to CACHE_ALL_STATIC or USE_ORIGIN_HEADERS, negative caching applies to responses with the specified response code that lack any Cache-Control, Expires, or Pragma: no-cache directives. When the cache mode is set to FORCE_CACHE_ALL, negative caching applies to all responses with the specified response code, and override any caching headers. By default, Cloud CDN will apply the following default TTLs to these status codes: HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s HTTP 405 (Method Not Found), 421 (Misdirected Request), 501 (Not Implemented): 60s. These defaults can be overridden in negative_caching_policy. @@ -2163,7 +2158,6 @@

Method Details

"sessionAffinity": "A String", # Type of session affinity to use. The default is NONE. For a detailed description of session affinity options, see: [Session affinity](https://cloud.google.com/load-balancing/docs/backend-service#session_affinity). Not supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true. "subsetting": { # Subsetting configuration for this BackendService. Currently this is applicable only for Internal TCP/UDP load balancing, Internal HTTP(S) load balancing and Traffic Director. "policy": "A String", - "subsetSize": 42, # The number of backends per backend group assigned to each proxy instance or each service mesh client. An input parameter to the `CONSISTENT_HASH_SUBSETTING` algorithm. Can only be set if `policy` is set to `CONSISTENT_HASH_SUBSETTING`. Can only be set if load balancing scheme is `INTERNAL_MANAGED` or `INTERNAL_SELF_MANAGED`. `subset_size` is optional for Internal HTTP(S) load balancing and required for Traffic Director. If you do not provide this value, Cloud Load Balancing will calculate it dynamically to optimize the number of proxies/clients visible to each backend and vice versa. Must be greater than 0. If `subset_size` is larger than the number of backends/endpoints, then subsetting is disabled. }, "timeoutSec": 42, # Not supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true. Instead, use maxStreamDuration. } diff --git a/docs/dyn/compute_beta.firewalls.html b/docs/dyn/compute_beta.firewalls.html index 3f32bd6bc27..e0695547b30 100644 --- a/docs/dyn/compute_beta.firewalls.html +++ b/docs/dyn/compute_beta.firewalls.html @@ -216,7 +216,7 @@

Method Details

"enable": True or False, # This field denotes whether to enable logging for a particular firewall rule. "metadata": "A String", # This field can only be specified for a particular firewall rule if logging is enabled for that rule. This field denotes whether to include or exclude metadata for firewall logs. }, - "name": "A String", # Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?`. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit. + "name": "A String", # Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])?. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit. "network": "A String", # URL of the network resource for this firewall rule. If not specified when creating a firewall rule, the default network is used: global/networks/default If you choose to specify this field, you can specify the network as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/myproject/global/networks/my-network - projects/myproject/global/networks/my-network - global/networks/default "priority": 42, # Priority for this rule. This is an integer between `0` and `65535`, both inclusive. The default value is `1000`. Relative priorities determine which rule takes effect if multiple rules apply. Lower values indicate higher priority. For example, a rule with priority `0` has higher precedence than a rule with priority `1`. DENY rules take precedence over ALLOW rules if they have equal priority. Note that VPC networks have implied rules with a priority of `65535`. To avoid conflicts with the implied rules, use a priority number less than `65535`. "selfLink": "A String", # [Output Only] Server-defined URL for the resource. @@ -278,7 +278,7 @@

Method Details

"enable": True or False, # This field denotes whether to enable logging for a particular firewall rule. "metadata": "A String", # This field can only be specified for a particular firewall rule if logging is enabled for that rule. This field denotes whether to include or exclude metadata for firewall logs. }, - "name": "A String", # Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?`. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit. + "name": "A String", # Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])?. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit. "network": "A String", # URL of the network resource for this firewall rule. If not specified when creating a firewall rule, the default network is used: global/networks/default If you choose to specify this field, you can specify the network as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/myproject/global/networks/my-network - projects/myproject/global/networks/my-network - global/networks/default "priority": 42, # Priority for this rule. This is an integer between `0` and `65535`, both inclusive. The default value is `1000`. Relative priorities determine which rule takes effect if multiple rules apply. Lower values indicate higher priority. For example, a rule with priority `0` has higher precedence than a rule with priority `1`. DENY rules take precedence over ALLOW rules if they have equal priority. Note that VPC networks have implied rules with a priority of `65535`. To avoid conflicts with the implied rules, use a priority number less than `65535`. "selfLink": "A String", # [Output Only] Server-defined URL for the resource. @@ -408,7 +408,7 @@

Method Details

"enable": True or False, # This field denotes whether to enable logging for a particular firewall rule. "metadata": "A String", # This field can only be specified for a particular firewall rule if logging is enabled for that rule. This field denotes whether to include or exclude metadata for firewall logs. }, - "name": "A String", # Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?`. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit. + "name": "A String", # Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])?. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit. "network": "A String", # URL of the network resource for this firewall rule. If not specified when creating a firewall rule, the default network is used: global/networks/default If you choose to specify this field, you can specify the network as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/myproject/global/networks/my-network - projects/myproject/global/networks/my-network - global/networks/default "priority": 42, # Priority for this rule. This is an integer between `0` and `65535`, both inclusive. The default value is `1000`. Relative priorities determine which rule takes effect if multiple rules apply. Lower values indicate higher priority. For example, a rule with priority `0` has higher precedence than a rule with priority `1`. DENY rules take precedence over ALLOW rules if they have equal priority. Note that VPC networks have implied rules with a priority of `65535`. To avoid conflicts with the implied rules, use a priority number less than `65535`. "selfLink": "A String", # [Output Only] Server-defined URL for the resource. @@ -500,7 +500,7 @@

Method Details

"enable": True or False, # This field denotes whether to enable logging for a particular firewall rule. "metadata": "A String", # This field can only be specified for a particular firewall rule if logging is enabled for that rule. This field denotes whether to include or exclude metadata for firewall logs. }, - "name": "A String", # Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?`. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit. + "name": "A String", # Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])?. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit. "network": "A String", # URL of the network resource for this firewall rule. If not specified when creating a firewall rule, the default network is used: global/networks/default If you choose to specify this field, you can specify the network as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/myproject/global/networks/my-network - projects/myproject/global/networks/my-network - global/networks/default "priority": 42, # Priority for this rule. This is an integer between `0` and `65535`, both inclusive. The default value is `1000`. Relative priorities determine which rule takes effect if multiple rules apply. Lower values indicate higher priority. For example, a rule with priority `0` has higher precedence than a rule with priority `1`. DENY rules take precedence over ALLOW rules if they have equal priority. Note that VPC networks have implied rules with a priority of `65535`. To avoid conflicts with the implied rules, use a priority number less than `65535`. "selfLink": "A String", # [Output Only] Server-defined URL for the resource. @@ -649,7 +649,7 @@

Method Details

"enable": True or False, # This field denotes whether to enable logging for a particular firewall rule. "metadata": "A String", # This field can only be specified for a particular firewall rule if logging is enabled for that rule. This field denotes whether to include or exclude metadata for firewall logs. }, - "name": "A String", # Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?`. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit. + "name": "A String", # Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])?. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit. "network": "A String", # URL of the network resource for this firewall rule. If not specified when creating a firewall rule, the default network is used: global/networks/default If you choose to specify this field, you can specify the network as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/myproject/global/networks/my-network - projects/myproject/global/networks/my-network - global/networks/default "priority": 42, # Priority for this rule. This is an integer between `0` and `65535`, both inclusive. The default value is `1000`. Relative priorities determine which rule takes effect if multiple rules apply. Lower values indicate higher priority. For example, a rule with priority `0` has higher precedence than a rule with priority `1`. DENY rules take precedence over ALLOW rules if they have equal priority. Note that VPC networks have implied rules with a priority of `65535`. To avoid conflicts with the implied rules, use a priority number less than `65535`. "selfLink": "A String", # [Output Only] Server-defined URL for the resource. diff --git a/docs/dyn/compute_beta.instanceTemplates.html b/docs/dyn/compute_beta.instanceTemplates.html index 51f3c45eb08..22f32302e9a 100644 --- a/docs/dyn/compute_beta.instanceTemplates.html +++ b/docs/dyn/compute_beta.instanceTemplates.html @@ -192,12 +192,12 @@

Method Details

"kind": "compute#instanceTemplate", # [Output Only] The resource type, which is always compute#instanceTemplate for instance templates. "name": "A String", # Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. "properties": { # The instance properties for this instance template. - "advancedMachineFeatures": { # Specifies options for controlling advanced machine features. Options that would traditionally be configured in a BIOS belong here. Features that require operating system support may have corresponding entries in the GuestOsFeatures of an Image (e.g., whether or not the OS in the Image supports nested virtualization being enabled or disabled). # Controls for advanced machine-related behavior features. Note that for MachineImage, this is not supported yet. + "advancedMachineFeatures": { # Specifies options for controlling advanced machine features. Options that would traditionally be configured in a BIOS belong here. Features that require operating system support may have corresponding entries in the GuestOsFeatures of an Image (e.g., whether or not the OS in the Image supports nested virtualization being enabled or disabled). # Controls for advanced machine-related behavior features. "enableNestedVirtualization": True or False, # Whether to enable nested virtualization or not (default is false). "threadsPerCore": 42, # The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed. }, "canIpForward": True or False, # Enables instances created based on these properties to send packets with source IP addresses other than their own and receive packets with destination IP addresses other than their own. If these instances will be used as an IP gateway or it will be set as the next-hop in a Route resource, specify true. If unsure, leave this set to false. See the Enable IP forwarding documentation for more information. - "confidentialInstanceConfig": { # A set of Confidential Instance options. # Specifies the Confidential Instance options. Note that for MachineImage, this is not supported yet. + "confidentialInstanceConfig": { # A set of Confidential Instance options. # Specifies the Confidential Instance options. "enableConfidentialCompute": True or False, # Defines whether the instance should have confidential compute enabled. }, "description": "A String", # An optional text description for the instances that are created from these properties. @@ -294,7 +294,7 @@

Method Details

], }, ], - "displayDevice": { # A set of Display Device options # Display Device properties to enable support for remote display products like: Teradici, VNC and TeamViewer Note that for MachineImage, this is not supported yet. + "displayDevice": { # A set of Display Device options # Display Device properties to enable support for remote display products like: Teradici, VNC and TeamViewer "enableDisplay": True or False, # Defines whether the instance has Display enabled. }, "guestAccelerators": [ # A list of guest accelerator cards' type and count to use for instances created from these properties. @@ -328,8 +328,8 @@

Method Details

"name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access. "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance. "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP. - "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range. - "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated. + "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled. + "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT. }, ], @@ -348,8 +348,8 @@

Method Details

"name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access. "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance. "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP. - "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range. - "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated. + "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled. + "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT. }, ], @@ -365,19 +365,19 @@

Method Details

"subnetwork": "A String", # The URL of the Subnetwork resource for this instance. If the network resource is in legacy mode, do not specify this field. If the network is in auto subnet mode, specifying the subnetwork is optional. If the network is in custom subnet mode, specifying the subnetwork is required. If you specify this field, you can specify the subnetwork as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/project/regions/region /subnetworks/subnetwork - regions/region/subnetworks/subnetwork }, ], - "networkPerformanceConfig": { # Note that for MachineImage, this is not supported yet. + "networkPerformanceConfig": { "totalEgressBandwidthTier": "A String", }, - "postKeyRevocationActionType": "A String", # PostKeyRevocationActionType of the instance. - "privateIpv6GoogleAccess": "A String", # The private IPv6 google access type for VMs. If not specified, use INHERIT_FROM_SUBNETWORK as default. Note that for MachineImage, this is not supported yet. - "reservationAffinity": { # Specifies the reservations that this instance can consume from. # Specifies the reservations that instances can consume from. Note that for MachineImage, this is not supported yet. + "postKeyRevocationActionType": "A String", # PostKeyRevocationActionType of the instance.(will be deprecated soon) + "privateIpv6GoogleAccess": "A String", # The private IPv6 google access type for VMs. If not specified, use INHERIT_FROM_SUBNETWORK as default. + "reservationAffinity": { # Specifies the reservations that this instance can consume from. # Specifies the reservations that instances can consume from. "consumeReservationType": "A String", # Specifies the type of reservation from which this instance can consume resources: ANY_RESERVATION (default), SPECIFIC_RESERVATION, or NO_RESERVATION. See Consuming reserved instances for examples. "key": "A String", # Corresponds to the label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify googleapis.com/reservation-name as the key and specify the name of your reservation as its value. "values": [ # Corresponds to the label values of a reservation resource. This can be either a name to a reservation in the same project or "projects/different-project/reservations/some-reservation-name" to target a shared reservation in the same zone but in a different project. "A String", ], }, - "resourcePolicies": [ # Resource policies (names, not ULRs) applied to instances created from these properties. Note that for MachineImage, this is not supported yet. + "resourcePolicies": [ # Resource policies (names, not ULRs) applied to instances created from these properties. "A String", ], "scheduling": { # Sets the scheduling options for an Instance. NextID: 21 # Specifies the scheduling options for the instances that are created from these properties. @@ -409,7 +409,7 @@

Method Details

], }, ], - "shieldedInstanceConfig": { # A set of Shielded Instance options. # Note that for MachineImage, this is not supported yet. + "shieldedInstanceConfig": { # A set of Shielded Instance options. "enableIntegrityMonitoring": True or False, # Defines whether the instance has integrity monitoring enabled. Enabled by default. "enableSecureBoot": True or False, # Defines whether the instance has Secure Boot enabled. Disabled by default. "enableVtpm": True or False, # Defines whether the instance has the vTPM enabled. Enabled by default. @@ -561,12 +561,12 @@

Method Details

"kind": "compute#instanceTemplate", # [Output Only] The resource type, which is always compute#instanceTemplate for instance templates. "name": "A String", # Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. "properties": { # The instance properties for this instance template. - "advancedMachineFeatures": { # Specifies options for controlling advanced machine features. Options that would traditionally be configured in a BIOS belong here. Features that require operating system support may have corresponding entries in the GuestOsFeatures of an Image (e.g., whether or not the OS in the Image supports nested virtualization being enabled or disabled). # Controls for advanced machine-related behavior features. Note that for MachineImage, this is not supported yet. + "advancedMachineFeatures": { # Specifies options for controlling advanced machine features. Options that would traditionally be configured in a BIOS belong here. Features that require operating system support may have corresponding entries in the GuestOsFeatures of an Image (e.g., whether or not the OS in the Image supports nested virtualization being enabled or disabled). # Controls for advanced machine-related behavior features. "enableNestedVirtualization": True or False, # Whether to enable nested virtualization or not (default is false). "threadsPerCore": 42, # The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed. }, "canIpForward": True or False, # Enables instances created based on these properties to send packets with source IP addresses other than their own and receive packets with destination IP addresses other than their own. If these instances will be used as an IP gateway or it will be set as the next-hop in a Route resource, specify true. If unsure, leave this set to false. See the Enable IP forwarding documentation for more information. - "confidentialInstanceConfig": { # A set of Confidential Instance options. # Specifies the Confidential Instance options. Note that for MachineImage, this is not supported yet. + "confidentialInstanceConfig": { # A set of Confidential Instance options. # Specifies the Confidential Instance options. "enableConfidentialCompute": True or False, # Defines whether the instance should have confidential compute enabled. }, "description": "A String", # An optional text description for the instances that are created from these properties. @@ -663,7 +663,7 @@

Method Details

], }, ], - "displayDevice": { # A set of Display Device options # Display Device properties to enable support for remote display products like: Teradici, VNC and TeamViewer Note that for MachineImage, this is not supported yet. + "displayDevice": { # A set of Display Device options # Display Device properties to enable support for remote display products like: Teradici, VNC and TeamViewer "enableDisplay": True or False, # Defines whether the instance has Display enabled. }, "guestAccelerators": [ # A list of guest accelerator cards' type and count to use for instances created from these properties. @@ -697,8 +697,8 @@

Method Details

"name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access. "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance. "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP. - "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range. - "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated. + "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled. + "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT. }, ], @@ -717,8 +717,8 @@

Method Details

"name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access. "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance. "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP. - "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range. - "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated. + "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled. + "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT. }, ], @@ -734,19 +734,19 @@

Method Details

"subnetwork": "A String", # The URL of the Subnetwork resource for this instance. If the network resource is in legacy mode, do not specify this field. If the network is in auto subnet mode, specifying the subnetwork is optional. If the network is in custom subnet mode, specifying the subnetwork is required. If you specify this field, you can specify the subnetwork as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/project/regions/region /subnetworks/subnetwork - regions/region/subnetworks/subnetwork }, ], - "networkPerformanceConfig": { # Note that for MachineImage, this is not supported yet. + "networkPerformanceConfig": { "totalEgressBandwidthTier": "A String", }, - "postKeyRevocationActionType": "A String", # PostKeyRevocationActionType of the instance. - "privateIpv6GoogleAccess": "A String", # The private IPv6 google access type for VMs. If not specified, use INHERIT_FROM_SUBNETWORK as default. Note that for MachineImage, this is not supported yet. - "reservationAffinity": { # Specifies the reservations that this instance can consume from. # Specifies the reservations that instances can consume from. Note that for MachineImage, this is not supported yet. + "postKeyRevocationActionType": "A String", # PostKeyRevocationActionType of the instance.(will be deprecated soon) + "privateIpv6GoogleAccess": "A String", # The private IPv6 google access type for VMs. If not specified, use INHERIT_FROM_SUBNETWORK as default. + "reservationAffinity": { # Specifies the reservations that this instance can consume from. # Specifies the reservations that instances can consume from. "consumeReservationType": "A String", # Specifies the type of reservation from which this instance can consume resources: ANY_RESERVATION (default), SPECIFIC_RESERVATION, or NO_RESERVATION. See Consuming reserved instances for examples. "key": "A String", # Corresponds to the label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify googleapis.com/reservation-name as the key and specify the name of your reservation as its value. "values": [ # Corresponds to the label values of a reservation resource. This can be either a name to a reservation in the same project or "projects/different-project/reservations/some-reservation-name" to target a shared reservation in the same zone but in a different project. "A String", ], }, - "resourcePolicies": [ # Resource policies (names, not ULRs) applied to instances created from these properties. Note that for MachineImage, this is not supported yet. + "resourcePolicies": [ # Resource policies (names, not ULRs) applied to instances created from these properties. "A String", ], "scheduling": { # Sets the scheduling options for an Instance. NextID: 21 # Specifies the scheduling options for the instances that are created from these properties. @@ -778,7 +778,7 @@

Method Details

], }, ], - "shieldedInstanceConfig": { # A set of Shielded Instance options. # Note that for MachineImage, this is not supported yet. + "shieldedInstanceConfig": { # A set of Shielded Instance options. "enableIntegrityMonitoring": True or False, # Defines whether the instance has integrity monitoring enabled. Enabled by default. "enableSecureBoot": True or False, # Defines whether the instance has Secure Boot enabled. Disabled by default. "enableVtpm": True or False, # Defines whether the instance has the vTPM enabled. Enabled by default. @@ -894,12 +894,12 @@

Method Details

"kind": "compute#instanceTemplate", # [Output Only] The resource type, which is always compute#instanceTemplate for instance templates. "name": "A String", # Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. "properties": { # The instance properties for this instance template. - "advancedMachineFeatures": { # Specifies options for controlling advanced machine features. Options that would traditionally be configured in a BIOS belong here. Features that require operating system support may have corresponding entries in the GuestOsFeatures of an Image (e.g., whether or not the OS in the Image supports nested virtualization being enabled or disabled). # Controls for advanced machine-related behavior features. Note that for MachineImage, this is not supported yet. + "advancedMachineFeatures": { # Specifies options for controlling advanced machine features. Options that would traditionally be configured in a BIOS belong here. Features that require operating system support may have corresponding entries in the GuestOsFeatures of an Image (e.g., whether or not the OS in the Image supports nested virtualization being enabled or disabled). # Controls for advanced machine-related behavior features. "enableNestedVirtualization": True or False, # Whether to enable nested virtualization or not (default is false). "threadsPerCore": 42, # The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed. }, "canIpForward": True or False, # Enables instances created based on these properties to send packets with source IP addresses other than their own and receive packets with destination IP addresses other than their own. If these instances will be used as an IP gateway or it will be set as the next-hop in a Route resource, specify true. If unsure, leave this set to false. See the Enable IP forwarding documentation for more information. - "confidentialInstanceConfig": { # A set of Confidential Instance options. # Specifies the Confidential Instance options. Note that for MachineImage, this is not supported yet. + "confidentialInstanceConfig": { # A set of Confidential Instance options. # Specifies the Confidential Instance options. "enableConfidentialCompute": True or False, # Defines whether the instance should have confidential compute enabled. }, "description": "A String", # An optional text description for the instances that are created from these properties. @@ -996,7 +996,7 @@

Method Details

], }, ], - "displayDevice": { # A set of Display Device options # Display Device properties to enable support for remote display products like: Teradici, VNC and TeamViewer Note that for MachineImage, this is not supported yet. + "displayDevice": { # A set of Display Device options # Display Device properties to enable support for remote display products like: Teradici, VNC and TeamViewer "enableDisplay": True or False, # Defines whether the instance has Display enabled. }, "guestAccelerators": [ # A list of guest accelerator cards' type and count to use for instances created from these properties. @@ -1030,8 +1030,8 @@

Method Details

"name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access. "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance. "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP. - "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range. - "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated. + "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled. + "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT. }, ], @@ -1050,8 +1050,8 @@

Method Details

"name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access. "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance. "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP. - "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range. - "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated. + "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled. + "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT. }, ], @@ -1067,19 +1067,19 @@

Method Details

"subnetwork": "A String", # The URL of the Subnetwork resource for this instance. If the network resource is in legacy mode, do not specify this field. If the network is in auto subnet mode, specifying the subnetwork is optional. If the network is in custom subnet mode, specifying the subnetwork is required. If you specify this field, you can specify the subnetwork as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/project/regions/region /subnetworks/subnetwork - regions/region/subnetworks/subnetwork }, ], - "networkPerformanceConfig": { # Note that for MachineImage, this is not supported yet. + "networkPerformanceConfig": { "totalEgressBandwidthTier": "A String", }, - "postKeyRevocationActionType": "A String", # PostKeyRevocationActionType of the instance. - "privateIpv6GoogleAccess": "A String", # The private IPv6 google access type for VMs. If not specified, use INHERIT_FROM_SUBNETWORK as default. Note that for MachineImage, this is not supported yet. - "reservationAffinity": { # Specifies the reservations that this instance can consume from. # Specifies the reservations that instances can consume from. Note that for MachineImage, this is not supported yet. + "postKeyRevocationActionType": "A String", # PostKeyRevocationActionType of the instance.(will be deprecated soon) + "privateIpv6GoogleAccess": "A String", # The private IPv6 google access type for VMs. If not specified, use INHERIT_FROM_SUBNETWORK as default. + "reservationAffinity": { # Specifies the reservations that this instance can consume from. # Specifies the reservations that instances can consume from. "consumeReservationType": "A String", # Specifies the type of reservation from which this instance can consume resources: ANY_RESERVATION (default), SPECIFIC_RESERVATION, or NO_RESERVATION. See Consuming reserved instances for examples. "key": "A String", # Corresponds to the label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify googleapis.com/reservation-name as the key and specify the name of your reservation as its value. "values": [ # Corresponds to the label values of a reservation resource. This can be either a name to a reservation in the same project or "projects/different-project/reservations/some-reservation-name" to target a shared reservation in the same zone but in a different project. "A String", ], }, - "resourcePolicies": [ # Resource policies (names, not ULRs) applied to instances created from these properties. Note that for MachineImage, this is not supported yet. + "resourcePolicies": [ # Resource policies (names, not ULRs) applied to instances created from these properties. "A String", ], "scheduling": { # Sets the scheduling options for an Instance. NextID: 21 # Specifies the scheduling options for the instances that are created from these properties. @@ -1111,7 +1111,7 @@

Method Details

], }, ], - "shieldedInstanceConfig": { # A set of Shielded Instance options. # Note that for MachineImage, this is not supported yet. + "shieldedInstanceConfig": { # A set of Shielded Instance options. "enableIntegrityMonitoring": True or False, # Defines whether the instance has integrity monitoring enabled. Enabled by default. "enableSecureBoot": True or False, # Defines whether the instance has Secure Boot enabled. Disabled by default. "enableVtpm": True or False, # Defines whether the instance has the vTPM enabled. Enabled by default. diff --git a/docs/dyn/compute_beta.instances.html b/docs/dyn/compute_beta.instances.html index 814929a8d6c..444595cde80 100644 --- a/docs/dyn/compute_beta.instances.html +++ b/docs/dyn/compute_beta.instances.html @@ -253,8 +253,8 @@

Method Details

"name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access. "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance. "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP. - "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range. - "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated. + "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled. + "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT. } @@ -562,8 +562,8 @@

Method Details

"name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access. "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance. "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP. - "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range. - "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated. + "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled. + "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT. }, ], @@ -582,8 +582,8 @@

Method Details

"name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access. "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance. "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP. - "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range. - "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated. + "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled. + "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT. }, ], @@ -899,12 +899,12 @@

Method Details

{ # A transient resource used in compute.instances.bulkInsert and compute.regionInstances.bulkInsert . This resource is not persisted anywhere, it is used only for processing the requests. "count": "A String", # The maximum number of instances to create. "instanceProperties": { # The instance properties defining the VM instances to be created. Required if sourceInstanceTemplate is not provided. - "advancedMachineFeatures": { # Specifies options for controlling advanced machine features. Options that would traditionally be configured in a BIOS belong here. Features that require operating system support may have corresponding entries in the GuestOsFeatures of an Image (e.g., whether or not the OS in the Image supports nested virtualization being enabled or disabled). # Controls for advanced machine-related behavior features. Note that for MachineImage, this is not supported yet. + "advancedMachineFeatures": { # Specifies options for controlling advanced machine features. Options that would traditionally be configured in a BIOS belong here. Features that require operating system support may have corresponding entries in the GuestOsFeatures of an Image (e.g., whether or not the OS in the Image supports nested virtualization being enabled or disabled). # Controls for advanced machine-related behavior features. "enableNestedVirtualization": True or False, # Whether to enable nested virtualization or not (default is false). "threadsPerCore": 42, # The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed. }, "canIpForward": True or False, # Enables instances created based on these properties to send packets with source IP addresses other than their own and receive packets with destination IP addresses other than their own. If these instances will be used as an IP gateway or it will be set as the next-hop in a Route resource, specify true. If unsure, leave this set to false. See the Enable IP forwarding documentation for more information. - "confidentialInstanceConfig": { # A set of Confidential Instance options. # Specifies the Confidential Instance options. Note that for MachineImage, this is not supported yet. + "confidentialInstanceConfig": { # A set of Confidential Instance options. # Specifies the Confidential Instance options. "enableConfidentialCompute": True or False, # Defines whether the instance should have confidential compute enabled. }, "description": "A String", # An optional text description for the instances that are created from these properties. @@ -1001,7 +1001,7 @@

Method Details

], }, ], - "displayDevice": { # A set of Display Device options # Display Device properties to enable support for remote display products like: Teradici, VNC and TeamViewer Note that for MachineImage, this is not supported yet. + "displayDevice": { # A set of Display Device options # Display Device properties to enable support for remote display products like: Teradici, VNC and TeamViewer "enableDisplay": True or False, # Defines whether the instance has Display enabled. }, "guestAccelerators": [ # A list of guest accelerator cards' type and count to use for instances created from these properties. @@ -1035,8 +1035,8 @@

Method Details

"name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access. "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance. "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP. - "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range. - "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated. + "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled. + "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT. }, ], @@ -1055,8 +1055,8 @@

Method Details

"name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access. "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance. "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP. - "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range. - "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated. + "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled. + "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT. }, ], @@ -1072,19 +1072,19 @@

Method Details

"subnetwork": "A String", # The URL of the Subnetwork resource for this instance. If the network resource is in legacy mode, do not specify this field. If the network is in auto subnet mode, specifying the subnetwork is optional. If the network is in custom subnet mode, specifying the subnetwork is required. If you specify this field, you can specify the subnetwork as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/project/regions/region /subnetworks/subnetwork - regions/region/subnetworks/subnetwork }, ], - "networkPerformanceConfig": { # Note that for MachineImage, this is not supported yet. + "networkPerformanceConfig": { "totalEgressBandwidthTier": "A String", }, - "postKeyRevocationActionType": "A String", # PostKeyRevocationActionType of the instance. - "privateIpv6GoogleAccess": "A String", # The private IPv6 google access type for VMs. If not specified, use INHERIT_FROM_SUBNETWORK as default. Note that for MachineImage, this is not supported yet. - "reservationAffinity": { # Specifies the reservations that this instance can consume from. # Specifies the reservations that instances can consume from. Note that for MachineImage, this is not supported yet. + "postKeyRevocationActionType": "A String", # PostKeyRevocationActionType of the instance.(will be deprecated soon) + "privateIpv6GoogleAccess": "A String", # The private IPv6 google access type for VMs. If not specified, use INHERIT_FROM_SUBNETWORK as default. + "reservationAffinity": { # Specifies the reservations that this instance can consume from. # Specifies the reservations that instances can consume from. "consumeReservationType": "A String", # Specifies the type of reservation from which this instance can consume resources: ANY_RESERVATION (default), SPECIFIC_RESERVATION, or NO_RESERVATION. See Consuming reserved instances for examples. "key": "A String", # Corresponds to the label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify googleapis.com/reservation-name as the key and specify the name of your reservation as its value. "values": [ # Corresponds to the label values of a reservation resource. This can be either a name to a reservation in the same project or "projects/different-project/reservations/some-reservation-name" to target a shared reservation in the same zone but in a different project. "A String", ], }, - "resourcePolicies": [ # Resource policies (names, not ULRs) applied to instances created from these properties. Note that for MachineImage, this is not supported yet. + "resourcePolicies": [ # Resource policies (names, not ULRs) applied to instances created from these properties. "A String", ], "scheduling": { # Sets the scheduling options for an Instance. NextID: 21 # Specifies the scheduling options for the instances that are created from these properties. @@ -1116,7 +1116,7 @@

Method Details

], }, ], - "shieldedInstanceConfig": { # A set of Shielded Instance options. # Note that for MachineImage, this is not supported yet. + "shieldedInstanceConfig": { # A set of Shielded Instance options. "enableIntegrityMonitoring": True or False, # Defines whether the instance has integrity monitoring enabled. Enabled by default. "enableSecureBoot": True or False, # Defines whether the instance has Secure Boot enabled. Disabled by default. "enableVtpm": True or False, # Defines whether the instance has the vTPM enabled. Enabled by default. @@ -1572,8 +1572,8 @@

Method Details

"name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access. "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance. "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP. - "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range. - "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated. + "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled. + "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT. }, ], @@ -1592,8 +1592,8 @@

Method Details

"name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access. "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance. "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP. - "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range. - "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated. + "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled. + "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT. }, ], @@ -1784,7 +1784,7 @@

Method Details

"enable": True or False, # This field denotes whether to enable logging for a particular firewall rule. "metadata": "A String", # This field can only be specified for a particular firewall rule if logging is enabled for that rule. This field denotes whether to include or exclude metadata for firewall logs. }, - "name": "A String", # Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?`. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit. + "name": "A String", # Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])?. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit. "network": "A String", # URL of the network resource for this firewall rule. If not specified when creating a firewall rule, the default network is used: global/networks/default If you choose to specify this field, you can specify the network as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/myproject/global/networks/my-network - projects/myproject/global/networks/my-network - global/networks/default "priority": 42, # Priority for this rule. This is an integer between `0` and `65535`, both inclusive. The default value is `1000`. Relative priorities determine which rule takes effect if multiple rules apply. Lower values indicate higher priority. For example, a rule with priority `0` has higher precedence than a rule with priority `1`. DENY rules take precedence over ALLOW rules if they have equal priority. Note that VPC networks have implied rules with a priority of `65535`. To avoid conflicts with the implied rules, use a priority number less than `65535`. "selfLink": "A String", # [Output Only] Server-defined URL for the resource. @@ -2292,8 +2292,8 @@

Method Details

"name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access. "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance. "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP. - "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range. - "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated. + "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled. + "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT. }, ], @@ -2312,8 +2312,8 @@

Method Details

"name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access. "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance. "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP. - "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range. - "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated. + "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled. + "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT. }, ], @@ -2642,8 +2642,8 @@

Method Details

"name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access. "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance. "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP. - "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range. - "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated. + "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled. + "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT. }, ], @@ -2662,8 +2662,8 @@

Method Details

"name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access. "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance. "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP. - "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range. - "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated. + "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled. + "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT. }, ], @@ -4788,8 +4788,8 @@

Method Details

"name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access. "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance. "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP. - "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range. - "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated. + "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled. + "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT. }, ], @@ -4808,8 +4808,8 @@

Method Details

"name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access. "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance. "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP. - "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range. - "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated. + "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled. + "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT. }, ], @@ -4994,8 +4994,8 @@

Method Details

"name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access. "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance. "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP. - "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range. - "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated. + "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled. + "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT. } @@ -5147,8 +5147,8 @@

Method Details

"name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access. "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance. "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP. - "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range. - "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated. + "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled. + "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT. }, ], @@ -5167,8 +5167,8 @@

Method Details

"name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access. "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance. "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP. - "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range. - "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated. + "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled. + "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT. }, ], diff --git a/docs/dyn/compute_beta.machineImages.html b/docs/dyn/compute_beta.machineImages.html index 8c4ed68185a..92de184bb8f 100644 --- a/docs/dyn/compute_beta.machineImages.html +++ b/docs/dyn/compute_beta.machineImages.html @@ -281,8 +281,8 @@

Method Details

"name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access. "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance. "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP. - "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range. - "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated. + "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled. + "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT. }, ], @@ -301,8 +301,8 @@

Method Details

"name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access. "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance. "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP. - "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range. - "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated. + "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled. + "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT. }, ], @@ -318,7 +318,7 @@

Method Details

"subnetwork": "A String", # The URL of the Subnetwork resource for this instance. If the network resource is in legacy mode, do not specify this field. If the network is in auto subnet mode, specifying the subnetwork is optional. If the network is in custom subnet mode, specifying the subnetwork is required. If you specify this field, you can specify the subnetwork as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/project/regions/region /subnetworks/subnetwork - regions/region/subnetworks/subnetwork }, ], - "postKeyRevocationActionType": "A String", # PostKeyRevocationActionType of the instance. + "postKeyRevocationActionType": "A String", # PostKeyRevocationActionType of the instance. (will be deprecated soon) "scheduling": { # Sets the scheduling options for an Instance. NextID: 21 # Specifies the scheduling options for the instances that are created from this machine image. "automaticRestart": True or False, # Specifies whether the instance should be automatically restarted if it is terminated by Compute Engine (not terminated by a user). You can only set the automatic restart option for standard instances. Preemptible instances cannot be automatically restarted. By default, this is set to true so an instance is automatically restarted if it is terminated by Compute Engine. "hostErrorTimeoutSeconds": 42, # Specify the time in seconds for host error detection, the value must be within the range of [90, 330] with the increment of 30, if unset, the default behavior of host error recovery will be used. @@ -572,8 +572,8 @@

Method Details

"name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access. "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance. "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP. - "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range. - "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated. + "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled. + "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT. }, ], @@ -592,8 +592,8 @@

Method Details

"name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access. "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance. "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP. - "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range. - "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated. + "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled. + "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT. }, ], @@ -609,7 +609,7 @@

Method Details

"subnetwork": "A String", # The URL of the Subnetwork resource for this instance. If the network resource is in legacy mode, do not specify this field. If the network is in auto subnet mode, specifying the subnetwork is optional. If the network is in custom subnet mode, specifying the subnetwork is required. If you specify this field, you can specify the subnetwork as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/project/regions/region /subnetworks/subnetwork - regions/region/subnetworks/subnetwork }, ], - "postKeyRevocationActionType": "A String", # PostKeyRevocationActionType of the instance. + "postKeyRevocationActionType": "A String", # PostKeyRevocationActionType of the instance. (will be deprecated soon) "scheduling": { # Sets the scheduling options for an Instance. NextID: 21 # Specifies the scheduling options for the instances that are created from this machine image. "automaticRestart": True or False, # Specifies whether the instance should be automatically restarted if it is terminated by Compute Engine (not terminated by a user). You can only set the automatic restart option for standard instances. Preemptible instances cannot be automatically restarted. By default, this is set to true so an instance is automatically restarted if it is terminated by Compute Engine. "hostErrorTimeoutSeconds": 42, # Specify the time in seconds for host error detection, the value must be within the range of [90, 330] with the increment of 30, if unset, the default behavior of host error recovery will be used. @@ -828,8 +828,8 @@

Method Details

"name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access. "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance. "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP. - "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range. - "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated. + "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled. + "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT. }, ], @@ -848,8 +848,8 @@

Method Details

"name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access. "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance. "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP. - "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range. - "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated. + "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled. + "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT. }, ], @@ -865,7 +865,7 @@

Method Details

"subnetwork": "A String", # The URL of the Subnetwork resource for this instance. If the network resource is in legacy mode, do not specify this field. If the network is in auto subnet mode, specifying the subnetwork is optional. If the network is in custom subnet mode, specifying the subnetwork is required. If you specify this field, you can specify the subnetwork as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/project/regions/region /subnetworks/subnetwork - regions/region/subnetworks/subnetwork }, ], - "postKeyRevocationActionType": "A String", # PostKeyRevocationActionType of the instance. + "postKeyRevocationActionType": "A String", # PostKeyRevocationActionType of the instance. (will be deprecated soon) "scheduling": { # Sets the scheduling options for an Instance. NextID: 21 # Specifies the scheduling options for the instances that are created from this machine image. "automaticRestart": True or False, # Specifies whether the instance should be automatically restarted if it is terminated by Compute Engine (not terminated by a user). You can only set the automatic restart option for standard instances. Preemptible instances cannot be automatically restarted. By default, this is set to true so an instance is automatically restarted if it is terminated by Compute Engine. "hostErrorTimeoutSeconds": 42, # Specify the time in seconds for host error detection, the value must be within the range of [90, 330] with the increment of 30, if unset, the default behavior of host error recovery will be used. diff --git a/docs/dyn/compute_beta.networks.html b/docs/dyn/compute_beta.networks.html index 8f7cb461c2b..456f71ed74e 100644 --- a/docs/dyn/compute_beta.networks.html +++ b/docs/dyn/compute_beta.networks.html @@ -413,7 +413,7 @@

Method Details

"enable": True or False, # This field denotes whether to enable logging for a particular firewall rule. "metadata": "A String", # This field can only be specified for a particular firewall rule if logging is enabled for that rule. This field denotes whether to include or exclude metadata for firewall logs. }, - "name": "A String", # Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?`. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit. + "name": "A String", # Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])?. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit. "network": "A String", # URL of the network resource for this firewall rule. If not specified when creating a firewall rule, the default network is used: global/networks/default If you choose to specify this field, you can specify the network as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/myproject/global/networks/my-network - projects/myproject/global/networks/my-network - global/networks/default "priority": 42, # Priority for this rule. This is an integer between `0` and `65535`, both inclusive. The default value is `1000`. Relative priorities determine which rule takes effect if multiple rules apply. Lower values indicate higher priority. For example, a rule with priority `0` has higher precedence than a rule with priority `1`. DENY rules take precedence over ALLOW rules if they have equal priority. Note that VPC networks have implied rules with a priority of `65535`. To avoid conflicts with the implied rules, use a priority number less than `65535`. "selfLink": "A String", # [Output Only] Server-defined URL for the resource. diff --git a/docs/dyn/compute_beta.regionBackendServices.html b/docs/dyn/compute_beta.regionBackendServices.html index 263cd55a1d6..00ee4bb6a46 100644 --- a/docs/dyn/compute_beta.regionBackendServices.html +++ b/docs/dyn/compute_beta.regionBackendServices.html @@ -238,7 +238,7 @@

Method Details

], }, "cacheMode": "A String", # Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS Requires the origin to set valid caching headers to cache content. Responses without these headers will not be cached at Google's edge, and will require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server. FORCE_CACHE_ALL Cache all content, ignoring any "private", "no-store" or "no-cache" directives in Cache-Control response headers. Warning: this may result in Cloud CDN caching private, per-user (user identifiable) content. CACHE_ALL_STATIC Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), will not be cached. - "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 31,622,400s (1 year). + "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 86400s (1 day). "defaultTtl": 42, # Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). Setting a TTL of "0" means "always revalidate". The value of defaultTTL cannot be set to a value greater than that of maxTTL, but can be equal. When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. "maxTtl": 42, # Specifies the maximum allowed TTL for cached content served by this origin. Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTTL seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. Headers sent to the client will not be modified. Setting a TTL of "0" means "always revalidate". The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. "negativeCaching": True or False, # Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. When the cache mode is set to CACHE_ALL_STATIC or USE_ORIGIN_HEADERS, negative caching applies to responses with the specified response code that lack any Cache-Control, Expires, or Pragma: no-cache directives. When the cache mode is set to FORCE_CACHE_ALL, negative caching applies to all responses with the specified response code, and override any caching headers. By default, Cloud CDN will apply the following default TTLs to these status codes: HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s HTTP 405 (Method Not Found), 421 (Misdirected Request), 501 (Not Implemented): 60s. These defaults can be overridden in negative_caching_policy. @@ -362,7 +362,6 @@

Method Details

"sessionAffinity": "A String", # Type of session affinity to use. The default is NONE. For a detailed description of session affinity options, see: [Session affinity](https://cloud.google.com/load-balancing/docs/backend-service#session_affinity). Not supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true. "subsetting": { # Subsetting configuration for this BackendService. Currently this is applicable only for Internal TCP/UDP load balancing, Internal HTTP(S) load balancing and Traffic Director. "policy": "A String", - "subsetSize": 42, # The number of backends per backend group assigned to each proxy instance or each service mesh client. An input parameter to the `CONSISTENT_HASH_SUBSETTING` algorithm. Can only be set if `policy` is set to `CONSISTENT_HASH_SUBSETTING`. Can only be set if load balancing scheme is `INTERNAL_MANAGED` or `INTERNAL_SELF_MANAGED`. `subset_size` is optional for Internal HTTP(S) load balancing and required for Traffic Director. If you do not provide this value, Cloud Load Balancing will calculate it dynamically to optimize the number of proxies/clients visible to each backend and vice versa. Must be greater than 0. If `subset_size` is larger than the number of backends/endpoints, then subsetting is disabled. }, "timeoutSec": 42, # Not supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true. Instead, use maxStreamDuration. } @@ -571,7 +570,7 @@

Method Details

], }, "cacheMode": "A String", # Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS Requires the origin to set valid caching headers to cache content. Responses without these headers will not be cached at Google's edge, and will require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server. FORCE_CACHE_ALL Cache all content, ignoring any "private", "no-store" or "no-cache" directives in Cache-Control response headers. Warning: this may result in Cloud CDN caching private, per-user (user identifiable) content. CACHE_ALL_STATIC Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), will not be cached. - "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 31,622,400s (1 year). + "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 86400s (1 day). "defaultTtl": 42, # Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). Setting a TTL of "0" means "always revalidate". The value of defaultTTL cannot be set to a value greater than that of maxTTL, but can be equal. When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. "maxTtl": 42, # Specifies the maximum allowed TTL for cached content served by this origin. Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTTL seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. Headers sent to the client will not be modified. Setting a TTL of "0" means "always revalidate". The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. "negativeCaching": True or False, # Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. When the cache mode is set to CACHE_ALL_STATIC or USE_ORIGIN_HEADERS, negative caching applies to responses with the specified response code that lack any Cache-Control, Expires, or Pragma: no-cache directives. When the cache mode is set to FORCE_CACHE_ALL, negative caching applies to all responses with the specified response code, and override any caching headers. By default, Cloud CDN will apply the following default TTLs to these status codes: HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s HTTP 405 (Method Not Found), 421 (Misdirected Request), 501 (Not Implemented): 60s. These defaults can be overridden in negative_caching_policy. @@ -695,7 +694,6 @@

Method Details

"sessionAffinity": "A String", # Type of session affinity to use. The default is NONE. For a detailed description of session affinity options, see: [Session affinity](https://cloud.google.com/load-balancing/docs/backend-service#session_affinity). Not supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true. "subsetting": { # Subsetting configuration for this BackendService. Currently this is applicable only for Internal TCP/UDP load balancing, Internal HTTP(S) load balancing and Traffic Director. "policy": "A String", - "subsetSize": 42, # The number of backends per backend group assigned to each proxy instance or each service mesh client. An input parameter to the `CONSISTENT_HASH_SUBSETTING` algorithm. Can only be set if `policy` is set to `CONSISTENT_HASH_SUBSETTING`. Can only be set if load balancing scheme is `INTERNAL_MANAGED` or `INTERNAL_SELF_MANAGED`. `subset_size` is optional for Internal HTTP(S) load balancing and required for Traffic Director. If you do not provide this value, Cloud Load Balancing will calculate it dynamically to optimize the number of proxies/clients visible to each backend and vice versa. Must be greater than 0. If `subset_size` is larger than the number of backends/endpoints, then subsetting is disabled. }, "timeoutSec": 42, # Not supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true. Instead, use maxStreamDuration. } @@ -821,7 +819,7 @@

Method Details

], }, "cacheMode": "A String", # Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS Requires the origin to set valid caching headers to cache content. Responses without these headers will not be cached at Google's edge, and will require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server. FORCE_CACHE_ALL Cache all content, ignoring any "private", "no-store" or "no-cache" directives in Cache-Control response headers. Warning: this may result in Cloud CDN caching private, per-user (user identifiable) content. CACHE_ALL_STATIC Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), will not be cached. - "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 31,622,400s (1 year). + "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 86400s (1 day). "defaultTtl": 42, # Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). Setting a TTL of "0" means "always revalidate". The value of defaultTTL cannot be set to a value greater than that of maxTTL, but can be equal. When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. "maxTtl": 42, # Specifies the maximum allowed TTL for cached content served by this origin. Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTTL seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. Headers sent to the client will not be modified. Setting a TTL of "0" means "always revalidate". The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. "negativeCaching": True or False, # Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. When the cache mode is set to CACHE_ALL_STATIC or USE_ORIGIN_HEADERS, negative caching applies to responses with the specified response code that lack any Cache-Control, Expires, or Pragma: no-cache directives. When the cache mode is set to FORCE_CACHE_ALL, negative caching applies to all responses with the specified response code, and override any caching headers. By default, Cloud CDN will apply the following default TTLs to these status codes: HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s HTTP 405 (Method Not Found), 421 (Misdirected Request), 501 (Not Implemented): 60s. These defaults can be overridden in negative_caching_policy. @@ -945,7 +943,6 @@

Method Details

"sessionAffinity": "A String", # Type of session affinity to use. The default is NONE. For a detailed description of session affinity options, see: [Session affinity](https://cloud.google.com/load-balancing/docs/backend-service#session_affinity). Not supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true. "subsetting": { # Subsetting configuration for this BackendService. Currently this is applicable only for Internal TCP/UDP load balancing, Internal HTTP(S) load balancing and Traffic Director. "policy": "A String", - "subsetSize": 42, # The number of backends per backend group assigned to each proxy instance or each service mesh client. An input parameter to the `CONSISTENT_HASH_SUBSETTING` algorithm. Can only be set if `policy` is set to `CONSISTENT_HASH_SUBSETTING`. Can only be set if load balancing scheme is `INTERNAL_MANAGED` or `INTERNAL_SELF_MANAGED`. `subset_size` is optional for Internal HTTP(S) load balancing and required for Traffic Director. If you do not provide this value, Cloud Load Balancing will calculate it dynamically to optimize the number of proxies/clients visible to each backend and vice versa. Must be greater than 0. If `subset_size` is larger than the number of backends/endpoints, then subsetting is disabled. }, "timeoutSec": 42, # Not supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true. Instead, use maxStreamDuration. }, @@ -1033,7 +1030,7 @@

Method Details

], }, "cacheMode": "A String", # Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS Requires the origin to set valid caching headers to cache content. Responses without these headers will not be cached at Google's edge, and will require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server. FORCE_CACHE_ALL Cache all content, ignoring any "private", "no-store" or "no-cache" directives in Cache-Control response headers. Warning: this may result in Cloud CDN caching private, per-user (user identifiable) content. CACHE_ALL_STATIC Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), will not be cached. - "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 31,622,400s (1 year). + "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 86400s (1 day). "defaultTtl": 42, # Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). Setting a TTL of "0" means "always revalidate". The value of defaultTTL cannot be set to a value greater than that of maxTTL, but can be equal. When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. "maxTtl": 42, # Specifies the maximum allowed TTL for cached content served by this origin. Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTTL seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. Headers sent to the client will not be modified. Setting a TTL of "0" means "always revalidate". The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. "negativeCaching": True or False, # Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. When the cache mode is set to CACHE_ALL_STATIC or USE_ORIGIN_HEADERS, negative caching applies to responses with the specified response code that lack any Cache-Control, Expires, or Pragma: no-cache directives. When the cache mode is set to FORCE_CACHE_ALL, negative caching applies to all responses with the specified response code, and override any caching headers. By default, Cloud CDN will apply the following default TTLs to these status codes: HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s HTTP 405 (Method Not Found), 421 (Misdirected Request), 501 (Not Implemented): 60s. These defaults can be overridden in negative_caching_policy. @@ -1157,7 +1154,6 @@

Method Details

"sessionAffinity": "A String", # Type of session affinity to use. The default is NONE. For a detailed description of session affinity options, see: [Session affinity](https://cloud.google.com/load-balancing/docs/backend-service#session_affinity). Not supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true. "subsetting": { # Subsetting configuration for this BackendService. Currently this is applicable only for Internal TCP/UDP load balancing, Internal HTTP(S) load balancing and Traffic Director. "policy": "A String", - "subsetSize": 42, # The number of backends per backend group assigned to each proxy instance or each service mesh client. An input parameter to the `CONSISTENT_HASH_SUBSETTING` algorithm. Can only be set if `policy` is set to `CONSISTENT_HASH_SUBSETTING`. Can only be set if load balancing scheme is `INTERNAL_MANAGED` or `INTERNAL_SELF_MANAGED`. `subset_size` is optional for Internal HTTP(S) load balancing and required for Traffic Director. If you do not provide this value, Cloud Load Balancing will calculate it dynamically to optimize the number of proxies/clients visible to each backend and vice versa. Must be greater than 0. If `subset_size` is larger than the number of backends/endpoints, then subsetting is disabled. }, "timeoutSec": 42, # Not supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true. Instead, use maxStreamDuration. } @@ -1515,7 +1511,7 @@

Method Details

], }, "cacheMode": "A String", # Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS Requires the origin to set valid caching headers to cache content. Responses without these headers will not be cached at Google's edge, and will require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server. FORCE_CACHE_ALL Cache all content, ignoring any "private", "no-store" or "no-cache" directives in Cache-Control response headers. Warning: this may result in Cloud CDN caching private, per-user (user identifiable) content. CACHE_ALL_STATIC Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), will not be cached. - "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 31,622,400s (1 year). + "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 86400s (1 day). "defaultTtl": 42, # Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). Setting a TTL of "0" means "always revalidate". The value of defaultTTL cannot be set to a value greater than that of maxTTL, but can be equal. When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. "maxTtl": 42, # Specifies the maximum allowed TTL for cached content served by this origin. Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTTL seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. Headers sent to the client will not be modified. Setting a TTL of "0" means "always revalidate". The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. "negativeCaching": True or False, # Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. When the cache mode is set to CACHE_ALL_STATIC or USE_ORIGIN_HEADERS, negative caching applies to responses with the specified response code that lack any Cache-Control, Expires, or Pragma: no-cache directives. When the cache mode is set to FORCE_CACHE_ALL, negative caching applies to all responses with the specified response code, and override any caching headers. By default, Cloud CDN will apply the following default TTLs to these status codes: HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s HTTP 405 (Method Not Found), 421 (Misdirected Request), 501 (Not Implemented): 60s. These defaults can be overridden in negative_caching_policy. @@ -1639,7 +1635,6 @@

Method Details

"sessionAffinity": "A String", # Type of session affinity to use. The default is NONE. For a detailed description of session affinity options, see: [Session affinity](https://cloud.google.com/load-balancing/docs/backend-service#session_affinity). Not supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true. "subsetting": { # Subsetting configuration for this BackendService. Currently this is applicable only for Internal TCP/UDP load balancing, Internal HTTP(S) load balancing and Traffic Director. "policy": "A String", - "subsetSize": 42, # The number of backends per backend group assigned to each proxy instance or each service mesh client. An input parameter to the `CONSISTENT_HASH_SUBSETTING` algorithm. Can only be set if `policy` is set to `CONSISTENT_HASH_SUBSETTING`. Can only be set if load balancing scheme is `INTERNAL_MANAGED` or `INTERNAL_SELF_MANAGED`. `subset_size` is optional for Internal HTTP(S) load balancing and required for Traffic Director. If you do not provide this value, Cloud Load Balancing will calculate it dynamically to optimize the number of proxies/clients visible to each backend and vice versa. Must be greater than 0. If `subset_size` is larger than the number of backends/endpoints, then subsetting is disabled. }, "timeoutSec": 42, # Not supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true. Instead, use maxStreamDuration. } diff --git a/docs/dyn/compute_beta.regionInstanceGroupManagers.html b/docs/dyn/compute_beta.regionInstanceGroupManagers.html index 0a0305011e9..6b6a77d1732 100644 --- a/docs/dyn/compute_beta.regionInstanceGroupManagers.html +++ b/docs/dyn/compute_beta.regionInstanceGroupManagers.html @@ -137,9 +137,6 @@

Instance Methods

resize(project, region, instanceGroupManager, size, requestId=None, x__xgafv=None)

Changes the intended size of the managed instance group. If you increase the size, the group creates new instances using the current instance template. If you decrease the size, the group deletes one or more instances. The resize operation is marked DONE if the resize request is successful. The underlying actions take additional time. You must separately verify the status of the creating or deleting actions with the listmanagedinstances method. If the group is part of a backend service that has enabled connection draining, it can take up to 60 seconds after the connection draining duration has elapsed before the VM instance is removed or deleted.

-

- resizeAdvanced(project, region, instanceGroupManager, body=None, requestId=None, x__xgafv=None)

-

Resizes the regional managed instance group with advanced configuration options like disabling creation retries. This is an extended version of the resize method. If you increase the size, the group creates new instances using the current instance template. If you decrease the size, the group deletes one or more instances. The resize operation is marked DONE if the resize request is successful. The underlying actions take additional time. You must separately verify the status of the creating or deleting actions with the get or listmanagedinstances method. If the group is part of a backend service that has enabled connection draining, it can take up to 60 seconds after the connection draining duration has elapsed before the VM instance is removed or deleted.

setAutoHealingPolicies(project, region, instanceGroupManager, body=None, requestId=None, x__xgafv=None)

Modifies the autohealing policy for the instances in this managed instance group. [Deprecated] This method is deprecated. Use regionInstanceGroupManagers.patch instead.

@@ -1676,78 +1673,6 @@

Method Details

}
-
- resizeAdvanced(project, region, instanceGroupManager, body=None, requestId=None, x__xgafv=None) - 
Resizes the regional managed instance group with advanced configuration options like disabling creation retries. This is an extended version of the resize method. If you increase the size, the group creates new instances using the current instance template. If you decrease the size, the group deletes one or more instances. The resize operation is marked DONE if the resize request is successful. The underlying actions take additional time. You must separately verify the status of the creating or deleting actions with the get or listmanagedinstances method. If the group is part of a backend service that has enabled connection draining, it can take up to 60 seconds after the connection draining duration has elapsed before the VM instance is removed or deleted.
-
-Args:
-  project: string, Project ID for this request. (required)
-  region: string, Name of the region scoping this request. It must be a string that meets the requirements in RFC1035. (required)
-  instanceGroupManager: string, The name of the managed instance group. It must be a string that meets the requirements in RFC1035. (required)
-  body: object, The request body.
-    The object takes the form of:
-
-{
-  "noCreationRetries": True or False, # If this flag is true, the managed instance group attempts to create all instances initiated by this resize request only once. If there is an error during creation, the managed instance group does not retry create this instance, and we will decrease the targetSize of the request instead. If the flag is false, the group attempts to recreate each instance continuously until it succeeds. This flag matters only in the first attempt of creation of an instance. After an instance is successfully created while this flag is enabled, the instance behaves the same way as all the other instances created with a regular resize request. In particular, if a running instance dies unexpectedly at a later time and needs to be recreated, this mode does not affect the recreation behavior in that scenario. This flag is applicable only to the current resize request. It does not influence other resize requests in any way. You can see which instances ar being created in which mode by calling the get or listManagedInstances API.
-  "targetSize": 42, # The number of running instances that the managed instance group should maintain at any given time. The group automatically adds or removes instances to maintain the number of instances specified by this parameter.
-}
-
-  requestId: string, An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).
-  x__xgafv: string, V1 error format.
-    Allowed values
-      1 - v1 error format
-      2 - v2 error format
-
-Returns:
-  An object of the form:
-
-    { # Represents an Operation resource. Google Compute Engine has three Operation resources: * [Global](/compute/docs/reference/rest/beta/globalOperations) * [Regional](/compute/docs/reference/rest/beta/regionOperations) * [Zonal](/compute/docs/reference/rest/beta/zoneOperations) You can use an operation resource to manage asynchronous API requests. For more information, read Handling API responses. Operations can be global, regional or zonal. - For global operations, use the `globalOperations` resource. - For regional operations, use the `regionOperations` resource. - For zonal operations, use the `zonalOperations` resource. For more information, read Global, Regional, and Zonal Resources.
-  "clientOperationId": "A String", # [Output Only] The value of `requestId` if you provided it in the request. Not present otherwise.
-  "creationTimestamp": "A String", # [Deprecated] This field is deprecated.
-  "description": "A String", # [Output Only] A textual description of the operation, which is set when the operation is created.
-  "endTime": "A String", # [Output Only] The time that this operation was completed. This value is in RFC3339 text format.
-  "error": { # [Output Only] If errors are generated during processing of the operation, this field will be populated.
-    "errors": [ # [Output Only] The array of errors encountered while processing this operation.
-      {
-        "code": "A String", # [Output Only] The error type identifier for this error.
-        "location": "A String", # [Output Only] Indicates the field in the request that caused the error. This property is optional.
-        "message": "A String", # [Output Only] An optional, human-readable error message.
-      },
-    ],
-  },
-  "httpErrorMessage": "A String", # [Output Only] If the operation fails, this field contains the HTTP error message that was returned, such as `NOT FOUND`.
-  "httpErrorStatusCode": 42, # [Output Only] If the operation fails, this field contains the HTTP error status code that was returned. For example, a `404` means the resource was not found.
-  "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is defined by the server.
-  "insertTime": "A String", # [Output Only] The time that this operation was requested. This value is in RFC3339 text format.
-  "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for Operation resources.
-  "name": "A String", # [Output Only] Name of the operation.
-  "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a group of operations results from a `bulkInsert` API request.
-  "operationType": "A String", # [Output Only] The type of operation, such as `insert`, `update`, or `delete`, and so on.
-  "progress": 42, # [Output Only] An optional progress indicator that ranges from 0 to 100. There is no requirement that this be linear or support any granularity of operations. This should not be used to guess when the operation will be complete. This number should monotonically increase as the operation progresses.
-  "region": "A String", # [Output Only] The URL of the region where the operation resides. Only applicable when performing regional operations.
-  "selfLink": "A String", # [Output Only] Server-defined URL for the resource.
-  "startTime": "A String", # [Output Only] The time that this operation was started by the server. This value is in RFC3339 text format.
-  "status": "A String", # [Output Only] The status of the operation, which can be one of the following: `PENDING`, `RUNNING`, or `DONE`.
-  "statusMessage": "A String", # [Output Only] An optional textual description of the current status of the operation.
-  "targetId": "A String", # [Output Only] The unique target ID, which identifies a specific incarnation of the target resource.
-  "targetLink": "A String", # [Output Only] The URL of the resource that the operation modifies. For operations related to creating a snapshot, this points to the persistent disk that the snapshot was created from.
-  "user": "A String", # [Output Only] User who requested the operation, for example: `user@example.com`.
-  "warnings": [ # [Output Only] If warning messages are generated during processing of the operation, this field will be populated.
-    {
-      "code": "A String", # [Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.
-      "data": [ # [Output Only] Metadata about this warning in key: value format. For example: "data": [ { "key": "scope", "value": "zones/us-east1-d" }
-        {
-          "key": "A String", # [Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).
-          "value": "A String", # [Output Only] A warning data value corresponding to the key.
-        },
-      ],
-      "message": "A String", # [Output Only] A human-readable description of the warning code.
-    },
-  ],
-  "zone": "A String", # [Output Only] The URL of the zone where the operation resides. Only applicable when performing per-zone operations.
-}
-
-
setAutoHealingPolicies(project, region, instanceGroupManager, body=None, requestId=None, x__xgafv=None) 
Modifies the autohealing policy for the instances in this managed instance group. [Deprecated] This method is deprecated. Use regionInstanceGroupManagers.patch instead.
diff --git a/docs/dyn/compute_beta.regionInstances.html b/docs/dyn/compute_beta.regionInstances.html
index aa37f56b95c..de7eafe9e04 100644
--- a/docs/dyn/compute_beta.regionInstances.html
+++ b/docs/dyn/compute_beta.regionInstances.html
@@ -94,12 +94,12 @@ 
Method Details

 { # A transient resource used in compute.instances.bulkInsert and compute.regionInstances.bulkInsert . This resource is not persisted anywhere, it is used only for processing the requests.
   "count": "A String", # The maximum number of instances to create.
   "instanceProperties": { # The instance properties defining the VM instances to be created. Required if sourceInstanceTemplate is not provided.
-    "advancedMachineFeatures": { # Specifies options for controlling advanced machine features. Options that would traditionally be configured in a BIOS belong here. Features that require operating system support may have corresponding entries in the GuestOsFeatures of an Image (e.g., whether or not the OS in the Image supports nested virtualization being enabled or disabled). # Controls for advanced machine-related behavior features. Note that for MachineImage, this is not supported yet.
+    "advancedMachineFeatures": { # Specifies options for controlling advanced machine features. Options that would traditionally be configured in a BIOS belong here. Features that require operating system support may have corresponding entries in the GuestOsFeatures of an Image (e.g., whether or not the OS in the Image supports nested virtualization being enabled or disabled). # Controls for advanced machine-related behavior features.
       "enableNestedVirtualization": True or False, # Whether to enable nested virtualization or not (default is false).
       "threadsPerCore": 42, # The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.
     },
     "canIpForward": True or False, # Enables instances created based on these properties to send packets with source IP addresses other than their own and receive packets with destination IP addresses other than their own. If these instances will be used as an IP gateway or it will be set as the next-hop in a Route resource, specify true. If unsure, leave this set to false. See the Enable IP forwarding documentation for more information.
-    "confidentialInstanceConfig": { # A set of Confidential Instance options. # Specifies the Confidential Instance options. Note that for MachineImage, this is not supported yet.
+    "confidentialInstanceConfig": { # A set of Confidential Instance options. # Specifies the Confidential Instance options.
       "enableConfidentialCompute": True or False, # Defines whether the instance should have confidential compute enabled.
     },
     "description": "A String", # An optional text description for the instances that are created from these properties.
@@ -196,7 +196,7 @@ 
Method Details

         ],
       },
     ],
-    "displayDevice": { # A set of Display Device options # Display Device properties to enable support for remote display products like: Teradici, VNC and TeamViewer Note that for MachineImage, this is not supported yet.
+    "displayDevice": { # A set of Display Device options # Display Device properties to enable support for remote display products like: Teradici, VNC and TeamViewer
       "enableDisplay": True or False, # Defines whether the instance has Display enabled.
     },
     "guestAccelerators": [ # A list of guest accelerator cards' type and count to use for instances created from these properties.
@@ -230,8 +230,8 @@ 
Method Details

             "name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access.
             "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
             "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
-            "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
-            "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+            "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
+            "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
             "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
           },
         ],
@@ -250,8 +250,8 @@ 
Method Details

             "name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access.
             "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
             "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
-            "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
-            "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+            "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
+            "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
             "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
           },
         ],
@@ -267,19 +267,19 @@ 
Method Details

         "subnetwork": "A String", # The URL of the Subnetwork resource for this instance. If the network resource is in legacy mode, do not specify this field. If the network is in auto subnet mode, specifying the subnetwork is optional. If the network is in custom subnet mode, specifying the subnetwork is required. If you specify this field, you can specify the subnetwork as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/project/regions/region /subnetworks/subnetwork - regions/region/subnetworks/subnetwork
       },
     ],
-    "networkPerformanceConfig": { # Note that for MachineImage, this is not supported yet.
+    "networkPerformanceConfig": {
       "totalEgressBandwidthTier": "A String",
     },
-    "postKeyRevocationActionType": "A String", # PostKeyRevocationActionType of the instance.
-    "privateIpv6GoogleAccess": "A String", # The private IPv6 google access type for VMs. If not specified, use INHERIT_FROM_SUBNETWORK as default. Note that for MachineImage, this is not supported yet.
-    "reservationAffinity": { # Specifies the reservations that this instance can consume from. # Specifies the reservations that instances can consume from. Note that for MachineImage, this is not supported yet.
+    "postKeyRevocationActionType": "A String", # PostKeyRevocationActionType of the instance.(will be deprecated soon)
+    "privateIpv6GoogleAccess": "A String", # The private IPv6 google access type for VMs. If not specified, use INHERIT_FROM_SUBNETWORK as default.
+    "reservationAffinity": { # Specifies the reservations that this instance can consume from. # Specifies the reservations that instances can consume from.
       "consumeReservationType": "A String", # Specifies the type of reservation from which this instance can consume resources: ANY_RESERVATION (default), SPECIFIC_RESERVATION, or NO_RESERVATION. See Consuming reserved instances for examples.
       "key": "A String", # Corresponds to the label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify googleapis.com/reservation-name as the key and specify the name of your reservation as its value.
       "values": [ # Corresponds to the label values of a reservation resource. This can be either a name to a reservation in the same project or "projects/different-project/reservations/some-reservation-name" to target a shared reservation in the same zone but in a different project.
         "A String",
       ],
     },
-    "resourcePolicies": [ # Resource policies (names, not ULRs) applied to instances created from these properties. Note that for MachineImage, this is not supported yet.
+    "resourcePolicies": [ # Resource policies (names, not ULRs) applied to instances created from these properties.
       "A String",
     ],
     "scheduling": { # Sets the scheduling options for an Instance. NextID: 21 # Specifies the scheduling options for the instances that are created from these properties.
@@ -311,7 +311,7 @@ 
Method Details

         ],
       },
     ],
-    "shieldedInstanceConfig": { # A set of Shielded Instance options. # Note that for MachineImage, this is not supported yet.
+    "shieldedInstanceConfig": { # A set of Shielded Instance options.
       "enableIntegrityMonitoring": True or False, # Defines whether the instance has integrity monitoring enabled. Enabled by default.
       "enableSecureBoot": True or False, # Defines whether the instance has Secure Boot enabled. Disabled by default.
       "enableVtpm": True or False, # Defines whether the instance has the vTPM enabled. Enabled by default.
diff --git a/docs/dyn/compute_beta.routers.html b/docs/dyn/compute_beta.routers.html
index 505bf77d009..d13f4ffe46e 100644
--- a/docs/dyn/compute_beta.routers.html
+++ b/docs/dyn/compute_beta.routers.html
@@ -212,14 +212,12 @@ 
Method Details

               "drainNatIps": [ # A list of URLs of the IP resources to be drained. These IPs must be valid static external IPs that have been assigned to the NAT. These IPs should be used for updating/patching a NAT only.
                 "A String",
               ],
-              "enableDynamicPortAllocation": True or False, # Enable Dynamic Port Allocation. If not specified, it is disabled by default. If set to true, - Dynamic Port Allocation will be enabled on this NAT config. - enableEndpointIndependentMapping cannot be set to true. - If minPorts is set, minPortsPerVm must be set to a power of two greater than or equal to 32. If minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config.
               "enableEndpointIndependentMapping": True or False,
               "icmpIdleTimeoutSec": 42, # Timeout (in seconds) for ICMP connections. Defaults to 30s if not set.
               "logConfig": { # Configuration of logging on a NAT. # Configure logging on this NAT.
                 "enable": True or False, # Indicates whether or not to export logs. This is false by default.
                 "filter": "A String", # Specify the desired filtering of logs on this NAT. If unspecified, logs are exported for all connections handled by this NAT. This option can take one of the following values: - ERRORS_ONLY: Export logs only for connection failures. - TRANSLATIONS_ONLY: Export logs only for successful connections. - ALL: Export logs for all connections, successful and unsuccessful.
               },
-              "maxPortsPerVm": 42, # Maximum number of ports allocated to a VM from this NAT config when Dynamic Port Allocation is enabled. If Dynamic Port Allocation is not enabled, this field has no effect. If Dynamic Port Allocation is enabled, and this field is set, it must be set to a power of two greater than minPortsPerVm, or 64 if minPortsPerVm is not set. If Dynamic Port Allocation is enabled and this field is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config.
               "minPortsPerVm": 42, # Minimum number of ports allocated to a VM from this NAT config. If not set, a default number of ports is allocated to a VM. This is rounded up to the nearest power of 2. For example, if the value of this field is 50, at least 64 ports are allocated to a VM.
               "name": "A String", # Unique name of this Nat service. The name must be 1-63 characters long and comply with RFC1035.
               "natIpAllocateOption": "A String", # Specify the NatIpAllocateOption, which can take one of the following values: - MANUAL_ONLY: Uses only Nat IP addresses provided by customers. When there are not enough specified Nat IPs, the Nat service fails for new VMs. - AUTO_ONLY: Nat IPs are allocated by Google Cloud Platform; customers can't specify any Nat IPs. When choosing AUTO_ONLY, then nat_ip should be empty.
@@ -461,14 +459,12 @@ 
Method Details

       "drainNatIps": [ # A list of URLs of the IP resources to be drained. These IPs must be valid static external IPs that have been assigned to the NAT. These IPs should be used for updating/patching a NAT only.
         "A String",
       ],
-      "enableDynamicPortAllocation": True or False, # Enable Dynamic Port Allocation. If not specified, it is disabled by default. If set to true, - Dynamic Port Allocation will be enabled on this NAT config. - enableEndpointIndependentMapping cannot be set to true. - If minPorts is set, minPortsPerVm must be set to a power of two greater than or equal to 32. If minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config.
       "enableEndpointIndependentMapping": True or False,
       "icmpIdleTimeoutSec": 42, # Timeout (in seconds) for ICMP connections. Defaults to 30s if not set.
       "logConfig": { # Configuration of logging on a NAT. # Configure logging on this NAT.
         "enable": True or False, # Indicates whether or not to export logs. This is false by default.
         "filter": "A String", # Specify the desired filtering of logs on this NAT. If unspecified, logs are exported for all connections handled by this NAT. This option can take one of the following values: - ERRORS_ONLY: Export logs only for connection failures. - TRANSLATIONS_ONLY: Export logs only for successful connections. - ALL: Export logs for all connections, successful and unsuccessful.
       },
-      "maxPortsPerVm": 42, # Maximum number of ports allocated to a VM from this NAT config when Dynamic Port Allocation is enabled. If Dynamic Port Allocation is not enabled, this field has no effect. If Dynamic Port Allocation is enabled, and this field is set, it must be set to a power of two greater than minPortsPerVm, or 64 if minPortsPerVm is not set. If Dynamic Port Allocation is enabled and this field is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config.
       "minPortsPerVm": 42, # Minimum number of ports allocated to a VM from this NAT config. If not set, a default number of ports is allocated to a VM. This is rounded up to the nearest power of 2. For example, if the value of this field is 50, at least 64 ports are allocated to a VM.
       "name": "A String", # Unique name of this Nat service. The name must be 1-63 characters long and comply with RFC1035.
       "natIpAllocateOption": "A String", # Specify the NatIpAllocateOption, which can take one of the following values: - MANUAL_ONLY: Uses only Nat IP addresses provided by customers. When there are not enough specified Nat IPs, the Nat service fails for new VMs. - AUTO_ONLY: Nat IPs are allocated by Google Cloud Platform; customers can't specify any Nat IPs. When choosing AUTO_ONLY, then nat_ip should be empty.
@@ -932,14 +928,12 @@ 
Method Details

       "drainNatIps": [ # A list of URLs of the IP resources to be drained. These IPs must be valid static external IPs that have been assigned to the NAT. These IPs should be used for updating/patching a NAT only.
         "A String",
       ],
-      "enableDynamicPortAllocation": True or False, # Enable Dynamic Port Allocation. If not specified, it is disabled by default. If set to true, - Dynamic Port Allocation will be enabled on this NAT config. - enableEndpointIndependentMapping cannot be set to true. - If minPorts is set, minPortsPerVm must be set to a power of two greater than or equal to 32. If minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config.
       "enableEndpointIndependentMapping": True or False,
       "icmpIdleTimeoutSec": 42, # Timeout (in seconds) for ICMP connections. Defaults to 30s if not set.
       "logConfig": { # Configuration of logging on a NAT. # Configure logging on this NAT.
         "enable": True or False, # Indicates whether or not to export logs. This is false by default.
         "filter": "A String", # Specify the desired filtering of logs on this NAT. If unspecified, logs are exported for all connections handled by this NAT. This option can take one of the following values: - ERRORS_ONLY: Export logs only for connection failures. - TRANSLATIONS_ONLY: Export logs only for successful connections. - ALL: Export logs for all connections, successful and unsuccessful.
       },
-      "maxPortsPerVm": 42, # Maximum number of ports allocated to a VM from this NAT config when Dynamic Port Allocation is enabled. If Dynamic Port Allocation is not enabled, this field has no effect. If Dynamic Port Allocation is enabled, and this field is set, it must be set to a power of two greater than minPortsPerVm, or 64 if minPortsPerVm is not set. If Dynamic Port Allocation is enabled and this field is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config.
       "minPortsPerVm": 42, # Minimum number of ports allocated to a VM from this NAT config. If not set, a default number of ports is allocated to a VM. This is rounded up to the nearest power of 2. For example, if the value of this field is 50, at least 64 ports are allocated to a VM.
       "name": "A String", # Unique name of this Nat service. The name must be 1-63 characters long and comply with RFC1035.
       "natIpAllocateOption": "A String", # Specify the NatIpAllocateOption, which can take one of the following values: - MANUAL_ONLY: Uses only Nat IP addresses provided by customers. When there are not enough specified Nat IPs, the Nat service fails for new VMs. - AUTO_ONLY: Nat IPs are allocated by Google Cloud Platform; customers can't specify any Nat IPs. When choosing AUTO_ONLY, then nat_ip should be empty.
@@ -1130,14 +1124,12 @@ 
Method Details

           "drainNatIps": [ # A list of URLs of the IP resources to be drained. These IPs must be valid static external IPs that have been assigned to the NAT. These IPs should be used for updating/patching a NAT only.
             "A String",
           ],
-          "enableDynamicPortAllocation": True or False, # Enable Dynamic Port Allocation. If not specified, it is disabled by default. If set to true, - Dynamic Port Allocation will be enabled on this NAT config. - enableEndpointIndependentMapping cannot be set to true. - If minPorts is set, minPortsPerVm must be set to a power of two greater than or equal to 32. If minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config.
           "enableEndpointIndependentMapping": True or False,
           "icmpIdleTimeoutSec": 42, # Timeout (in seconds) for ICMP connections. Defaults to 30s if not set.
           "logConfig": { # Configuration of logging on a NAT. # Configure logging on this NAT.
             "enable": True or False, # Indicates whether or not to export logs. This is false by default.
             "filter": "A String", # Specify the desired filtering of logs on this NAT. If unspecified, logs are exported for all connections handled by this NAT. This option can take one of the following values: - ERRORS_ONLY: Export logs only for connection failures. - TRANSLATIONS_ONLY: Export logs only for successful connections. - ALL: Export logs for all connections, successful and unsuccessful.
           },
-          "maxPortsPerVm": 42, # Maximum number of ports allocated to a VM from this NAT config when Dynamic Port Allocation is enabled. If Dynamic Port Allocation is not enabled, this field has no effect. If Dynamic Port Allocation is enabled, and this field is set, it must be set to a power of two greater than minPortsPerVm, or 64 if minPortsPerVm is not set. If Dynamic Port Allocation is enabled and this field is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config.
           "minPortsPerVm": 42, # Minimum number of ports allocated to a VM from this NAT config. If not set, a default number of ports is allocated to a VM. This is rounded up to the nearest power of 2. For example, if the value of this field is 50, at least 64 ports are allocated to a VM.
           "name": "A String", # Unique name of this Nat service. The name must be 1-63 characters long and comply with RFC1035.
           "natIpAllocateOption": "A String", # Specify the NatIpAllocateOption, which can take one of the following values: - MANUAL_ONLY: Uses only Nat IP addresses provided by customers. When there are not enough specified Nat IPs, the Nat service fails for new VMs. - AUTO_ONLY: Nat IPs are allocated by Google Cloud Platform; customers can't specify any Nat IPs. When choosing AUTO_ONLY, then nat_ip should be empty.
@@ -1290,14 +1282,12 @@ 
Method Details

       "drainNatIps": [ # A list of URLs of the IP resources to be drained. These IPs must be valid static external IPs that have been assigned to the NAT. These IPs should be used for updating/patching a NAT only.
         "A String",
       ],
-      "enableDynamicPortAllocation": True or False, # Enable Dynamic Port Allocation. If not specified, it is disabled by default. If set to true, - Dynamic Port Allocation will be enabled on this NAT config. - enableEndpointIndependentMapping cannot be set to true. - If minPorts is set, minPortsPerVm must be set to a power of two greater than or equal to 32. If minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config.
       "enableEndpointIndependentMapping": True or False,
       "icmpIdleTimeoutSec": 42, # Timeout (in seconds) for ICMP connections. Defaults to 30s if not set.
       "logConfig": { # Configuration of logging on a NAT. # Configure logging on this NAT.
         "enable": True or False, # Indicates whether or not to export logs. This is false by default.
         "filter": "A String", # Specify the desired filtering of logs on this NAT. If unspecified, logs are exported for all connections handled by this NAT. This option can take one of the following values: - ERRORS_ONLY: Export logs only for connection failures. - TRANSLATIONS_ONLY: Export logs only for successful connections. - ALL: Export logs for all connections, successful and unsuccessful.
       },
-      "maxPortsPerVm": 42, # Maximum number of ports allocated to a VM from this NAT config when Dynamic Port Allocation is enabled. If Dynamic Port Allocation is not enabled, this field has no effect. If Dynamic Port Allocation is enabled, and this field is set, it must be set to a power of two greater than minPortsPerVm, or 64 if minPortsPerVm is not set. If Dynamic Port Allocation is enabled and this field is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config.
       "minPortsPerVm": 42, # Minimum number of ports allocated to a VM from this NAT config. If not set, a default number of ports is allocated to a VM. This is rounded up to the nearest power of 2. For example, if the value of this field is 50, at least 64 ports are allocated to a VM.
       "name": "A String", # Unique name of this Nat service. The name must be 1-63 characters long and comply with RFC1035.
       "natIpAllocateOption": "A String", # Specify the NatIpAllocateOption, which can take one of the following values: - MANUAL_ONLY: Uses only Nat IP addresses provided by customers. When there are not enough specified Nat IPs, the Nat service fails for new VMs. - AUTO_ONLY: Nat IPs are allocated by Google Cloud Platform; customers can't specify any Nat IPs. When choosing AUTO_ONLY, then nat_ip should be empty.
@@ -1476,14 +1466,12 @@ 
Method Details

       "drainNatIps": [ # A list of URLs of the IP resources to be drained. These IPs must be valid static external IPs that have been assigned to the NAT. These IPs should be used for updating/patching a NAT only.
         "A String",
       ],
-      "enableDynamicPortAllocation": True or False, # Enable Dynamic Port Allocation. If not specified, it is disabled by default. If set to true, - Dynamic Port Allocation will be enabled on this NAT config. - enableEndpointIndependentMapping cannot be set to true. - If minPorts is set, minPortsPerVm must be set to a power of two greater than or equal to 32. If minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config.
       "enableEndpointIndependentMapping": True or False,
       "icmpIdleTimeoutSec": 42, # Timeout (in seconds) for ICMP connections. Defaults to 30s if not set.
       "logConfig": { # Configuration of logging on a NAT. # Configure logging on this NAT.
         "enable": True or False, # Indicates whether or not to export logs. This is false by default.
         "filter": "A String", # Specify the desired filtering of logs on this NAT. If unspecified, logs are exported for all connections handled by this NAT. This option can take one of the following values: - ERRORS_ONLY: Export logs only for connection failures. - TRANSLATIONS_ONLY: Export logs only for successful connections. - ALL: Export logs for all connections, successful and unsuccessful.
       },
-      "maxPortsPerVm": 42, # Maximum number of ports allocated to a VM from this NAT config when Dynamic Port Allocation is enabled. If Dynamic Port Allocation is not enabled, this field has no effect. If Dynamic Port Allocation is enabled, and this field is set, it must be set to a power of two greater than minPortsPerVm, or 64 if minPortsPerVm is not set. If Dynamic Port Allocation is enabled and this field is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config.
       "minPortsPerVm": 42, # Minimum number of ports allocated to a VM from this NAT config. If not set, a default number of ports is allocated to a VM. This is rounded up to the nearest power of 2. For example, if the value of this field is 50, at least 64 ports are allocated to a VM.
       "name": "A String", # Unique name of this Nat service. The name must be 1-63 characters long and comply with RFC1035.
       "natIpAllocateOption": "A String", # Specify the NatIpAllocateOption, which can take one of the following values: - MANUAL_ONLY: Uses only Nat IP addresses provided by customers. When there are not enough specified Nat IPs, the Nat service fails for new VMs. - AUTO_ONLY: Nat IPs are allocated by Google Cloud Platform; customers can't specify any Nat IPs. When choosing AUTO_ONLY, then nat_ip should be empty.
@@ -1604,14 +1592,12 @@ 
Method Details

         "drainNatIps": [ # A list of URLs of the IP resources to be drained. These IPs must be valid static external IPs that have been assigned to the NAT. These IPs should be used for updating/patching a NAT only.
           "A String",
         ],
-        "enableDynamicPortAllocation": True or False, # Enable Dynamic Port Allocation. If not specified, it is disabled by default. If set to true, - Dynamic Port Allocation will be enabled on this NAT config. - enableEndpointIndependentMapping cannot be set to true. - If minPorts is set, minPortsPerVm must be set to a power of two greater than or equal to 32. If minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config.
         "enableEndpointIndependentMapping": True or False,
         "icmpIdleTimeoutSec": 42, # Timeout (in seconds) for ICMP connections. Defaults to 30s if not set.
         "logConfig": { # Configuration of logging on a NAT. # Configure logging on this NAT.
           "enable": True or False, # Indicates whether or not to export logs. This is false by default.
           "filter": "A String", # Specify the desired filtering of logs on this NAT. If unspecified, logs are exported for all connections handled by this NAT. This option can take one of the following values: - ERRORS_ONLY: Export logs only for connection failures. - TRANSLATIONS_ONLY: Export logs only for successful connections. - ALL: Export logs for all connections, successful and unsuccessful.
         },
-        "maxPortsPerVm": 42, # Maximum number of ports allocated to a VM from this NAT config when Dynamic Port Allocation is enabled. If Dynamic Port Allocation is not enabled, this field has no effect. If Dynamic Port Allocation is enabled, and this field is set, it must be set to a power of two greater than minPortsPerVm, or 64 if minPortsPerVm is not set. If Dynamic Port Allocation is enabled and this field is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config.
         "minPortsPerVm": 42, # Minimum number of ports allocated to a VM from this NAT config. If not set, a default number of ports is allocated to a VM. This is rounded up to the nearest power of 2. For example, if the value of this field is 50, at least 64 ports are allocated to a VM.
         "name": "A String", # Unique name of this Nat service. The name must be 1-63 characters long and comply with RFC1035.
         "natIpAllocateOption": "A String", # Specify the NatIpAllocateOption, which can take one of the following values: - MANUAL_ONLY: Uses only Nat IP addresses provided by customers. When there are not enough specified Nat IPs, the Nat service fails for new VMs. - AUTO_ONLY: Nat IPs are allocated by Google Cloud Platform; customers can't specify any Nat IPs. When choosing AUTO_ONLY, then nat_ip should be empty.
@@ -1768,14 +1754,12 @@ 
Method Details

       "drainNatIps": [ # A list of URLs of the IP resources to be drained. These IPs must be valid static external IPs that have been assigned to the NAT. These IPs should be used for updating/patching a NAT only.
         "A String",
       ],
-      "enableDynamicPortAllocation": True or False, # Enable Dynamic Port Allocation. If not specified, it is disabled by default. If set to true, - Dynamic Port Allocation will be enabled on this NAT config. - enableEndpointIndependentMapping cannot be set to true. - If minPorts is set, minPortsPerVm must be set to a power of two greater than or equal to 32. If minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config.
       "enableEndpointIndependentMapping": True or False,
       "icmpIdleTimeoutSec": 42, # Timeout (in seconds) for ICMP connections. Defaults to 30s if not set.
       "logConfig": { # Configuration of logging on a NAT. # Configure logging on this NAT.
         "enable": True or False, # Indicates whether or not to export logs. This is false by default.
         "filter": "A String", # Specify the desired filtering of logs on this NAT. If unspecified, logs are exported for all connections handled by this NAT. This option can take one of the following values: - ERRORS_ONLY: Export logs only for connection failures. - TRANSLATIONS_ONLY: Export logs only for successful connections. - ALL: Export logs for all connections, successful and unsuccessful.
       },
-      "maxPortsPerVm": 42, # Maximum number of ports allocated to a VM from this NAT config when Dynamic Port Allocation is enabled. If Dynamic Port Allocation is not enabled, this field has no effect. If Dynamic Port Allocation is enabled, and this field is set, it must be set to a power of two greater than minPortsPerVm, or 64 if minPortsPerVm is not set. If Dynamic Port Allocation is enabled and this field is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config.
       "minPortsPerVm": 42, # Minimum number of ports allocated to a VM from this NAT config. If not set, a default number of ports is allocated to a VM. This is rounded up to the nearest power of 2. For example, if the value of this field is 50, at least 64 ports are allocated to a VM.
       "name": "A String", # Unique name of this Nat service. The name must be 1-63 characters long and comply with RFC1035.
       "natIpAllocateOption": "A String", # Specify the NatIpAllocateOption, which can take one of the following values: - MANUAL_ONLY: Uses only Nat IP addresses provided by customers. When there are not enough specified Nat IPs, the Nat service fails for new VMs. - AUTO_ONLY: Nat IPs are allocated by Google Cloud Platform; customers can't specify any Nat IPs. When choosing AUTO_ONLY, then nat_ip should be empty.
diff --git a/docs/dyn/compute_v1.backendBuckets.html b/docs/dyn/compute_v1.backendBuckets.html
index 2c3a7dd6587..a7e105bb634 100644
--- a/docs/dyn/compute_v1.backendBuckets.html
+++ b/docs/dyn/compute_v1.backendBuckets.html
@@ -332,7 +332,7 @@ 
Method Details

       },
     ],
     "cacheMode": "A String", # Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS Requires the origin to set valid caching headers to cache content. Responses without these headers will not be cached at Google's edge, and will require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server. FORCE_CACHE_ALL Cache all content, ignoring any "private", "no-store" or "no-cache" directives in Cache-Control response headers. Warning: this may result in Cloud CDN caching private, per-user (user identifiable) content. CACHE_ALL_STATIC Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), will not be cached.
-    "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 31,622,400s (1 year).
+    "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 86400s (1 day).
     "defaultTtl": 42, # Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). Setting a TTL of "0" means "always revalidate". The value of defaultTTL cannot be set to a value greater than that of maxTTL, but can be equal. When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
     "maxTtl": 42, # Specifies the maximum allowed TTL for cached content served by this origin. Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTTL seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. Headers sent to the client will not be modified. Setting a TTL of "0" means "always revalidate". The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
     "negativeCaching": True or False, # Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. When the cache mode is set to CACHE_ALL_STATIC or USE_ORIGIN_HEADERS, negative caching applies to responses with the specified response code that lack any Cache-Control, Expires, or Pragma: no-cache directives. When the cache mode is set to FORCE_CACHE_ALL, negative caching applies to all responses with the specified response code, and override any caching headers. By default, Cloud CDN will apply the following default TTLs to these status codes: HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s HTTP 405 (Method Not Found), 421 (Misdirected Request), 501 (Not Implemented): 60s. These defaults can be overridden in negative_caching_policy.
@@ -380,7 +380,7 @@ 
Method Details

       },
     ],
     "cacheMode": "A String", # Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS Requires the origin to set valid caching headers to cache content. Responses without these headers will not be cached at Google's edge, and will require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server. FORCE_CACHE_ALL Cache all content, ignoring any "private", "no-store" or "no-cache" directives in Cache-Control response headers. Warning: this may result in Cloud CDN caching private, per-user (user identifiable) content. CACHE_ALL_STATIC Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), will not be cached.
-    "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 31,622,400s (1 year).
+    "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 86400s (1 day).
     "defaultTtl": 42, # Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). Setting a TTL of "0" means "always revalidate". The value of defaultTTL cannot be set to a value greater than that of maxTTL, but can be equal. When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
     "maxTtl": 42, # Specifies the maximum allowed TTL for cached content served by this origin. Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTTL seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. Headers sent to the client will not be modified. Setting a TTL of "0" means "always revalidate". The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
     "negativeCaching": True or False, # Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. When the cache mode is set to CACHE_ALL_STATIC or USE_ORIGIN_HEADERS, negative caching applies to responses with the specified response code that lack any Cache-Control, Expires, or Pragma: no-cache directives. When the cache mode is set to FORCE_CACHE_ALL, negative caching applies to all responses with the specified response code, and override any caching headers. By default, Cloud CDN will apply the following default TTLs to these status codes: HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s HTTP 405 (Method Not Found), 421 (Misdirected Request), 501 (Not Implemented): 60s. These defaults can be overridden in negative_caching_policy.
@@ -496,7 +496,7 @@ 
Method Details

           },
         ],
         "cacheMode": "A String", # Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS Requires the origin to set valid caching headers to cache content. Responses without these headers will not be cached at Google's edge, and will require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server. FORCE_CACHE_ALL Cache all content, ignoring any "private", "no-store" or "no-cache" directives in Cache-Control response headers. Warning: this may result in Cloud CDN caching private, per-user (user identifiable) content. CACHE_ALL_STATIC Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), will not be cached.
-        "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 31,622,400s (1 year).
+        "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 86400s (1 day).
         "defaultTtl": 42, # Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). Setting a TTL of "0" means "always revalidate". The value of defaultTTL cannot be set to a value greater than that of maxTTL, but can be equal. When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
         "maxTtl": 42, # Specifies the maximum allowed TTL for cached content served by this origin. Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTTL seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. Headers sent to the client will not be modified. Setting a TTL of "0" means "always revalidate". The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
         "negativeCaching": True or False, # Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. When the cache mode is set to CACHE_ALL_STATIC or USE_ORIGIN_HEADERS, negative caching applies to responses with the specified response code that lack any Cache-Control, Expires, or Pragma: no-cache directives. When the cache mode is set to FORCE_CACHE_ALL, negative caching applies to all responses with the specified response code, and override any caching headers. By default, Cloud CDN will apply the following default TTLs to these status codes: HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s HTTP 405 (Method Not Found), 421 (Misdirected Request), 501 (Not Implemented): 60s. These defaults can be overridden in negative_caching_policy.
@@ -574,7 +574,7 @@ 
Method Details

       },
     ],
     "cacheMode": "A String", # Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS Requires the origin to set valid caching headers to cache content. Responses without these headers will not be cached at Google's edge, and will require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server. FORCE_CACHE_ALL Cache all content, ignoring any "private", "no-store" or "no-cache" directives in Cache-Control response headers. Warning: this may result in Cloud CDN caching private, per-user (user identifiable) content. CACHE_ALL_STATIC Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), will not be cached.
-    "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 31,622,400s (1 year).
+    "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 86400s (1 day).
     "defaultTtl": 42, # Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). Setting a TTL of "0" means "always revalidate". The value of defaultTTL cannot be set to a value greater than that of maxTTL, but can be equal. When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
     "maxTtl": 42, # Specifies the maximum allowed TTL for cached content served by this origin. Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTTL seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. Headers sent to the client will not be modified. Setting a TTL of "0" means "always revalidate". The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
     "negativeCaching": True or False, # Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. When the cache mode is set to CACHE_ALL_STATIC or USE_ORIGIN_HEADERS, negative caching applies to responses with the specified response code that lack any Cache-Control, Expires, or Pragma: no-cache directives. When the cache mode is set to FORCE_CACHE_ALL, negative caching applies to all responses with the specified response code, and override any caching headers. By default, Cloud CDN will apply the following default TTLs to these status codes: HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s HTTP 405 (Method Not Found), 421 (Misdirected Request), 501 (Not Implemented): 60s. These defaults can be overridden in negative_caching_policy.
@@ -678,7 +678,7 @@ 
Method Details

       },
     ],
     "cacheMode": "A String", # Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS Requires the origin to set valid caching headers to cache content. Responses without these headers will not be cached at Google's edge, and will require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server. FORCE_CACHE_ALL Cache all content, ignoring any "private", "no-store" or "no-cache" directives in Cache-Control response headers. Warning: this may result in Cloud CDN caching private, per-user (user identifiable) content. CACHE_ALL_STATIC Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), will not be cached.
-    "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 31,622,400s (1 year).
+    "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 86400s (1 day).
     "defaultTtl": 42, # Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). Setting a TTL of "0" means "always revalidate". The value of defaultTTL cannot be set to a value greater than that of maxTTL, but can be equal. When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
     "maxTtl": 42, # Specifies the maximum allowed TTL for cached content served by this origin. Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTTL seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. Headers sent to the client will not be modified. Setting a TTL of "0" means "always revalidate". The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
     "negativeCaching": True or False, # Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. When the cache mode is set to CACHE_ALL_STATIC or USE_ORIGIN_HEADERS, negative caching applies to responses with the specified response code that lack any Cache-Control, Expires, or Pragma: no-cache directives. When the cache mode is set to FORCE_CACHE_ALL, negative caching applies to all responses with the specified response code, and override any caching headers. By default, Cloud CDN will apply the following default TTLs to these status codes: HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s HTTP 405 (Method Not Found), 421 (Misdirected Request), 501 (Not Implemented): 60s. These defaults can be overridden in negative_caching_policy.
diff --git a/docs/dyn/compute_v1.backendServices.html b/docs/dyn/compute_v1.backendServices.html
index 469a904dd06..72e77f0cac1 100644
--- a/docs/dyn/compute_v1.backendServices.html
+++ b/docs/dyn/compute_v1.backendServices.html
@@ -249,7 +249,7 @@ 
Method Details

               ],
             },
             "cacheMode": "A String", # Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS Requires the origin to set valid caching headers to cache content. Responses without these headers will not be cached at Google's edge, and will require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server. FORCE_CACHE_ALL Cache all content, ignoring any "private", "no-store" or "no-cache" directives in Cache-Control response headers. Warning: this may result in Cloud CDN caching private, per-user (user identifiable) content. CACHE_ALL_STATIC Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), will not be cached.
-            "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 31,622,400s (1 year).
+            "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 86400s (1 day).
             "defaultTtl": 42, # Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). Setting a TTL of "0" means "always revalidate". The value of defaultTTL cannot be set to a value greater than that of maxTTL, but can be equal. When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
             "maxTtl": 42, # Specifies the maximum allowed TTL for cached content served by this origin. Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTTL seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. Headers sent to the client will not be modified. Setting a TTL of "0" means "always revalidate". The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
             "negativeCaching": True or False, # Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. When the cache mode is set to CACHE_ALL_STATIC or USE_ORIGIN_HEADERS, negative caching applies to responses with the specified response code that lack any Cache-Control, Expires, or Pragma: no-cache directives. When the cache mode is set to FORCE_CACHE_ALL, negative caching applies to all responses with the specified response code, and override any caching headers. By default, Cloud CDN will apply the following default TTLs to these status codes: HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s HTTP 405 (Method Not Found), 421 (Misdirected Request), 501 (Not Implemented): 60s. These defaults can be overridden in negative_caching_policy.
@@ -592,7 +592,7 @@ 
Method Details

       ],
     },
     "cacheMode": "A String", # Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS Requires the origin to set valid caching headers to cache content. Responses without these headers will not be cached at Google's edge, and will require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server. FORCE_CACHE_ALL Cache all content, ignoring any "private", "no-store" or "no-cache" directives in Cache-Control response headers. Warning: this may result in Cloud CDN caching private, per-user (user identifiable) content. CACHE_ALL_STATIC Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), will not be cached.
-    "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 31,622,400s (1 year).
+    "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 86400s (1 day).
     "defaultTtl": 42, # Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). Setting a TTL of "0" means "always revalidate". The value of defaultTTL cannot be set to a value greater than that of maxTTL, but can be equal. When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
     "maxTtl": 42, # Specifies the maximum allowed TTL for cached content served by this origin. Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTTL seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. Headers sent to the client will not be modified. Setting a TTL of "0" means "always revalidate". The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
     "negativeCaching": True or False, # Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. When the cache mode is set to CACHE_ALL_STATIC or USE_ORIGIN_HEADERS, negative caching applies to responses with the specified response code that lack any Cache-Control, Expires, or Pragma: no-cache directives. When the cache mode is set to FORCE_CACHE_ALL, negative caching applies to all responses with the specified response code, and override any caching headers. By default, Cloud CDN will apply the following default TTLs to these status codes: HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s HTTP 405 (Method Not Found), 421 (Misdirected Request), 501 (Not Implemented): 60s. These defaults can be overridden in negative_caching_policy.
@@ -798,7 +798,7 @@ 
Method Details

       ],
     },
     "cacheMode": "A String", # Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS Requires the origin to set valid caching headers to cache content. Responses without these headers will not be cached at Google's edge, and will require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server. FORCE_CACHE_ALL Cache all content, ignoring any "private", "no-store" or "no-cache" directives in Cache-Control response headers. Warning: this may result in Cloud CDN caching private, per-user (user identifiable) content. CACHE_ALL_STATIC Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), will not be cached.
-    "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 31,622,400s (1 year).
+    "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 86400s (1 day).
     "defaultTtl": 42, # Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). Setting a TTL of "0" means "always revalidate". The value of defaultTTL cannot be set to a value greater than that of maxTTL, but can be equal. When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
     "maxTtl": 42, # Specifies the maximum allowed TTL for cached content served by this origin. Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTTL seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. Headers sent to the client will not be modified. Setting a TTL of "0" means "always revalidate". The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
     "negativeCaching": True or False, # Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. When the cache mode is set to CACHE_ALL_STATIC or USE_ORIGIN_HEADERS, negative caching applies to responses with the specified response code that lack any Cache-Control, Expires, or Pragma: no-cache directives. When the cache mode is set to FORCE_CACHE_ALL, negative caching applies to all responses with the specified response code, and override any caching headers. By default, Cloud CDN will apply the following default TTLs to these status codes: HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s HTTP 405 (Method Not Found), 421 (Misdirected Request), 501 (Not Implemented): 60s. These defaults can be overridden in negative_caching_policy.
@@ -1027,7 +1027,7 @@ 
Method Details

           ],
         },
         "cacheMode": "A String", # Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS Requires the origin to set valid caching headers to cache content. Responses without these headers will not be cached at Google's edge, and will require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server. FORCE_CACHE_ALL Cache all content, ignoring any "private", "no-store" or "no-cache" directives in Cache-Control response headers. Warning: this may result in Cloud CDN caching private, per-user (user identifiable) content. CACHE_ALL_STATIC Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), will not be cached.
-        "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 31,622,400s (1 year).
+        "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 86400s (1 day).
         "defaultTtl": 42, # Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). Setting a TTL of "0" means "always revalidate". The value of defaultTTL cannot be set to a value greater than that of maxTTL, but can be equal. When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
         "maxTtl": 42, # Specifies the maximum allowed TTL for cached content served by this origin. Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTTL seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. Headers sent to the client will not be modified. Setting a TTL of "0" means "always revalidate". The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
         "negativeCaching": True or False, # Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. When the cache mode is set to CACHE_ALL_STATIC or USE_ORIGIN_HEADERS, negative caching applies to responses with the specified response code that lack any Cache-Control, Expires, or Pragma: no-cache directives. When the cache mode is set to FORCE_CACHE_ALL, negative caching applies to all responses with the specified response code, and override any caching headers. By default, Cloud CDN will apply the following default TTLs to these status codes: HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s HTTP 405 (Method Not Found), 421 (Misdirected Request), 501 (Not Implemented): 60s. These defaults can be overridden in negative_caching_policy.
@@ -1218,7 +1218,7 @@ 
Method Details

       ],
     },
     "cacheMode": "A String", # Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS Requires the origin to set valid caching headers to cache content. Responses without these headers will not be cached at Google's edge, and will require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server. FORCE_CACHE_ALL Cache all content, ignoring any "private", "no-store" or "no-cache" directives in Cache-Control response headers. Warning: this may result in Cloud CDN caching private, per-user (user identifiable) content. CACHE_ALL_STATIC Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), will not be cached.
-    "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 31,622,400s (1 year).
+    "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 86400s (1 day).
     "defaultTtl": 42, # Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). Setting a TTL of "0" means "always revalidate". The value of defaultTTL cannot be set to a value greater than that of maxTTL, but can be equal. When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
     "maxTtl": 42, # Specifies the maximum allowed TTL for cached content served by this origin. Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTTL seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. Headers sent to the client will not be modified. Setting a TTL of "0" means "always revalidate". The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
     "negativeCaching": True or False, # Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. When the cache mode is set to CACHE_ALL_STATIC or USE_ORIGIN_HEADERS, negative caching applies to responses with the specified response code that lack any Cache-Control, Expires, or Pragma: no-cache directives. When the cache mode is set to FORCE_CACHE_ALL, negative caching applies to all responses with the specified response code, and override any caching headers. By default, Cloud CDN will apply the following default TTLs to these status codes: HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s HTTP 405 (Method Not Found), 421 (Misdirected Request), 501 (Not Implemented): 60s. These defaults can be overridden in negative_caching_policy.
@@ -1505,7 +1505,7 @@ 
Method Details

       ],
     },
     "cacheMode": "A String", # Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS Requires the origin to set valid caching headers to cache content. Responses without these headers will not be cached at Google's edge, and will require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server. FORCE_CACHE_ALL Cache all content, ignoring any "private", "no-store" or "no-cache" directives in Cache-Control response headers. Warning: this may result in Cloud CDN caching private, per-user (user identifiable) content. CACHE_ALL_STATIC Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), will not be cached.
-    "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 31,622,400s (1 year).
+    "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 86400s (1 day).
     "defaultTtl": 42, # Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). Setting a TTL of "0" means "always revalidate". The value of defaultTTL cannot be set to a value greater than that of maxTTL, but can be equal. When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
     "maxTtl": 42, # Specifies the maximum allowed TTL for cached content served by this origin. Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTTL seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. Headers sent to the client will not be modified. Setting a TTL of "0" means "always revalidate". The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
     "negativeCaching": True or False, # Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. When the cache mode is set to CACHE_ALL_STATIC or USE_ORIGIN_HEADERS, negative caching applies to responses with the specified response code that lack any Cache-Control, Expires, or Pragma: no-cache directives. When the cache mode is set to FORCE_CACHE_ALL, negative caching applies to all responses with the specified response code, and override any caching headers. By default, Cloud CDN will apply the following default TTLs to these status codes: HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s HTTP 405 (Method Not Found), 421 (Misdirected Request), 501 (Not Implemented): 60s. These defaults can be overridden in negative_caching_policy.
diff --git a/docs/dyn/compute_v1.firewalls.html b/docs/dyn/compute_v1.firewalls.html
index 0858c59fed7..094651ee552 100644
--- a/docs/dyn/compute_v1.firewalls.html
+++ b/docs/dyn/compute_v1.firewalls.html
@@ -212,7 +212,7 @@ 
Method Details

     "enable": True or False, # This field denotes whether to enable logging for a particular firewall rule.
     "metadata": "A String", # This field can only be specified for a particular firewall rule if logging is enabled for that rule. This field denotes whether to include or exclude metadata for firewall logs.
   },
-  "name": "A String", # Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?`. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit.
+  "name": "A String", # Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])?. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit.
   "network": "A String", # URL of the network resource for this firewall rule. If not specified when creating a firewall rule, the default network is used: global/networks/default If you choose to specify this field, you can specify the network as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/myproject/global/networks/my-network - projects/myproject/global/networks/my-network - global/networks/default
   "priority": 42, # Priority for this rule. This is an integer between `0` and `65535`, both inclusive. The default value is `1000`. Relative priorities determine which rule takes effect if multiple rules apply. Lower values indicate higher priority. For example, a rule with priority `0` has higher precedence than a rule with priority `1`. DENY rules take precedence over ALLOW rules if they have equal priority. Note that VPC networks have implied rules with a priority of `65535`. To avoid conflicts with the implied rules, use a priority number less than `65535`.
   "selfLink": "A String", # [Output Only] Server-defined URL for the resource.
@@ -273,7 +273,7 @@ 
Method Details

     "enable": True or False, # This field denotes whether to enable logging for a particular firewall rule.
     "metadata": "A String", # This field can only be specified for a particular firewall rule if logging is enabled for that rule. This field denotes whether to include or exclude metadata for firewall logs.
   },
-  "name": "A String", # Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?`. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit.
+  "name": "A String", # Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])?. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit.
   "network": "A String", # URL of the network resource for this firewall rule. If not specified when creating a firewall rule, the default network is used: global/networks/default If you choose to specify this field, you can specify the network as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/myproject/global/networks/my-network - projects/myproject/global/networks/my-network - global/networks/default
   "priority": 42, # Priority for this rule. This is an integer between `0` and `65535`, both inclusive. The default value is `1000`. Relative priorities determine which rule takes effect if multiple rules apply. Lower values indicate higher priority. For example, a rule with priority `0` has higher precedence than a rule with priority `1`. DENY rules take precedence over ALLOW rules if they have equal priority. Note that VPC networks have implied rules with a priority of `65535`. To avoid conflicts with the implied rules, use a priority number less than `65535`.
   "selfLink": "A String", # [Output Only] Server-defined URL for the resource.
@@ -402,7 +402,7 @@ 
Method Details

         "enable": True or False, # This field denotes whether to enable logging for a particular firewall rule.
         "metadata": "A String", # This field can only be specified for a particular firewall rule if logging is enabled for that rule. This field denotes whether to include or exclude metadata for firewall logs.
       },
-      "name": "A String", # Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?`. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit.
+      "name": "A String", # Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])?. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit.
       "network": "A String", # URL of the network resource for this firewall rule. If not specified when creating a firewall rule, the default network is used: global/networks/default If you choose to specify this field, you can specify the network as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/myproject/global/networks/my-network - projects/myproject/global/networks/my-network - global/networks/default
       "priority": 42, # Priority for this rule. This is an integer between `0` and `65535`, both inclusive. The default value is `1000`. Relative priorities determine which rule takes effect if multiple rules apply. Lower values indicate higher priority. For example, a rule with priority `0` has higher precedence than a rule with priority `1`. DENY rules take precedence over ALLOW rules if they have equal priority. Note that VPC networks have implied rules with a priority of `65535`. To avoid conflicts with the implied rules, use a priority number less than `65535`.
       "selfLink": "A String", # [Output Only] Server-defined URL for the resource.
@@ -493,7 +493,7 @@ 
Method Details

     "enable": True or False, # This field denotes whether to enable logging for a particular firewall rule.
     "metadata": "A String", # This field can only be specified for a particular firewall rule if logging is enabled for that rule. This field denotes whether to include or exclude metadata for firewall logs.
   },
-  "name": "A String", # Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?`. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit.
+  "name": "A String", # Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])?. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit.
   "network": "A String", # URL of the network resource for this firewall rule. If not specified when creating a firewall rule, the default network is used: global/networks/default If you choose to specify this field, you can specify the network as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/myproject/global/networks/my-network - projects/myproject/global/networks/my-network - global/networks/default
   "priority": 42, # Priority for this rule. This is an integer between `0` and `65535`, both inclusive. The default value is `1000`. Relative priorities determine which rule takes effect if multiple rules apply. Lower values indicate higher priority. For example, a rule with priority `0` has higher precedence than a rule with priority `1`. DENY rules take precedence over ALLOW rules if they have equal priority. Note that VPC networks have implied rules with a priority of `65535`. To avoid conflicts with the implied rules, use a priority number less than `65535`.
   "selfLink": "A String", # [Output Only] Server-defined URL for the resource.
@@ -610,7 +610,7 @@ 
Method Details

     "enable": True or False, # This field denotes whether to enable logging for a particular firewall rule.
     "metadata": "A String", # This field can only be specified for a particular firewall rule if logging is enabled for that rule. This field denotes whether to include or exclude metadata for firewall logs.
   },
-  "name": "A String", # Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?`. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit.
+  "name": "A String", # Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])?. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit.
   "network": "A String", # URL of the network resource for this firewall rule. If not specified when creating a firewall rule, the default network is used: global/networks/default If you choose to specify this field, you can specify the network as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/myproject/global/networks/my-network - projects/myproject/global/networks/my-network - global/networks/default
   "priority": 42, # Priority for this rule. This is an integer between `0` and `65535`, both inclusive. The default value is `1000`. Relative priorities determine which rule takes effect if multiple rules apply. Lower values indicate higher priority. For example, a rule with priority `0` has higher precedence than a rule with priority `1`. DENY rules take precedence over ALLOW rules if they have equal priority. Note that VPC networks have implied rules with a priority of `65535`. To avoid conflicts with the implied rules, use a priority number less than `65535`.
   "selfLink": "A String", # [Output Only] Server-defined URL for the resource.
diff --git a/docs/dyn/compute_v1.instanceTemplates.html b/docs/dyn/compute_v1.instanceTemplates.html
index 29e1a4c38b1..bf76bb25be9 100644
--- a/docs/dyn/compute_v1.instanceTemplates.html
+++ b/docs/dyn/compute_v1.instanceTemplates.html
@@ -192,12 +192,12 @@ 
Method Details

   "kind": "compute#instanceTemplate", # [Output Only] The resource type, which is always compute#instanceTemplate for instance templates.
   "name": "A String", # Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
   "properties": { # The instance properties for this instance template.
-    "advancedMachineFeatures": { # Specifies options for controlling advanced machine features. Options that would traditionally be configured in a BIOS belong here. Features that require operating system support may have corresponding entries in the GuestOsFeatures of an Image (e.g., whether or not the OS in the Image supports nested virtualization being enabled or disabled). # Controls for advanced machine-related behavior features. Note that for MachineImage, this is not supported yet.
+    "advancedMachineFeatures": { # Specifies options for controlling advanced machine features. Options that would traditionally be configured in a BIOS belong here. Features that require operating system support may have corresponding entries in the GuestOsFeatures of an Image (e.g., whether or not the OS in the Image supports nested virtualization being enabled or disabled). # Controls for advanced machine-related behavior features.
       "enableNestedVirtualization": True or False, # Whether to enable nested virtualization or not (default is false).
       "threadsPerCore": 42, # The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.
     },
     "canIpForward": True or False, # Enables instances created based on these properties to send packets with source IP addresses other than their own and receive packets with destination IP addresses other than their own. If these instances will be used as an IP gateway or it will be set as the next-hop in a Route resource, specify true. If unsure, leave this set to false. See the Enable IP forwarding documentation for more information.
-    "confidentialInstanceConfig": { # A set of Confidential Instance options. # Specifies the Confidential Instance options. Note that for MachineImage, this is not supported yet.
+    "confidentialInstanceConfig": { # A set of Confidential Instance options. # Specifies the Confidential Instance options.
       "enableConfidentialCompute": True or False, # Defines whether the instance should have confidential compute enabled.
     },
     "description": "A String", # An optional text description for the instances that are created from these properties.
@@ -315,8 +315,8 @@ 
Method Details

             "name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access.
             "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
             "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
-            "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
-            "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+            "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
+            "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
             "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
           },
         ],
@@ -335,8 +335,8 @@ 
Method Details

             "name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access.
             "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
             "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
-            "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
-            "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+            "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
+            "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
             "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
           },
         ],
@@ -352,15 +352,15 @@ 
Method Details

         "subnetwork": "A String", # The URL of the Subnetwork resource for this instance. If the network resource is in legacy mode, do not specify this field. If the network is in auto subnet mode, specifying the subnetwork is optional. If the network is in custom subnet mode, specifying the subnetwork is required. If you specify this field, you can specify the subnetwork as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/project/regions/region /subnetworks/subnetwork - regions/region/subnetworks/subnetwork
       },
     ],
-    "privateIpv6GoogleAccess": "A String", # The private IPv6 google access type for VMs. If not specified, use INHERIT_FROM_SUBNETWORK as default. Note that for MachineImage, this is not supported yet.
-    "reservationAffinity": { # Specifies the reservations that this instance can consume from. # Specifies the reservations that instances can consume from. Note that for MachineImage, this is not supported yet.
+    "privateIpv6GoogleAccess": "A String", # The private IPv6 google access type for VMs. If not specified, use INHERIT_FROM_SUBNETWORK as default.
+    "reservationAffinity": { # Specifies the reservations that this instance can consume from. # Specifies the reservations that instances can consume from.
       "consumeReservationType": "A String", # Specifies the type of reservation from which this instance can consume resources: ANY_RESERVATION (default), SPECIFIC_RESERVATION, or NO_RESERVATION. See Consuming reserved instances for examples.
       "key": "A String", # Corresponds to the label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify googleapis.com/reservation-name as the key and specify the name of your reservation as its value.
       "values": [ # Corresponds to the label values of a reservation resource. This can be either a name to a reservation in the same project or "projects/different-project/reservations/some-reservation-name" to target a shared reservation in the same zone but in a different project.
         "A String",
       ],
     },
-    "resourcePolicies": [ # Resource policies (names, not ULRs) applied to instances created from these properties. Note that for MachineImage, this is not supported yet.
+    "resourcePolicies": [ # Resource policies (names, not ULRs) applied to instances created from these properties.
       "A String",
     ],
     "scheduling": { # Sets the scheduling options for an Instance. NextID: 21 # Specifies the scheduling options for the instances that are created from these properties.
@@ -387,7 +387,7 @@ 
Method Details

         ],
       },
     ],
-    "shieldedInstanceConfig": { # A set of Shielded Instance options. # Note that for MachineImage, this is not supported yet.
+    "shieldedInstanceConfig": { # A set of Shielded Instance options.
       "enableIntegrityMonitoring": True or False, # Defines whether the instance has integrity monitoring enabled. Enabled by default.
       "enableSecureBoot": True or False, # Defines whether the instance has Secure Boot enabled. Disabled by default.
       "enableVtpm": True or False, # Defines whether the instance has the vTPM enabled. Enabled by default.
@@ -534,12 +534,12 @@ 
Method Details

   "kind": "compute#instanceTemplate", # [Output Only] The resource type, which is always compute#instanceTemplate for instance templates.
   "name": "A String", # Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
   "properties": { # The instance properties for this instance template.
-    "advancedMachineFeatures": { # Specifies options for controlling advanced machine features. Options that would traditionally be configured in a BIOS belong here. Features that require operating system support may have corresponding entries in the GuestOsFeatures of an Image (e.g., whether or not the OS in the Image supports nested virtualization being enabled or disabled). # Controls for advanced machine-related behavior features. Note that for MachineImage, this is not supported yet.
+    "advancedMachineFeatures": { # Specifies options for controlling advanced machine features. Options that would traditionally be configured in a BIOS belong here. Features that require operating system support may have corresponding entries in the GuestOsFeatures of an Image (e.g., whether or not the OS in the Image supports nested virtualization being enabled or disabled). # Controls for advanced machine-related behavior features.
       "enableNestedVirtualization": True or False, # Whether to enable nested virtualization or not (default is false).
       "threadsPerCore": 42, # The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.
     },
     "canIpForward": True or False, # Enables instances created based on these properties to send packets with source IP addresses other than their own and receive packets with destination IP addresses other than their own. If these instances will be used as an IP gateway or it will be set as the next-hop in a Route resource, specify true. If unsure, leave this set to false. See the Enable IP forwarding documentation for more information.
-    "confidentialInstanceConfig": { # A set of Confidential Instance options. # Specifies the Confidential Instance options. Note that for MachineImage, this is not supported yet.
+    "confidentialInstanceConfig": { # A set of Confidential Instance options. # Specifies the Confidential Instance options.
       "enableConfidentialCompute": True or False, # Defines whether the instance should have confidential compute enabled.
     },
     "description": "A String", # An optional text description for the instances that are created from these properties.
@@ -657,8 +657,8 @@ 
Method Details

             "name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access.
             "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
             "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
-            "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
-            "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+            "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
+            "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
             "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
           },
         ],
@@ -677,8 +677,8 @@ 
Method Details

             "name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access.
             "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
             "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
-            "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
-            "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+            "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
+            "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
             "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
           },
         ],
@@ -694,15 +694,15 @@ 
Method Details

         "subnetwork": "A String", # The URL of the Subnetwork resource for this instance. If the network resource is in legacy mode, do not specify this field. If the network is in auto subnet mode, specifying the subnetwork is optional. If the network is in custom subnet mode, specifying the subnetwork is required. If you specify this field, you can specify the subnetwork as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/project/regions/region /subnetworks/subnetwork - regions/region/subnetworks/subnetwork
       },
     ],
-    "privateIpv6GoogleAccess": "A String", # The private IPv6 google access type for VMs. If not specified, use INHERIT_FROM_SUBNETWORK as default. Note that for MachineImage, this is not supported yet.
-    "reservationAffinity": { # Specifies the reservations that this instance can consume from. # Specifies the reservations that instances can consume from. Note that for MachineImage, this is not supported yet.
+    "privateIpv6GoogleAccess": "A String", # The private IPv6 google access type for VMs. If not specified, use INHERIT_FROM_SUBNETWORK as default.
+    "reservationAffinity": { # Specifies the reservations that this instance can consume from. # Specifies the reservations that instances can consume from.
       "consumeReservationType": "A String", # Specifies the type of reservation from which this instance can consume resources: ANY_RESERVATION (default), SPECIFIC_RESERVATION, or NO_RESERVATION. See Consuming reserved instances for examples.
       "key": "A String", # Corresponds to the label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify googleapis.com/reservation-name as the key and specify the name of your reservation as its value.
       "values": [ # Corresponds to the label values of a reservation resource. This can be either a name to a reservation in the same project or "projects/different-project/reservations/some-reservation-name" to target a shared reservation in the same zone but in a different project.
         "A String",
       ],
     },
-    "resourcePolicies": [ # Resource policies (names, not ULRs) applied to instances created from these properties. Note that for MachineImage, this is not supported yet.
+    "resourcePolicies": [ # Resource policies (names, not ULRs) applied to instances created from these properties.
       "A String",
     ],
     "scheduling": { # Sets the scheduling options for an Instance. NextID: 21 # Specifies the scheduling options for the instances that are created from these properties.
@@ -729,7 +729,7 @@ 
Method Details

         ],
       },
     ],
-    "shieldedInstanceConfig": { # A set of Shielded Instance options. # Note that for MachineImage, this is not supported yet.
+    "shieldedInstanceConfig": { # A set of Shielded Instance options.
       "enableIntegrityMonitoring": True or False, # Defines whether the instance has integrity monitoring enabled. Enabled by default.
       "enableSecureBoot": True or False, # Defines whether the instance has Secure Boot enabled. Disabled by default.
       "enableVtpm": True or False, # Defines whether the instance has the vTPM enabled. Enabled by default.
@@ -840,12 +840,12 @@ 
Method Details

       "kind": "compute#instanceTemplate", # [Output Only] The resource type, which is always compute#instanceTemplate for instance templates.
       "name": "A String", # Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
       "properties": { # The instance properties for this instance template.
-        "advancedMachineFeatures": { # Specifies options for controlling advanced machine features. Options that would traditionally be configured in a BIOS belong here. Features that require operating system support may have corresponding entries in the GuestOsFeatures of an Image (e.g., whether or not the OS in the Image supports nested virtualization being enabled or disabled). # Controls for advanced machine-related behavior features. Note that for MachineImage, this is not supported yet.
+        "advancedMachineFeatures": { # Specifies options for controlling advanced machine features. Options that would traditionally be configured in a BIOS belong here. Features that require operating system support may have corresponding entries in the GuestOsFeatures of an Image (e.g., whether or not the OS in the Image supports nested virtualization being enabled or disabled). # Controls for advanced machine-related behavior features.
           "enableNestedVirtualization": True or False, # Whether to enable nested virtualization or not (default is false).
           "threadsPerCore": 42, # The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.
         },
         "canIpForward": True or False, # Enables instances created based on these properties to send packets with source IP addresses other than their own and receive packets with destination IP addresses other than their own. If these instances will be used as an IP gateway or it will be set as the next-hop in a Route resource, specify true. If unsure, leave this set to false. See the Enable IP forwarding documentation for more information.
-        "confidentialInstanceConfig": { # A set of Confidential Instance options. # Specifies the Confidential Instance options. Note that for MachineImage, this is not supported yet.
+        "confidentialInstanceConfig": { # A set of Confidential Instance options. # Specifies the Confidential Instance options.
           "enableConfidentialCompute": True or False, # Defines whether the instance should have confidential compute enabled.
         },
         "description": "A String", # An optional text description for the instances that are created from these properties.
@@ -963,8 +963,8 @@ 
Method Details

                 "name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access.
                 "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
                 "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
-                "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
-                "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+                "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
+                "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
                 "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
               },
             ],
@@ -983,8 +983,8 @@ 
Method Details

                 "name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access.
                 "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
                 "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
-                "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
-                "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+                "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
+                "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
                 "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
               },
             ],
@@ -1000,15 +1000,15 @@ 
Method Details

             "subnetwork": "A String", # The URL of the Subnetwork resource for this instance. If the network resource is in legacy mode, do not specify this field. If the network is in auto subnet mode, specifying the subnetwork is optional. If the network is in custom subnet mode, specifying the subnetwork is required. If you specify this field, you can specify the subnetwork as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/project/regions/region /subnetworks/subnetwork - regions/region/subnetworks/subnetwork
           },
         ],
-        "privateIpv6GoogleAccess": "A String", # The private IPv6 google access type for VMs. If not specified, use INHERIT_FROM_SUBNETWORK as default. Note that for MachineImage, this is not supported yet.
-        "reservationAffinity": { # Specifies the reservations that this instance can consume from. # Specifies the reservations that instances can consume from. Note that for MachineImage, this is not supported yet.
+        "privateIpv6GoogleAccess": "A String", # The private IPv6 google access type for VMs. If not specified, use INHERIT_FROM_SUBNETWORK as default.
+        "reservationAffinity": { # Specifies the reservations that this instance can consume from. # Specifies the reservations that instances can consume from.
           "consumeReservationType": "A String", # Specifies the type of reservation from which this instance can consume resources: ANY_RESERVATION (default), SPECIFIC_RESERVATION, or NO_RESERVATION. See Consuming reserved instances for examples.
           "key": "A String", # Corresponds to the label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify googleapis.com/reservation-name as the key and specify the name of your reservation as its value.
           "values": [ # Corresponds to the label values of a reservation resource. This can be either a name to a reservation in the same project or "projects/different-project/reservations/some-reservation-name" to target a shared reservation in the same zone but in a different project.
             "A String",
           ],
         },
-        "resourcePolicies": [ # Resource policies (names, not ULRs) applied to instances created from these properties. Note that for MachineImage, this is not supported yet.
+        "resourcePolicies": [ # Resource policies (names, not ULRs) applied to instances created from these properties.
           "A String",
         ],
         "scheduling": { # Sets the scheduling options for an Instance. NextID: 21 # Specifies the scheduling options for the instances that are created from these properties.
@@ -1035,7 +1035,7 @@ 
Method Details

             ],
           },
         ],
-        "shieldedInstanceConfig": { # A set of Shielded Instance options. # Note that for MachineImage, this is not supported yet.
+        "shieldedInstanceConfig": { # A set of Shielded Instance options.
           "enableIntegrityMonitoring": True or False, # Defines whether the instance has integrity monitoring enabled. Enabled by default.
           "enableSecureBoot": True or False, # Defines whether the instance has Secure Boot enabled. Disabled by default.
           "enableVtpm": True or False, # Defines whether the instance has the vTPM enabled. Enabled by default.
diff --git a/docs/dyn/compute_v1.instances.html b/docs/dyn/compute_v1.instances.html
index d251b631498..cebcdff5c0e 100644
--- a/docs/dyn/compute_v1.instances.html
+++ b/docs/dyn/compute_v1.instances.html
@@ -235,8 +235,8 @@ 
Method Details

   "name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access.
   "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
   "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
-  "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
-  "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+  "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
+  "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
   "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
 }
 
@@ -533,8 +533,8 @@ 
Method Details

                   "name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access.
                   "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
                   "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
-                  "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
-                  "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+                  "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
+                  "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
                   "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
                 },
               ],
@@ -553,8 +553,8 @@ 
Method Details

                   "name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access.
                   "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
                   "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
-                  "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
-                  "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+                  "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
+                  "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
                   "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
                 },
               ],
@@ -835,12 +835,12 @@ 
Method Details

 { # A transient resource used in compute.instances.bulkInsert and compute.regionInstances.bulkInsert . This resource is not persisted anywhere, it is used only for processing the requests.
   "count": "A String", # The maximum number of instances to create.
   "instanceProperties": { # The instance properties defining the VM instances to be created. Required if sourceInstanceTemplate is not provided.
-    "advancedMachineFeatures": { # Specifies options for controlling advanced machine features. Options that would traditionally be configured in a BIOS belong here. Features that require operating system support may have corresponding entries in the GuestOsFeatures of an Image (e.g., whether or not the OS in the Image supports nested virtualization being enabled or disabled). # Controls for advanced machine-related behavior features. Note that for MachineImage, this is not supported yet.
+    "advancedMachineFeatures": { # Specifies options for controlling advanced machine features. Options that would traditionally be configured in a BIOS belong here. Features that require operating system support may have corresponding entries in the GuestOsFeatures of an Image (e.g., whether or not the OS in the Image supports nested virtualization being enabled or disabled). # Controls for advanced machine-related behavior features.
       "enableNestedVirtualization": True or False, # Whether to enable nested virtualization or not (default is false).
       "threadsPerCore": 42, # The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.
     },
     "canIpForward": True or False, # Enables instances created based on these properties to send packets with source IP addresses other than their own and receive packets with destination IP addresses other than their own. If these instances will be used as an IP gateway or it will be set as the next-hop in a Route resource, specify true. If unsure, leave this set to false. See the Enable IP forwarding documentation for more information.
-    "confidentialInstanceConfig": { # A set of Confidential Instance options. # Specifies the Confidential Instance options. Note that for MachineImage, this is not supported yet.
+    "confidentialInstanceConfig": { # A set of Confidential Instance options. # Specifies the Confidential Instance options.
       "enableConfidentialCompute": True or False, # Defines whether the instance should have confidential compute enabled.
     },
     "description": "A String", # An optional text description for the instances that are created from these properties.
@@ -958,8 +958,8 @@ 
Method Details

             "name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access.
             "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
             "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
-            "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
-            "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+            "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
+            "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
             "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
           },
         ],
@@ -978,8 +978,8 @@ 
Method Details

             "name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access.
             "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
             "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
-            "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
-            "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+            "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
+            "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
             "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
           },
         ],
@@ -995,15 +995,15 @@ 
Method Details

         "subnetwork": "A String", # The URL of the Subnetwork resource for this instance. If the network resource is in legacy mode, do not specify this field. If the network is in auto subnet mode, specifying the subnetwork is optional. If the network is in custom subnet mode, specifying the subnetwork is required. If you specify this field, you can specify the subnetwork as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/project/regions/region /subnetworks/subnetwork - regions/region/subnetworks/subnetwork
       },
     ],
-    "privateIpv6GoogleAccess": "A String", # The private IPv6 google access type for VMs. If not specified, use INHERIT_FROM_SUBNETWORK as default. Note that for MachineImage, this is not supported yet.
-    "reservationAffinity": { # Specifies the reservations that this instance can consume from. # Specifies the reservations that instances can consume from. Note that for MachineImage, this is not supported yet.
+    "privateIpv6GoogleAccess": "A String", # The private IPv6 google access type for VMs. If not specified, use INHERIT_FROM_SUBNETWORK as default.
+    "reservationAffinity": { # Specifies the reservations that this instance can consume from. # Specifies the reservations that instances can consume from.
       "consumeReservationType": "A String", # Specifies the type of reservation from which this instance can consume resources: ANY_RESERVATION (default), SPECIFIC_RESERVATION, or NO_RESERVATION. See Consuming reserved instances for examples.
       "key": "A String", # Corresponds to the label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify googleapis.com/reservation-name as the key and specify the name of your reservation as its value.
       "values": [ # Corresponds to the label values of a reservation resource. This can be either a name to a reservation in the same project or "projects/different-project/reservations/some-reservation-name" to target a shared reservation in the same zone but in a different project.
         "A String",
       ],
     },
-    "resourcePolicies": [ # Resource policies (names, not ULRs) applied to instances created from these properties. Note that for MachineImage, this is not supported yet.
+    "resourcePolicies": [ # Resource policies (names, not ULRs) applied to instances created from these properties.
       "A String",
     ],
     "scheduling": { # Sets the scheduling options for an Instance. NextID: 21 # Specifies the scheduling options for the instances that are created from these properties.
@@ -1030,7 +1030,7 @@ 
Method Details

         ],
       },
     ],
-    "shieldedInstanceConfig": { # A set of Shielded Instance options. # Note that for MachineImage, this is not supported yet.
+    "shieldedInstanceConfig": { # A set of Shielded Instance options.
       "enableIntegrityMonitoring": True or False, # Defines whether the instance has integrity monitoring enabled. Enabled by default.
       "enableSecureBoot": True or False, # Defines whether the instance has Secure Boot enabled. Disabled by default.
       "enableVtpm": True or False, # Defines whether the instance has the vTPM enabled. Enabled by default.
@@ -1470,8 +1470,8 @@ 
Method Details

           "name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access.
           "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
           "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
-          "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
-          "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+          "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
+          "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
           "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
         },
       ],
@@ -1490,8 +1490,8 @@ 
Method Details

           "name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access.
           "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
           "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
-          "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
-          "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+          "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
+          "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
           "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
         },
       ],
@@ -1656,7 +1656,7 @@ 
Method Details

         "enable": True or False, # This field denotes whether to enable logging for a particular firewall rule.
         "metadata": "A String", # This field can only be specified for a particular firewall rule if logging is enabled for that rule. This field denotes whether to include or exclude metadata for firewall logs.
       },
-      "name": "A String", # Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?`. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit.
+      "name": "A String", # Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])?. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit.
       "network": "A String", # URL of the network resource for this firewall rule. If not specified when creating a firewall rule, the default network is used: global/networks/default If you choose to specify this field, you can specify the network as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/myproject/global/networks/my-network - projects/myproject/global/networks/my-network - global/networks/default
       "priority": 42, # Priority for this rule. This is an integer between `0` and `65535`, both inclusive. The default value is `1000`. Relative priorities determine which rule takes effect if multiple rules apply. Lower values indicate higher priority. For example, a rule with priority `0` has higher precedence than a rule with priority `1`. DENY rules take precedence over ALLOW rules if they have equal priority. Note that VPC networks have implied rules with a priority of `65535`. To avoid conflicts with the implied rules, use a priority number less than `65535`.
       "selfLink": "A String", # [Output Only] Server-defined URL for the resource.
@@ -2048,8 +2048,8 @@ 
Method Details

           "name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access.
           "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
           "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
-          "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
-          "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+          "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
+          "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
           "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
         },
       ],
@@ -2068,8 +2068,8 @@ 
Method Details

           "name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access.
           "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
           "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
-          "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
-          "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+          "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
+          "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
           "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
         },
       ],
@@ -2361,8 +2361,8 @@ 
Method Details

               "name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access.
               "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
               "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
-              "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
-              "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+              "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
+              "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
               "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
             },
           ],
@@ -2381,8 +2381,8 @@ 
Method Details

               "name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access.
               "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
               "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
-              "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
-              "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+              "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
+              "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
               "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
             },
           ],
@@ -4169,8 +4169,8 @@ 
Method Details

           "name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access.
           "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
           "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
-          "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
-          "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+          "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
+          "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
           "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
         },
       ],
@@ -4189,8 +4189,8 @@ 
Method Details

           "name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access.
           "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
           "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
-          "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
-          "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+          "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
+          "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
           "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
         },
       ],
@@ -4350,8 +4350,8 @@ 
Method Details

   "name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access.
   "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
   "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
-  "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
-  "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+  "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
+  "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
   "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
 }
 
@@ -4503,8 +4503,8 @@ 
Method Details

       "name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access.
       "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
       "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
-      "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
-      "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+      "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
+      "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
       "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
     },
   ],
@@ -4523,8 +4523,8 @@ 
Method Details

       "name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access.
       "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
       "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
-      "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
-      "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+      "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
+      "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
       "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
     },
   ],
diff --git a/docs/dyn/compute_v1.networks.html b/docs/dyn/compute_v1.networks.html
index 0602274cd1a..0709dae00fd 100644
--- a/docs/dyn/compute_v1.networks.html
+++ b/docs/dyn/compute_v1.networks.html
@@ -409,7 +409,7 @@ 
Method Details

         "enable": True or False, # This field denotes whether to enable logging for a particular firewall rule.
         "metadata": "A String", # This field can only be specified for a particular firewall rule if logging is enabled for that rule. This field denotes whether to include or exclude metadata for firewall logs.
       },
-      "name": "A String", # Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?`. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit.
+      "name": "A String", # Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])?. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit.
       "network": "A String", # URL of the network resource for this firewall rule. If not specified when creating a firewall rule, the default network is used: global/networks/default If you choose to specify this field, you can specify the network as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/myproject/global/networks/my-network - projects/myproject/global/networks/my-network - global/networks/default
       "priority": 42, # Priority for this rule. This is an integer between `0` and `65535`, both inclusive. The default value is `1000`. Relative priorities determine which rule takes effect if multiple rules apply. Lower values indicate higher priority. For example, a rule with priority `0` has higher precedence than a rule with priority `1`. DENY rules take precedence over ALLOW rules if they have equal priority. Note that VPC networks have implied rules with a priority of `65535`. To avoid conflicts with the implied rules, use a priority number less than `65535`.
       "selfLink": "A String", # [Output Only] Server-defined URL for the resource.
diff --git a/docs/dyn/compute_v1.regionBackendServices.html b/docs/dyn/compute_v1.regionBackendServices.html
index a9e9b5472d2..369c789813e 100644
--- a/docs/dyn/compute_v1.regionBackendServices.html
+++ b/docs/dyn/compute_v1.regionBackendServices.html
@@ -223,7 +223,7 @@ 
Method Details

       ],
     },
     "cacheMode": "A String", # Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS Requires the origin to set valid caching headers to cache content. Responses without these headers will not be cached at Google's edge, and will require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server. FORCE_CACHE_ALL Cache all content, ignoring any "private", "no-store" or "no-cache" directives in Cache-Control response headers. Warning: this may result in Cloud CDN caching private, per-user (user identifiable) content. CACHE_ALL_STATIC Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), will not be cached.
-    "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 31,622,400s (1 year).
+    "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 86400s (1 day).
     "defaultTtl": 42, # Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). Setting a TTL of "0" means "always revalidate". The value of defaultTTL cannot be set to a value greater than that of maxTTL, but can be equal. When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
     "maxTtl": 42, # Specifies the maximum allowed TTL for cached content served by this origin. Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTTL seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. Headers sent to the client will not be modified. Setting a TTL of "0" means "always revalidate". The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
     "negativeCaching": True or False, # Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. When the cache mode is set to CACHE_ALL_STATIC or USE_ORIGIN_HEADERS, negative caching applies to responses with the specified response code that lack any Cache-Control, Expires, or Pragma: no-cache directives. When the cache mode is set to FORCE_CACHE_ALL, negative caching applies to all responses with the specified response code, and override any caching headers. By default, Cloud CDN will apply the following default TTLs to these status codes: HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s HTTP 405 (Method Not Found), 421 (Misdirected Request), 501 (Not Implemented): 60s. These defaults can be overridden in negative_caching_policy.
@@ -431,7 +431,7 @@ 
Method Details

       ],
     },
     "cacheMode": "A String", # Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS Requires the origin to set valid caching headers to cache content. Responses without these headers will not be cached at Google's edge, and will require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server. FORCE_CACHE_ALL Cache all content, ignoring any "private", "no-store" or "no-cache" directives in Cache-Control response headers. Warning: this may result in Cloud CDN caching private, per-user (user identifiable) content. CACHE_ALL_STATIC Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), will not be cached.
-    "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 31,622,400s (1 year).
+    "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 86400s (1 day).
     "defaultTtl": 42, # Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). Setting a TTL of "0" means "always revalidate". The value of defaultTTL cannot be set to a value greater than that of maxTTL, but can be equal. When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
     "maxTtl": 42, # Specifies the maximum allowed TTL for cached content served by this origin. Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTTL seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. Headers sent to the client will not be modified. Setting a TTL of "0" means "always revalidate". The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
     "negativeCaching": True or False, # Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. When the cache mode is set to CACHE_ALL_STATIC or USE_ORIGIN_HEADERS, negative caching applies to responses with the specified response code that lack any Cache-Control, Expires, or Pragma: no-cache directives. When the cache mode is set to FORCE_CACHE_ALL, negative caching applies to all responses with the specified response code, and override any caching headers. By default, Cloud CDN will apply the following default TTLs to these status codes: HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s HTTP 405 (Method Not Found), 421 (Misdirected Request), 501 (Not Implemented): 60s. These defaults can be overridden in negative_caching_policy.
@@ -661,7 +661,7 @@ 
Method Details

           ],
         },
         "cacheMode": "A String", # Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS Requires the origin to set valid caching headers to cache content. Responses without these headers will not be cached at Google's edge, and will require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server. FORCE_CACHE_ALL Cache all content, ignoring any "private", "no-store" or "no-cache" directives in Cache-Control response headers. Warning: this may result in Cloud CDN caching private, per-user (user identifiable) content. CACHE_ALL_STATIC Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), will not be cached.
-        "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 31,622,400s (1 year).
+        "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 86400s (1 day).
         "defaultTtl": 42, # Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). Setting a TTL of "0" means "always revalidate". The value of defaultTTL cannot be set to a value greater than that of maxTTL, but can be equal. When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
         "maxTtl": 42, # Specifies the maximum allowed TTL for cached content served by this origin. Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTTL seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. Headers sent to the client will not be modified. Setting a TTL of "0" means "always revalidate". The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
         "negativeCaching": True or False, # Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. When the cache mode is set to CACHE_ALL_STATIC or USE_ORIGIN_HEADERS, negative caching applies to responses with the specified response code that lack any Cache-Control, Expires, or Pragma: no-cache directives. When the cache mode is set to FORCE_CACHE_ALL, negative caching applies to all responses with the specified response code, and override any caching headers. By default, Cloud CDN will apply the following default TTLs to these status codes: HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s HTTP 405 (Method Not Found), 421 (Misdirected Request), 501 (Not Implemented): 60s. These defaults can be overridden in negative_caching_policy.
@@ -853,7 +853,7 @@ 
Method Details

       ],
     },
     "cacheMode": "A String", # Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS Requires the origin to set valid caching headers to cache content. Responses without these headers will not be cached at Google's edge, and will require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server. FORCE_CACHE_ALL Cache all content, ignoring any "private", "no-store" or "no-cache" directives in Cache-Control response headers. Warning: this may result in Cloud CDN caching private, per-user (user identifiable) content. CACHE_ALL_STATIC Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), will not be cached.
-    "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 31,622,400s (1 year).
+    "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 86400s (1 day).
     "defaultTtl": 42, # Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). Setting a TTL of "0" means "always revalidate". The value of defaultTTL cannot be set to a value greater than that of maxTTL, but can be equal. When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
     "maxTtl": 42, # Specifies the maximum allowed TTL for cached content served by this origin. Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTTL seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. Headers sent to the client will not be modified. Setting a TTL of "0" means "always revalidate". The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
     "negativeCaching": True or False, # Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. When the cache mode is set to CACHE_ALL_STATIC or USE_ORIGIN_HEADERS, negative caching applies to responses with the specified response code that lack any Cache-Control, Expires, or Pragma: no-cache directives. When the cache mode is set to FORCE_CACHE_ALL, negative caching applies to all responses with the specified response code, and override any caching headers. By default, Cloud CDN will apply the following default TTLs to these status codes: HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s HTTP 405 (Method Not Found), 421 (Misdirected Request), 501 (Not Implemented): 60s. These defaults can be overridden in negative_caching_policy.
@@ -1071,7 +1071,7 @@ 
Method Details

       ],
     },
     "cacheMode": "A String", # Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS Requires the origin to set valid caching headers to cache content. Responses without these headers will not be cached at Google's edge, and will require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server. FORCE_CACHE_ALL Cache all content, ignoring any "private", "no-store" or "no-cache" directives in Cache-Control response headers. Warning: this may result in Cloud CDN caching private, per-user (user identifiable) content. CACHE_ALL_STATIC Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), will not be cached.
-    "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 31,622,400s (1 year).
+    "clientTtl": 42, # Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a "public" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a "public" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 86400s (1 day).
     "defaultTtl": 42, # Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). Setting a TTL of "0" means "always revalidate". The value of defaultTTL cannot be set to a value greater than that of maxTTL, but can be equal. When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
     "maxTtl": 42, # Specifies the maximum allowed TTL for cached content served by this origin. Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTTL seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. Headers sent to the client will not be modified. Setting a TTL of "0" means "always revalidate". The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
     "negativeCaching": True or False, # Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. When the cache mode is set to CACHE_ALL_STATIC or USE_ORIGIN_HEADERS, negative caching applies to responses with the specified response code that lack any Cache-Control, Expires, or Pragma: no-cache directives. When the cache mode is set to FORCE_CACHE_ALL, negative caching applies to all responses with the specified response code, and override any caching headers. By default, Cloud CDN will apply the following default TTLs to these status codes: HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s HTTP 405 (Method Not Found), 421 (Misdirected Request), 501 (Not Implemented): 60s. These defaults can be overridden in negative_caching_policy.
diff --git a/docs/dyn/compute_v1.regionCommitments.html b/docs/dyn/compute_v1.regionCommitments.html
index 662af97e64d..2199ce6fbe4 100644
--- a/docs/dyn/compute_v1.regionCommitments.html
+++ b/docs/dyn/compute_v1.regionCommitments.html
@@ -146,9 +146,6 @@ 
Method Details

               "name": "A String", # The name of the resource, provided by the client when initially creating the resource. The resource name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
               "satisfiesPzs": True or False, # [Output Only] Reserved for future use.
               "selfLink": "A String", # [Output Only] Server-defined fully-qualified URL for this resource.
-              "shareSettings": { # The share setting for reservations and sole tenancy node groups. # Share-settings for shared-reservation
-                "shareType": "A String", # Type of sharing for this shared-reservation
-              },
               "specificReservation": { # This reservation type allows to pre allocate specific instance configuration. Next ID: 5 # Reservation for instances with specific machine shapes.
                 "count": "A String", # Specifies the number of resources that are allocated.
                 "inUseCount": "A String", # [Output Only] Indicates how many instances are in use.
@@ -280,9 +277,6 @@ 
Method Details

       "name": "A String", # The name of the resource, provided by the client when initially creating the resource. The resource name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
       "satisfiesPzs": True or False, # [Output Only] Reserved for future use.
       "selfLink": "A String", # [Output Only] Server-defined fully-qualified URL for this resource.
-      "shareSettings": { # The share setting for reservations and sole tenancy node groups. # Share-settings for shared-reservation
-        "shareType": "A String", # Type of sharing for this shared-reservation
-      },
       "specificReservation": { # This reservation type allows to pre allocate specific instance configuration. Next ID: 5 # Reservation for instances with specific machine shapes.
         "count": "A String", # Specifies the number of resources that are allocated.
         "inUseCount": "A String", # [Output Only] Indicates how many instances are in use.
@@ -359,9 +353,6 @@ 
Method Details

       "name": "A String", # The name of the resource, provided by the client when initially creating the resource. The resource name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
       "satisfiesPzs": True or False, # [Output Only] Reserved for future use.
       "selfLink": "A String", # [Output Only] Server-defined fully-qualified URL for this resource.
-      "shareSettings": { # The share setting for reservations and sole tenancy node groups. # Share-settings for shared-reservation
-        "shareType": "A String", # Type of sharing for this shared-reservation
-      },
       "specificReservation": { # This reservation type allows to pre allocate specific instance configuration. Next ID: 5 # Reservation for instances with specific machine shapes.
         "count": "A String", # Specifies the number of resources that are allocated.
         "inUseCount": "A String", # [Output Only] Indicates how many instances are in use.
@@ -506,9 +497,6 @@ 
Method Details

           "name": "A String", # The name of the resource, provided by the client when initially creating the resource. The resource name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
           "satisfiesPzs": True or False, # [Output Only] Reserved for future use.
           "selfLink": "A String", # [Output Only] Server-defined fully-qualified URL for this resource.
-          "shareSettings": { # The share setting for reservations and sole tenancy node groups. # Share-settings for shared-reservation
-            "shareType": "A String", # Type of sharing for this shared-reservation
-          },
           "specificReservation": { # This reservation type allows to pre allocate specific instance configuration. Next ID: 5 # Reservation for instances with specific machine shapes.
             "count": "A String", # Specifies the number of resources that are allocated.
             "inUseCount": "A String", # [Output Only] Indicates how many instances are in use.
diff --git a/docs/dyn/compute_v1.regionInstances.html b/docs/dyn/compute_v1.regionInstances.html
index 320ac7202b9..d2d118906b9 100644
--- a/docs/dyn/compute_v1.regionInstances.html
+++ b/docs/dyn/compute_v1.regionInstances.html
@@ -94,12 +94,12 @@ 
Method Details

 { # A transient resource used in compute.instances.bulkInsert and compute.regionInstances.bulkInsert . This resource is not persisted anywhere, it is used only for processing the requests.
   "count": "A String", # The maximum number of instances to create.
   "instanceProperties": { # The instance properties defining the VM instances to be created. Required if sourceInstanceTemplate is not provided.
-    "advancedMachineFeatures": { # Specifies options for controlling advanced machine features. Options that would traditionally be configured in a BIOS belong here. Features that require operating system support may have corresponding entries in the GuestOsFeatures of an Image (e.g., whether or not the OS in the Image supports nested virtualization being enabled or disabled). # Controls for advanced machine-related behavior features. Note that for MachineImage, this is not supported yet.
+    "advancedMachineFeatures": { # Specifies options for controlling advanced machine features. Options that would traditionally be configured in a BIOS belong here. Features that require operating system support may have corresponding entries in the GuestOsFeatures of an Image (e.g., whether or not the OS in the Image supports nested virtualization being enabled or disabled). # Controls for advanced machine-related behavior features.
       "enableNestedVirtualization": True or False, # Whether to enable nested virtualization or not (default is false).
       "threadsPerCore": 42, # The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.
     },
     "canIpForward": True or False, # Enables instances created based on these properties to send packets with source IP addresses other than their own and receive packets with destination IP addresses other than their own. If these instances will be used as an IP gateway or it will be set as the next-hop in a Route resource, specify true. If unsure, leave this set to false. See the Enable IP forwarding documentation for more information.
-    "confidentialInstanceConfig": { # A set of Confidential Instance options. # Specifies the Confidential Instance options. Note that for MachineImage, this is not supported yet.
+    "confidentialInstanceConfig": { # A set of Confidential Instance options. # Specifies the Confidential Instance options.
       "enableConfidentialCompute": True or False, # Defines whether the instance should have confidential compute enabled.
     },
     "description": "A String", # An optional text description for the instances that are created from these properties.
@@ -217,8 +217,8 @@ 
Method Details

             "name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access.
             "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
             "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
-            "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
-            "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+            "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
+            "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
             "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
           },
         ],
@@ -237,8 +237,8 @@ 
Method Details

             "name": "A String", # The name of this access configuration. The default and recommended name is External NAT, but you can use any arbitrary string, such as My external IP or Network Access.
             "natIP": "A String", # An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
             "networkTier": "A String", # This signifies the networking tier used for configuring this access configuration and can only take the following values: PREMIUM, STANDARD. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
-            "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled in accessConfig. If this field is unspecified in ipv6AccessConfig, a default PTR record will be createc for first IP in associated external IPv6 range.
-            "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name. This field is not used in ipv6AccessConfig. A default PTR record will be created if the VM has external IPv6 range associated.
+            "publicPtrDomainName": "A String", # The DNS domain name for the public PTR record. You can set this field only if the `setPublicPtr` field is enabled.
+            "setPublicPtr": True or False, # Specifies whether a public DNS 'PTR' record should be created to map the external IP address of the instance to a DNS domain name.
             "type": "ONE_TO_ONE_NAT", # The type of configuration. The default and only option is ONE_TO_ONE_NAT.
           },
         ],
@@ -254,15 +254,15 @@ 
Method Details

         "subnetwork": "A String", # The URL of the Subnetwork resource for this instance. If the network resource is in legacy mode, do not specify this field. If the network is in auto subnet mode, specifying the subnetwork is optional. If the network is in custom subnet mode, specifying the subnetwork is required. If you specify this field, you can specify the subnetwork as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/project/regions/region /subnetworks/subnetwork - regions/region/subnetworks/subnetwork
       },
     ],
-    "privateIpv6GoogleAccess": "A String", # The private IPv6 google access type for VMs. If not specified, use INHERIT_FROM_SUBNETWORK as default. Note that for MachineImage, this is not supported yet.
-    "reservationAffinity": { # Specifies the reservations that this instance can consume from. # Specifies the reservations that instances can consume from. Note that for MachineImage, this is not supported yet.
+    "privateIpv6GoogleAccess": "A String", # The private IPv6 google access type for VMs. If not specified, use INHERIT_FROM_SUBNETWORK as default.
+    "reservationAffinity": { # Specifies the reservations that this instance can consume from. # Specifies the reservations that instances can consume from.
       "consumeReservationType": "A String", # Specifies the type of reservation from which this instance can consume resources: ANY_RESERVATION (default), SPECIFIC_RESERVATION, or NO_RESERVATION. See Consuming reserved instances for examples.
       "key": "A String", # Corresponds to the label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify googleapis.com/reservation-name as the key and specify the name of your reservation as its value.
       "values": [ # Corresponds to the label values of a reservation resource. This can be either a name to a reservation in the same project or "projects/different-project/reservations/some-reservation-name" to target a shared reservation in the same zone but in a different project.
         "A String",
       ],
     },
-    "resourcePolicies": [ # Resource policies (names, not ULRs) applied to instances created from these properties. Note that for MachineImage, this is not supported yet.
+    "resourcePolicies": [ # Resource policies (names, not ULRs) applied to instances created from these properties.
       "A String",
     ],
     "scheduling": { # Sets the scheduling options for an Instance. NextID: 21 # Specifies the scheduling options for the instances that are created from these properties.
@@ -289,7 +289,7 @@ 
Method Details

         ],
       },
     ],
-    "shieldedInstanceConfig": { # A set of Shielded Instance options. # Note that for MachineImage, this is not supported yet.
+    "shieldedInstanceConfig": { # A set of Shielded Instance options.
       "enableIntegrityMonitoring": True or False, # Defines whether the instance has integrity monitoring enabled. Enabled by default.
       "enableSecureBoot": True or False, # Defines whether the instance has Secure Boot enabled. Disabled by default.
       "enableVtpm": True or False, # Defines whether the instance has the vTPM enabled. Enabled by default.
diff --git a/docs/dyn/compute_v1.reservations.html b/docs/dyn/compute_v1.reservations.html
index b593f80ad6b..332f50bf269 100644
--- a/docs/dyn/compute_v1.reservations.html
+++ b/docs/dyn/compute_v1.reservations.html
@@ -145,9 +145,6 @@ 
Method Details

           "name": "A String", # The name of the resource, provided by the client when initially creating the resource. The resource name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
           "satisfiesPzs": True or False, # [Output Only] Reserved for future use.
           "selfLink": "A String", # [Output Only] Server-defined fully-qualified URL for this resource.
-          "shareSettings": { # The share setting for reservations and sole tenancy node groups. # Share-settings for shared-reservation
-            "shareType": "A String", # Type of sharing for this shared-reservation
-          },
           "specificReservation": { # This reservation type allows to pre allocate specific instance configuration. Next ID: 5 # Reservation for instances with specific machine shapes.
             "count": "A String", # Specifies the number of resources that are allocated.
             "inUseCount": "A String", # [Output Only] Indicates how many instances are in use.
@@ -313,9 +310,6 @@ 
Method Details

   "name": "A String", # The name of the resource, provided by the client when initially creating the resource. The resource name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
   "satisfiesPzs": True or False, # [Output Only] Reserved for future use.
   "selfLink": "A String", # [Output Only] Server-defined fully-qualified URL for this resource.
-  "shareSettings": { # The share setting for reservations and sole tenancy node groups. # Share-settings for shared-reservation
-    "shareType": "A String", # Type of sharing for this shared-reservation
-  },
   "specificReservation": { # This reservation type allows to pre allocate specific instance configuration. Next ID: 5 # Reservation for instances with specific machine shapes.
     "count": "A String", # Specifies the number of resources that are allocated.
     "inUseCount": "A String", # [Output Only] Indicates how many instances are in use.
@@ -467,9 +461,6 @@ 
Method Details

   "name": "A String", # The name of the resource, provided by the client when initially creating the resource. The resource name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
   "satisfiesPzs": True or False, # [Output Only] Reserved for future use.
   "selfLink": "A String", # [Output Only] Server-defined fully-qualified URL for this resource.
-  "shareSettings": { # The share setting for reservations and sole tenancy node groups. # Share-settings for shared-reservation
-    "shareType": "A String", # Type of sharing for this shared-reservation
-  },
   "specificReservation": { # This reservation type allows to pre allocate specific instance configuration. Next ID: 5 # Reservation for instances with specific machine shapes.
     "count": "A String", # Specifies the number of resources that are allocated.
     "inUseCount": "A String", # [Output Only] Indicates how many instances are in use.
@@ -584,9 +575,6 @@ 
Method Details

       "name": "A String", # The name of the resource, provided by the client when initially creating the resource. The resource name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
       "satisfiesPzs": True or False, # [Output Only] Reserved for future use.
       "selfLink": "A String", # [Output Only] Server-defined fully-qualified URL for this resource.
-      "shareSettings": { # The share setting for reservations and sole tenancy node groups. # Share-settings for shared-reservation
-        "shareType": "A String", # Type of sharing for this shared-reservation
-      },
       "specificReservation": { # This reservation type allows to pre allocate specific instance configuration. Next ID: 5 # Reservation for instances with specific machine shapes.
         "count": "A String", # Specifies the number of resources that are allocated.
         "inUseCount": "A String", # [Output Only] Indicates how many instances are in use.
diff --git a/docs/dyn/compute_v1.routers.html b/docs/dyn/compute_v1.routers.html
index af1113ba39d..70d43170bc2 100644
--- a/docs/dyn/compute_v1.routers.html
+++ b/docs/dyn/compute_v1.routers.html
@@ -732,66 +732,6 @@ 
Method Details

             ],
           },
         ],
-        "bfdStatus": { # Next free: 15
-          "bfdSessionInitializationMode": "A String", # The BFD session initialization mode for this BGP peer. If set to ACTIVE, the Cloud Router will initiate the BFD session for this BGP peer. If set to PASSIVE, the Cloud Router will wait for the peer router to initiate the BFD session for this BGP peer. If set to DISABLED, BFD is disabled for this BGP peer.
-          "configUpdateTimestampMicros": "A String", # Unix timestamp of the most recent config update.
-          "controlPacketCounts": { # Control packet counts for the current BFD session.
-            "numRx": 42, # Number of packets received since the beginning of the current BFD session.
-            "numRxRejected": 42, # Number of packets received that were rejected because of errors since the beginning of the current BFD session.
-            "numRxSuccessful": 42, # Number of packets received that were successfully processed since the beginning of the current BFD session.
-            "numTx": 42, # Number of packets transmitted since the beginning of the current BFD session.
-          },
-          "controlPacketIntervals": [ # Inter-packet time interval statistics for control packets.
-            { # Next free: 7
-              "avgMs": "A String", # Average observed inter-packet interval in milliseconds.
-              "duration": "A String", # From how long ago in the past these intervals were observed.
-              "maxMs": "A String", # Maximum observed inter-packet interval in milliseconds.
-              "minMs": "A String", # Minimum observed inter-packet interval in milliseconds.
-              "numIntervals": "A String", # Number of inter-packet intervals from which these statistics were derived.
-              "type": "A String", # The type of packets for which inter-packet intervals were computed.
-            },
-          ],
-          "localDiagnostic": "A String", # The diagnostic code specifies the local system's reason for the last change in session state. This allows remote systems to determine the reason that the previous session failed, for example. These diagnostic codes are specified in section 4.1 of RFC5880
-          "localState": "A String", # The current BFD session state as seen by the transmitting system. These states are specified in section 4.1 of RFC5880
-          "negotiatedLocalControlTxIntervalMs": 42, # Negotiated transmit interval for control packets.
-          "rxPacket": { # The most recent Rx control packet for this BFD session.
-            "authenticationPresent": True or False, # The Authentication Present bit of the BFD packet. This is specified in section 4.1 of RFC5880
-            "controlPlaneIndependent": True or False, # The Control Plane Independent bit of the BFD packet. This is specified in section 4.1 of RFC5880
-            "demand": True or False, # The demand bit of the BFD packet. This is specified in section 4.1 of RFC5880
-            "diagnostic": "A String", # The diagnostic code specifies the local system's reason for the last change in session state. This allows remote systems to determine the reason that the previous session failed, for example. These diagnostic codes are specified in section 4.1 of RFC5880
-            "final": True or False, # The Final bit of the BFD packet. This is specified in section 4.1 of RFC5880
-            "length": 42, # The length of the BFD Control packet in bytes. This is specified in section 4.1 of RFC5880
-            "minEchoRxIntervalMs": 42, # The Required Min Echo RX Interval value in the BFD packet. This is specified in section 4.1 of RFC5880
-            "minRxIntervalMs": 42, # The Required Min RX Interval value in the BFD packet. This is specified in section 4.1 of RFC5880
-            "minTxIntervalMs": 42, # The Desired Min TX Interval value in the BFD packet. This is specified in section 4.1 of RFC5880
-            "multiplier": 42, # The detection time multiplier of the BFD packet. This is specified in section 4.1 of RFC5880
-            "multipoint": True or False, # The multipoint bit of the BFD packet. This is specified in section 4.1 of RFC5880
-            "myDiscriminator": 42, # The My Discriminator value in the BFD packet. This is specified in section 4.1 of RFC5880
-            "poll": True or False, # The Poll bit of the BFD packet. This is specified in section 4.1 of RFC5880
-            "state": "A String", # The current BFD session state as seen by the transmitting system. These states are specified in section 4.1 of RFC5880
-            "version": 42, # The version number of the BFD protocol, as specified in section 4.1 of RFC5880.
-            "yourDiscriminator": 42, # The Your Discriminator value in the BFD packet. This is specified in section 4.1 of RFC5880
-          },
-          "txPacket": { # The most recent Tx control packet for this BFD session.
-            "authenticationPresent": True or False, # The Authentication Present bit of the BFD packet. This is specified in section 4.1 of RFC5880
-            "controlPlaneIndependent": True or False, # The Control Plane Independent bit of the BFD packet. This is specified in section 4.1 of RFC5880
-            "demand": True or False, # The demand bit of the BFD packet. This is specified in section 4.1 of RFC5880
-            "diagnostic": "A String", # The diagnostic code specifies the local system's reason for the last change in session state. This allows remote systems to determine the reason that the previous session failed, for example. These diagnostic codes are specified in section 4.1 of RFC5880
-            "final": True or False, # The Final bit of the BFD packet. This is specified in section 4.1 of RFC5880
-            "length": 42, # The length of the BFD Control packet in bytes. This is specified in section 4.1 of RFC5880
-            "minEchoRxIntervalMs": 42, # The Required Min Echo RX Interval value in the BFD packet. This is specified in section 4.1 of RFC5880
-            "minRxIntervalMs": 42, # The Required Min RX Interval value in the BFD packet. This is specified in section 4.1 of RFC5880
-            "minTxIntervalMs": 42, # The Desired Min TX Interval value in the BFD packet. This is specified in section 4.1 of RFC5880
-            "multiplier": 42, # The detection time multiplier of the BFD packet. This is specified in section 4.1 of RFC5880
-            "multipoint": True or False, # The multipoint bit of the BFD packet. This is specified in section 4.1 of RFC5880
-            "myDiscriminator": 42, # The My Discriminator value in the BFD packet. This is specified in section 4.1 of RFC5880
-            "poll": True or False, # The Poll bit of the BFD packet. This is specified in section 4.1 of RFC5880
-            "state": "A String", # The current BFD session state as seen by the transmitting system. These states are specified in section 4.1 of RFC5880
-            "version": 42, # The version number of the BFD protocol, as specified in section 4.1 of RFC5880.
-            "yourDiscriminator": 42, # The Your Discriminator value in the BFD packet. This is specified in section 4.1 of RFC5880
-          },
-          "uptimeMs": "A String", # Session uptime in milliseconds. Value will be 0 if session is not up.
-        },
         "ipAddress": "A String", # IP address of the local BGP interface.
         "linkedVpnTunnel": "A String", # URL of the VPN tunnel that this BGP peer controls.
         "name": "A String", # Name of this BGP peer. Unique within the Routers resource.
diff --git a/docs/dyn/connectors_v1.projects.locations.connections.html b/docs/dyn/connectors_v1.projects.locations.connections.html
index fb1737d4b38..f5936845d6e 100644
--- a/docs/dyn/connectors_v1.projects.locations.connections.html
+++ b/docs/dyn/connectors_v1.projects.locations.connections.html
@@ -397,7 +397,7 @@ 
Method Details

 
 Args:
   resource: string, REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. (required)
-  options_requestedPolicyVersion: integer, Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  options_requestedPolicyVersion: integer, Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
@@ -406,7 +406,7 @@ 
Method Details

 Returns:
   An object of the form:
 
-    { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
+    { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
   "auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
     { # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
       "auditLogConfigs": [ # The configuration for logging of each type of permission.
@@ -420,18 +420,18 @@ 
Method Details

       "service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
     },
   ],
-  "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.
-    { # Associates `members` with a `role`.
-      "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+    { # Associates `members`, or principals, with a `role`.
+      "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
         "description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
         "expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
         "location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
         "title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
       },
-      "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+      "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
         "A String",
       ],
-      "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+      "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
     },
   ],
   "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
@@ -684,7 +684,7 @@ 
Method Details

     The object takes the form of:
 
 { # Request message for `SetIamPolicy` method.
-  "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.
+  "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.
     "auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
       { # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
         "auditLogConfigs": [ # The configuration for logging of each type of permission.
@@ -698,18 +698,18 @@ 
Method Details

         "service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
       },
     ],
-    "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.
-      { # Associates `members` with a `role`.
-        "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+    "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+      { # Associates `members`, or principals, with a `role`.
+        "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
           "description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
           "expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
           "location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
           "title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
         },
-        "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+        "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
           "A String",
         ],
-        "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+        "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
       },
     ],
     "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
@@ -726,7 +726,7 @@ 
Method Details

 Returns:
   An object of the form:
 
-    { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
+    { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
   "auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
     { # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
       "auditLogConfigs": [ # The configuration for logging of each type of permission.
@@ -740,18 +740,18 @@ 
Method Details

       "service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
     },
   ],
-  "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.
-    { # Associates `members` with a `role`.
-      "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+    { # Associates `members`, or principals, with a `role`.
+      "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
         "description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
         "expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
         "location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
         "title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
       },
-      "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+      "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
         "A String",
       ],
-      "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+      "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
     },
   ],
   "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
diff --git a/docs/dyn/connectors_v1.projects.locations.connections.runtimeActionSchemas.html b/docs/dyn/connectors_v1.projects.locations.connections.runtimeActionSchemas.html
index 38f9d81d258..887ab01a7f0 100644
--- a/docs/dyn/connectors_v1.projects.locations.connections.runtimeActionSchemas.html
+++ b/docs/dyn/connectors_v1.projects.locations.connections.runtimeActionSchemas.html
@@ -95,7 +95,7 @@ 
Method Details

 
 Args:
   parent: string, Required. Parent resource of RuntimeActionSchema Format: projects/{project}/locations/{location}/connections/{connection} (required)
-  filter: string, Filter
+  filter: string, Required. Filter Format: action="{actionId}" Only action field is supported with literal equality operator. Accepted filter example: action="CancelOrder" Wildcards are not supported in the filter currently.
   pageSize: integer, Page size.
   pageToken: string, Page token.
   x__xgafv: string, V1 error format.
diff --git a/docs/dyn/connectors_v1.projects.locations.connections.runtimeEntitySchemas.html b/docs/dyn/connectors_v1.projects.locations.connections.runtimeEntitySchemas.html
index a1a0755fb03..94c217d06b3 100644
--- a/docs/dyn/connectors_v1.projects.locations.connections.runtimeEntitySchemas.html
+++ b/docs/dyn/connectors_v1.projects.locations.connections.runtimeEntitySchemas.html
@@ -95,7 +95,7 @@ 
Method Details

 
 Args:
   parent: string, Required. Parent resource of RuntimeEntitySchema Format: projects/{project}/locations/{location}/connections/{connection} (required)
-  filter: string, Filter
+  filter: string, Required. Filter Format: entity="{entityId}" Only entity field is supported with literal equality operator. Accepted filter example: entity="Order" Wildcards are not supported in the filter currently.
   pageSize: integer, Page size.
   pageToken: string, Page token.
   x__xgafv: string, V1 error format.
diff --git a/docs/dyn/connectors_v1.projects.locations.providers.html b/docs/dyn/connectors_v1.projects.locations.providers.html
index acbcaed17fa..a8258ffc9e9 100644
--- a/docs/dyn/connectors_v1.projects.locations.providers.html
+++ b/docs/dyn/connectors_v1.projects.locations.providers.html
@@ -98,7 +98,7 @@ 
Method Details

 
 Args:
   resource: string, REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. (required)
-  options_requestedPolicyVersion: integer, Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  options_requestedPolicyVersion: integer, Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
@@ -107,7 +107,7 @@ 
Method Details

 Returns:
   An object of the form:
 
-    { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
+    { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
   "auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
     { # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
       "auditLogConfigs": [ # The configuration for logging of each type of permission.
@@ -121,18 +121,18 @@ 
Method Details

       "service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
     },
   ],
-  "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.
-    { # Associates `members` with a `role`.
-      "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+    { # Associates `members`, or principals, with a `role`.
+      "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
         "description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
         "expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
         "location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
         "title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
       },
-      "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+      "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
         "A String",
       ],
-      "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+      "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
     },
   ],
   "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
@@ -150,7 +150,7 @@ 
Method Details

     The object takes the form of:
 
 { # Request message for `SetIamPolicy` method.
-  "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.
+  "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.
     "auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
       { # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
         "auditLogConfigs": [ # The configuration for logging of each type of permission.
@@ -164,18 +164,18 @@ 
Method Details

         "service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
       },
     ],
-    "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.
-      { # Associates `members` with a `role`.
-        "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+    "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+      { # Associates `members`, or principals, with a `role`.
+        "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
           "description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
           "expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
           "location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
           "title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
         },
-        "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+        "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
           "A String",
         ],
-        "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+        "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
       },
     ],
     "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
@@ -192,7 +192,7 @@ 
Method Details

 Returns:
   An object of the form:
 
-    { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
+    { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
   "auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
     { # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
       "auditLogConfigs": [ # The configuration for logging of each type of permission.
@@ -206,18 +206,18 @@ 
Method Details

       "service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
     },
   ],
-  "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.
-    { # Associates `members` with a `role`.
-      "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+    { # Associates `members`, or principals, with a `role`.
+      "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
         "description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
         "expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
         "location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
         "title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
       },
-      "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+      "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
         "A String",
       ],
-      "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+      "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
     },
   ],
   "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
diff --git a/docs/dyn/contactcenterinsights_v1.projects.locations.conversations.html b/docs/dyn/contactcenterinsights_v1.projects.locations.conversations.html
index f18d5814e52..4555ca05319 100644
--- a/docs/dyn/contactcenterinsights_v1.projects.locations.conversations.html
+++ b/docs/dyn/contactcenterinsights_v1.projects.locations.conversations.html
@@ -138,6 +138,13 @@ 
Method Details

   "issueMatches": { # A map associating each issue resource name with its respective number of matches in the set of conversations. Key has the format: `projects//locations//issueModels//issues/` Deprecated, use `issue_matches_stats` field instead.
     "a_key": 42,
   },
+  "issueMatchesStats": { # A map associating each issue resource name with its respective number of matches in the set of conversations. Key has the format: `projects//locations//issueModels//issues/`
+    "a_key": { # Aggregated statistics about an issue.
+      "displayName": "A String", # Display name of the issue.
+      "issue": "A String", # Issue resource. Format: projects/{project}/locations/{location}/issueModels/{issue_model}/issues/{issue}
+      "labeledConversationsCount": "A String", # Number of conversations attached to the issue at this point in time.
+    },
+  },
   "smartHighlighterMatches": { # A map associating each smart highlighter display name with its respective number of matches in the set of conversations.
     "a_key": 42,
   },
@@ -379,7 +386,7 @@ 
Method Details

   "updateTime": "A String", # Output only. The most recent time at which the conversation was updated.
 }
 
-  conversationId: string, A unique ID for the new conversation. This ID will become the final component of the conversation's resource name. If no ID is specified, a server-generated ID will be used. This value should be 4-32 characters and must match the regular expression /^[a-z0-9-]{4,32}$/. Valid characters are /a-z-/
+  conversationId: string, A unique ID for the new conversation. This ID will become the final component of the conversation's resource name. If no ID is specified, a server-generated ID will be used. This value should be 4-64 characters and must match the regular expression /^[a-z0-9-]{4,64}$/. Valid characters are /a-z-/
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
diff --git a/docs/dyn/contactcenterinsights_v1.projects.locations.issueModels.html b/docs/dyn/contactcenterinsights_v1.projects.locations.issueModels.html
index 441e0d953af..2ed015c32c3 100644
--- a/docs/dyn/contactcenterinsights_v1.projects.locations.issueModels.html
+++ b/docs/dyn/contactcenterinsights_v1.projects.locations.issueModels.html
@@ -126,6 +126,7 @@ 
Method Details

     "analyzedConversationsCount": "A String", # Number of conversations the issue model has analyzed at this point in time.
     "issueStats": { # Statistics on each issue. Key is the issue's resource name.
       "a_key": { # Aggregated statistics about an issue.
+        "displayName": "A String", # Display name of the issue.
         "issue": "A String", # Issue resource. Format: projects/{project}/locations/{location}/issueModels/{issue_model}/issues/{issue}
         "labeledConversationsCount": "A String", # Number of conversations attached to the issue at this point in time.
       },
@@ -163,6 +164,7 @@ 
Method Details

     "analyzedConversationsCount": "A String", # Number of conversations the issue model has analyzed at this point in time.
     "issueStats": { # Statistics on each issue. Key is the issue's resource name.
       "a_key": { # Aggregated statistics about an issue.
+        "displayName": "A String", # Display name of the issue.
         "issue": "A String", # Issue resource. Format: projects/{project}/locations/{location}/issueModels/{issue_model}/issues/{issue}
         "labeledConversationsCount": "A String", # Number of conversations attached to the issue at this point in time.
       },
@@ -306,6 +308,7 @@ 
Method Details

     "analyzedConversationsCount": "A String", # Number of conversations the issue model has analyzed at this point in time.
     "issueStats": { # Statistics on each issue. Key is the issue's resource name.
       "a_key": { # Aggregated statistics about an issue.
+        "displayName": "A String", # Display name of the issue.
         "issue": "A String", # Issue resource. Format: projects/{project}/locations/{location}/issueModels/{issue_model}/issues/{issue}
         "labeledConversationsCount": "A String", # Number of conversations attached to the issue at this point in time.
       },
@@ -346,6 +349,7 @@ 
Method Details

         "analyzedConversationsCount": "A String", # Number of conversations the issue model has analyzed at this point in time.
         "issueStats": { # Statistics on each issue. Key is the issue's resource name.
           "a_key": { # Aggregated statistics about an issue.
+            "displayName": "A String", # Display name of the issue.
             "issue": "A String", # Issue resource. Format: projects/{project}/locations/{location}/issueModels/{issue_model}/issues/{issue}
             "labeledConversationsCount": "A String", # Number of conversations attached to the issue at this point in time.
           },
@@ -381,6 +385,7 @@ 
Method Details

     "analyzedConversationsCount": "A String", # Number of conversations the issue model has analyzed at this point in time.
     "issueStats": { # Statistics on each issue. Key is the issue's resource name.
       "a_key": { # Aggregated statistics about an issue.
+        "displayName": "A String", # Display name of the issue.
         "issue": "A String", # Issue resource. Format: projects/{project}/locations/{location}/issueModels/{issue_model}/issues/{issue}
         "labeledConversationsCount": "A String", # Number of conversations attached to the issue at this point in time.
       },
@@ -413,6 +418,7 @@ 
Method Details

     "analyzedConversationsCount": "A String", # Number of conversations the issue model has analyzed at this point in time.
     "issueStats": { # Statistics on each issue. Key is the issue's resource name.
       "a_key": { # Aggregated statistics about an issue.
+        "displayName": "A String", # Display name of the issue.
         "issue": "A String", # Issue resource. Format: projects/{project}/locations/{location}/issueModels/{issue_model}/issues/{issue}
         "labeledConversationsCount": "A String", # Number of conversations attached to the issue at this point in time.
       },
diff --git a/docs/dyn/containeranalysis_v1.projects.notes.html b/docs/dyn/containeranalysis_v1.projects.notes.html
index 358dc8eedc3..9c732c490d4 100644
--- a/docs/dyn/containeranalysis_v1.projects.notes.html
+++ b/docs/dyn/containeranalysis_v1.projects.notes.html
@@ -1192,7 +1192,7 @@ 
Method Details

 
 { # Request message for `GetIamPolicy` method.
   "options": { # Encapsulates settings provided to GetIamPolicy. # OPTIONAL: A `GetPolicyOptions` object for specifying options to `GetIamPolicy`.
-    "requestedPolicyVersion": 42, # Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+    "requestedPolicyVersion": 42, # Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   },
 }
 
diff --git a/docs/dyn/containeranalysis_v1.projects.notes.occurrences.html b/docs/dyn/containeranalysis_v1.projects.notes.occurrences.html
index 88d66859386..ae3f7e3266a 100644
--- a/docs/dyn/containeranalysis_v1.projects.notes.occurrences.html
+++ b/docs/dyn/containeranalysis_v1.projects.notes.occurrences.html
@@ -125,7 +125,7 @@ 
Method Details

         ],
       },
       "build": { # Details of a build occurrence. # Describes a verifiable build.
-        "intotoProvenance": { # In-toto Provenance representation as defined in spec.
+        "intotoProvenance": { # Deprecated. See InTotoStatement for the replacement. In-toto Provenance representation as defined in spec.
           "builderConfig": { # required
             "id": "A String",
           },
@@ -159,7 +159,88 @@ 
Method Details

             "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
           },
         },
-        "provenance": { # Provenance of a build. Contains all information needed to verify the full details about the build from source to completion. # Required. The actual provenance for the build.
+        "intotoStatement": { # Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload. Envelope.payloadType is always "application/vnd.in-toto+json". # In-toto Statement representation as defined in spec. The intoto_statement can contain any type of provenance. The serialized payload of the statement can be stored and signed in the Occurrence's envelope.
+          "_type": "A String", # Always "https://in-toto.io/Statement/v0.1".
+          "predicateType": "A String", # "https://slsa.dev/provenance/v0.1" for SlsaProvenance.
+          "provenance": {
+            "builderConfig": { # required
+              "id": "A String",
+            },
+            "materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
+              "A String",
+            ],
+            "metadata": { # Other properties of the build.
+              "buildFinishedOn": "A String", # The timestamp of when the build completed.
+              "buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
+              "buildStartedOn": "A String", # The timestamp of when the build started.
+              "completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
+                "arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
+                "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
+                "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
+              },
+              "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+            },
+            "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
+              "arguments": [ # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Since the arguments field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+                {
+                  "a_key": "", # Properties of the object. Contains field @type with type URL.
+                },
+              ],
+              "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+              "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+              "environment": [ # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Since the environment field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+                {
+                  "a_key": "", # Properties of the object. Contains field @type with type URL.
+                },
+              ],
+              "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+            },
+          },
+          "slsaProvenance": {
+            "builder": { # required
+              "id": "A String",
+            },
+            "materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
+              {
+                "digest": {
+                  "a_key": "A String",
+                },
+                "uri": "A String",
+              },
+            ],
+            "metadata": { # Other properties of the build.
+              "buildFinishedOn": "A String", # The timestamp of when the build completed.
+              "buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
+              "buildStartedOn": "A String", # The timestamp of when the build started.
+              "completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
+                "arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
+                "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
+                "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
+              },
+              "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+            },
+            "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
+              "arguments": { # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Depending on the recipe Type, the structure may be different.
+                "a_key": "", # Properties of the object. Contains field @type with type URL.
+              },
+              "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+              "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+              "environment": { # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Depending on the recipe Type, the structure may be different.
+                "a_key": "", # Properties of the object. Contains field @type with type URL.
+              },
+              "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+            },
+          },
+          "subject": [
+            {
+              "digest": { # "": "" Algorithms can be e.g. sha256, sha512 See https://github.com/in-toto/attestation/blob/main/spec/field_types.md#DigestSet
+                "a_key": "A String",
+              },
+              "name": "A String",
+            },
+          ],
+        },
+        "provenance": { # Provenance of a build. Contains all information needed to verify the full details about the build from source to completion. # The actual provenance for the build.
           "buildOptions": { # Special options applied to this build. This is a catch-all field where build providers can enter any desired additional details.
             "a_key": "A String",
           },
@@ -316,7 +397,7 @@ 
Method Details

         "cpe": "A String", # The CPE of the resource being scanned.
         "lastScanTime": "A String", # The last time this resource was scanned.
       },
-      "dsseAttestation": { # Describes an attestation of an artifact using dsse.
+      "dsseAttestation": { # Deprecated. Prefer to use a regular Occurrence, and populate the Envelope at the top level of the Occurrence. # Describes an attestation of an artifact using dsse.
         "envelope": { # MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type. # If doing something security critical, make sure to verify the signatures in this metadata.
           "payload": "A String",
           "payloadType": "A String",
@@ -328,7 +409,8 @@ 
Method Details

           ],
         },
         "statement": { # Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload. Envelope.payloadType is always "application/vnd.in-toto+json".
-          "predicateType": "A String", # "https://in-toto.io/Provenance/v0.1" for InTotoProvenance.
+          "_type": "A String", # Always "https://in-toto.io/Statement/v0.1".
+          "predicateType": "A String", # "https://slsa.dev/provenance/v0.1" for SlsaProvenance.
           "provenance": {
             "builderConfig": { # required
               "id": "A String",
@@ -363,15 +445,49 @@ 
Method Details

               "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
             },
           },
+          "slsaProvenance": {
+            "builder": { # required
+              "id": "A String",
+            },
+            "materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
+              {
+                "digest": {
+                  "a_key": "A String",
+                },
+                "uri": "A String",
+              },
+            ],
+            "metadata": { # Other properties of the build.
+              "buildFinishedOn": "A String", # The timestamp of when the build completed.
+              "buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
+              "buildStartedOn": "A String", # The timestamp of when the build started.
+              "completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
+                "arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
+                "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
+                "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
+              },
+              "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+            },
+            "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
+              "arguments": { # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Depending on the recipe Type, the structure may be different.
+                "a_key": "", # Properties of the object. Contains field @type with type URL.
+              },
+              "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+              "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+              "environment": { # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Depending on the recipe Type, the structure may be different.
+                "a_key": "", # Properties of the object. Contains field @type with type URL.
+              },
+              "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+            },
+          },
           "subject": [
             {
-              "digest": { # "": ""
+              "digest": { # "": "" Algorithms can be e.g. sha256, sha512 See https://github.com/in-toto/attestation/blob/main/spec/field_types.md#DigestSet
                 "a_key": "A String",
               },
               "name": "A String",
             },
           ],
-          "type": "A String", # Always "https://in-toto.io/Statement/v0.1".
         },
       },
       "envelope": { # MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type. # https://github.com/secure-systems-lab/dsse
diff --git a/docs/dyn/containeranalysis_v1.projects.occurrences.html b/docs/dyn/containeranalysis_v1.projects.occurrences.html
index cbbfb1f82a4..91389ac86ef 100644
--- a/docs/dyn/containeranalysis_v1.projects.occurrences.html
+++ b/docs/dyn/containeranalysis_v1.projects.occurrences.html
@@ -141,7 +141,7 @@ 
Method Details

         ],
       },
       "build": { # Details of a build occurrence. # Describes a verifiable build.
-        "intotoProvenance": { # In-toto Provenance representation as defined in spec.
+        "intotoProvenance": { # Deprecated. See InTotoStatement for the replacement. In-toto Provenance representation as defined in spec.
           "builderConfig": { # required
             "id": "A String",
           },
@@ -175,7 +175,88 @@ 
Method Details

             "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
           },
         },
-        "provenance": { # Provenance of a build. Contains all information needed to verify the full details about the build from source to completion. # Required. The actual provenance for the build.
+        "intotoStatement": { # Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload. Envelope.payloadType is always "application/vnd.in-toto+json". # In-toto Statement representation as defined in spec. The intoto_statement can contain any type of provenance. The serialized payload of the statement can be stored and signed in the Occurrence's envelope.
+          "_type": "A String", # Always "https://in-toto.io/Statement/v0.1".
+          "predicateType": "A String", # "https://slsa.dev/provenance/v0.1" for SlsaProvenance.
+          "provenance": {
+            "builderConfig": { # required
+              "id": "A String",
+            },
+            "materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
+              "A String",
+            ],
+            "metadata": { # Other properties of the build.
+              "buildFinishedOn": "A String", # The timestamp of when the build completed.
+              "buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
+              "buildStartedOn": "A String", # The timestamp of when the build started.
+              "completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
+                "arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
+                "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
+                "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
+              },
+              "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+            },
+            "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
+              "arguments": [ # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Since the arguments field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+                {
+                  "a_key": "", # Properties of the object. Contains field @type with type URL.
+                },
+              ],
+              "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+              "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+              "environment": [ # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Since the environment field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+                {
+                  "a_key": "", # Properties of the object. Contains field @type with type URL.
+                },
+              ],
+              "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+            },
+          },
+          "slsaProvenance": {
+            "builder": { # required
+              "id": "A String",
+            },
+            "materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
+              {
+                "digest": {
+                  "a_key": "A String",
+                },
+                "uri": "A String",
+              },
+            ],
+            "metadata": { # Other properties of the build.
+              "buildFinishedOn": "A String", # The timestamp of when the build completed.
+              "buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
+              "buildStartedOn": "A String", # The timestamp of when the build started.
+              "completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
+                "arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
+                "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
+                "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
+              },
+              "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+            },
+            "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
+              "arguments": { # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Depending on the recipe Type, the structure may be different.
+                "a_key": "", # Properties of the object. Contains field @type with type URL.
+              },
+              "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+              "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+              "environment": { # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Depending on the recipe Type, the structure may be different.
+                "a_key": "", # Properties of the object. Contains field @type with type URL.
+              },
+              "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+            },
+          },
+          "subject": [
+            {
+              "digest": { # "": "" Algorithms can be e.g. sha256, sha512 See https://github.com/in-toto/attestation/blob/main/spec/field_types.md#DigestSet
+                "a_key": "A String",
+              },
+              "name": "A String",
+            },
+          ],
+        },
+        "provenance": { # Provenance of a build. Contains all information needed to verify the full details about the build from source to completion. # The actual provenance for the build.
           "buildOptions": { # Special options applied to this build. This is a catch-all field where build providers can enter any desired additional details.
             "a_key": "A String",
           },
@@ -332,7 +413,7 @@ 
Method Details

         "cpe": "A String", # The CPE of the resource being scanned.
         "lastScanTime": "A String", # The last time this resource was scanned.
       },
-      "dsseAttestation": { # Describes an attestation of an artifact using dsse.
+      "dsseAttestation": { # Deprecated. Prefer to use a regular Occurrence, and populate the Envelope at the top level of the Occurrence. # Describes an attestation of an artifact using dsse.
         "envelope": { # MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type. # If doing something security critical, make sure to verify the signatures in this metadata.
           "payload": "A String",
           "payloadType": "A String",
@@ -344,7 +425,8 @@ 
Method Details

           ],
         },
         "statement": { # Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload. Envelope.payloadType is always "application/vnd.in-toto+json".
-          "predicateType": "A String", # "https://in-toto.io/Provenance/v0.1" for InTotoProvenance.
+          "_type": "A String", # Always "https://in-toto.io/Statement/v0.1".
+          "predicateType": "A String", # "https://slsa.dev/provenance/v0.1" for SlsaProvenance.
           "provenance": {
             "builderConfig": { # required
               "id": "A String",
@@ -379,15 +461,49 @@ 
Method Details

               "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
             },
           },
+          "slsaProvenance": {
+            "builder": { # required
+              "id": "A String",
+            },
+            "materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
+              {
+                "digest": {
+                  "a_key": "A String",
+                },
+                "uri": "A String",
+              },
+            ],
+            "metadata": { # Other properties of the build.
+              "buildFinishedOn": "A String", # The timestamp of when the build completed.
+              "buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
+              "buildStartedOn": "A String", # The timestamp of when the build started.
+              "completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
+                "arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
+                "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
+                "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
+              },
+              "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+            },
+            "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
+              "arguments": { # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Depending on the recipe Type, the structure may be different.
+                "a_key": "", # Properties of the object. Contains field @type with type URL.
+              },
+              "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+              "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+              "environment": { # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Depending on the recipe Type, the structure may be different.
+                "a_key": "", # Properties of the object. Contains field @type with type URL.
+              },
+              "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+            },
+          },
           "subject": [
             {
-              "digest": { # "": ""
+              "digest": { # "": "" Algorithms can be e.g. sha256, sha512 See https://github.com/in-toto/attestation/blob/main/spec/field_types.md#DigestSet
                 "a_key": "A String",
               },
               "name": "A String",
             },
           ],
-          "type": "A String", # Always "https://in-toto.io/Statement/v0.1".
         },
       },
       "envelope": { # MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type. # https://github.com/secure-systems-lab/dsse
@@ -550,7 +666,7 @@ 
Method Details

         ],
       },
       "build": { # Details of a build occurrence. # Describes a verifiable build.
-        "intotoProvenance": { # In-toto Provenance representation as defined in spec.
+        "intotoProvenance": { # Deprecated. See InTotoStatement for the replacement. In-toto Provenance representation as defined in spec.
           "builderConfig": { # required
             "id": "A String",
           },
@@ -584,7 +700,88 @@ 
Method Details

             "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
           },
         },
-        "provenance": { # Provenance of a build. Contains all information needed to verify the full details about the build from source to completion. # Required. The actual provenance for the build.
+        "intotoStatement": { # Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload. Envelope.payloadType is always "application/vnd.in-toto+json". # In-toto Statement representation as defined in spec. The intoto_statement can contain any type of provenance. The serialized payload of the statement can be stored and signed in the Occurrence's envelope.
+          "_type": "A String", # Always "https://in-toto.io/Statement/v0.1".
+          "predicateType": "A String", # "https://slsa.dev/provenance/v0.1" for SlsaProvenance.
+          "provenance": {
+            "builderConfig": { # required
+              "id": "A String",
+            },
+            "materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
+              "A String",
+            ],
+            "metadata": { # Other properties of the build.
+              "buildFinishedOn": "A String", # The timestamp of when the build completed.
+              "buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
+              "buildStartedOn": "A String", # The timestamp of when the build started.
+              "completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
+                "arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
+                "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
+                "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
+              },
+              "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+            },
+            "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
+              "arguments": [ # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Since the arguments field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+                {
+                  "a_key": "", # Properties of the object. Contains field @type with type URL.
+                },
+              ],
+              "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+              "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+              "environment": [ # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Since the environment field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+                {
+                  "a_key": "", # Properties of the object. Contains field @type with type URL.
+                },
+              ],
+              "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+            },
+          },
+          "slsaProvenance": {
+            "builder": { # required
+              "id": "A String",
+            },
+            "materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
+              {
+                "digest": {
+                  "a_key": "A String",
+                },
+                "uri": "A String",
+              },
+            ],
+            "metadata": { # Other properties of the build.
+              "buildFinishedOn": "A String", # The timestamp of when the build completed.
+              "buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
+              "buildStartedOn": "A String", # The timestamp of when the build started.
+              "completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
+                "arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
+                "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
+                "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
+              },
+              "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+            },
+            "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
+              "arguments": { # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Depending on the recipe Type, the structure may be different.
+                "a_key": "", # Properties of the object. Contains field @type with type URL.
+              },
+              "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+              "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+              "environment": { # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Depending on the recipe Type, the structure may be different.
+                "a_key": "", # Properties of the object. Contains field @type with type URL.
+              },
+              "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+            },
+          },
+          "subject": [
+            {
+              "digest": { # "": "" Algorithms can be e.g. sha256, sha512 See https://github.com/in-toto/attestation/blob/main/spec/field_types.md#DigestSet
+                "a_key": "A String",
+              },
+              "name": "A String",
+            },
+          ],
+        },
+        "provenance": { # Provenance of a build. Contains all information needed to verify the full details about the build from source to completion. # The actual provenance for the build.
           "buildOptions": { # Special options applied to this build. This is a catch-all field where build providers can enter any desired additional details.
             "a_key": "A String",
           },
@@ -741,7 +938,7 @@ 
Method Details

         "cpe": "A String", # The CPE of the resource being scanned.
         "lastScanTime": "A String", # The last time this resource was scanned.
       },
-      "dsseAttestation": { # Describes an attestation of an artifact using dsse.
+      "dsseAttestation": { # Deprecated. Prefer to use a regular Occurrence, and populate the Envelope at the top level of the Occurrence. # Describes an attestation of an artifact using dsse.
         "envelope": { # MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type. # If doing something security critical, make sure to verify the signatures in this metadata.
           "payload": "A String",
           "payloadType": "A String",
@@ -753,7 +950,8 @@ 
Method Details

           ],
         },
         "statement": { # Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload. Envelope.payloadType is always "application/vnd.in-toto+json".
-          "predicateType": "A String", # "https://in-toto.io/Provenance/v0.1" for InTotoProvenance.
+          "_type": "A String", # Always "https://in-toto.io/Statement/v0.1".
+          "predicateType": "A String", # "https://slsa.dev/provenance/v0.1" for SlsaProvenance.
           "provenance": {
             "builderConfig": { # required
               "id": "A String",
@@ -788,15 +986,49 @@ 
Method Details

               "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
             },
           },
+          "slsaProvenance": {
+            "builder": { # required
+              "id": "A String",
+            },
+            "materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
+              {
+                "digest": {
+                  "a_key": "A String",
+                },
+                "uri": "A String",
+              },
+            ],
+            "metadata": { # Other properties of the build.
+              "buildFinishedOn": "A String", # The timestamp of when the build completed.
+              "buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
+              "buildStartedOn": "A String", # The timestamp of when the build started.
+              "completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
+                "arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
+                "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
+                "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
+              },
+              "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+            },
+            "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
+              "arguments": { # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Depending on the recipe Type, the structure may be different.
+                "a_key": "", # Properties of the object. Contains field @type with type URL.
+              },
+              "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+              "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+              "environment": { # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Depending on the recipe Type, the structure may be different.
+                "a_key": "", # Properties of the object. Contains field @type with type URL.
+              },
+              "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+            },
+          },
           "subject": [
             {
-              "digest": { # "": ""
+              "digest": { # "": "" Algorithms can be e.g. sha256, sha512 See https://github.com/in-toto/attestation/blob/main/spec/field_types.md#DigestSet
                 "a_key": "A String",
               },
               "name": "A String",
             },
           ],
-          "type": "A String", # Always "https://in-toto.io/Statement/v0.1".
         },
       },
       "envelope": { # MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type. # https://github.com/secure-systems-lab/dsse
@@ -964,7 +1196,7 @@ 
Method Details

     ],
   },
   "build": { # Details of a build occurrence. # Describes a verifiable build.
-    "intotoProvenance": { # In-toto Provenance representation as defined in spec.
+    "intotoProvenance": { # Deprecated. See InTotoStatement for the replacement. In-toto Provenance representation as defined in spec.
       "builderConfig": { # required
         "id": "A String",
       },
@@ -998,7 +1230,88 @@ 
Method Details

         "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
       },
     },
-    "provenance": { # Provenance of a build. Contains all information needed to verify the full details about the build from source to completion. # Required. The actual provenance for the build.
+    "intotoStatement": { # Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload. Envelope.payloadType is always "application/vnd.in-toto+json". # In-toto Statement representation as defined in spec. The intoto_statement can contain any type of provenance. The serialized payload of the statement can be stored and signed in the Occurrence's envelope.
+      "_type": "A String", # Always "https://in-toto.io/Statement/v0.1".
+      "predicateType": "A String", # "https://slsa.dev/provenance/v0.1" for SlsaProvenance.
+      "provenance": {
+        "builderConfig": { # required
+          "id": "A String",
+        },
+        "materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
+          "A String",
+        ],
+        "metadata": { # Other properties of the build.
+          "buildFinishedOn": "A String", # The timestamp of when the build completed.
+          "buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
+          "buildStartedOn": "A String", # The timestamp of when the build started.
+          "completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
+            "arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
+            "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
+            "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
+          },
+          "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+        },
+        "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
+          "arguments": [ # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Since the arguments field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+            {
+              "a_key": "", # Properties of the object. Contains field @type with type URL.
+            },
+          ],
+          "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+          "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+          "environment": [ # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Since the environment field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+            {
+              "a_key": "", # Properties of the object. Contains field @type with type URL.
+            },
+          ],
+          "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+        },
+      },
+      "slsaProvenance": {
+        "builder": { # required
+          "id": "A String",
+        },
+        "materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
+          {
+            "digest": {
+              "a_key": "A String",
+            },
+            "uri": "A String",
+          },
+        ],
+        "metadata": { # Other properties of the build.
+          "buildFinishedOn": "A String", # The timestamp of when the build completed.
+          "buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
+          "buildStartedOn": "A String", # The timestamp of when the build started.
+          "completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
+            "arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
+            "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
+            "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
+          },
+          "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+        },
+        "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
+          "arguments": { # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Depending on the recipe Type, the structure may be different.
+            "a_key": "", # Properties of the object. Contains field @type with type URL.
+          },
+          "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+          "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+          "environment": { # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Depending on the recipe Type, the structure may be different.
+            "a_key": "", # Properties of the object. Contains field @type with type URL.
+          },
+          "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+        },
+      },
+      "subject": [
+        {
+          "digest": { # "": "" Algorithms can be e.g. sha256, sha512 See https://github.com/in-toto/attestation/blob/main/spec/field_types.md#DigestSet
+            "a_key": "A String",
+          },
+          "name": "A String",
+        },
+      ],
+    },
+    "provenance": { # Provenance of a build. Contains all information needed to verify the full details about the build from source to completion. # The actual provenance for the build.
       "buildOptions": { # Special options applied to this build. This is a catch-all field where build providers can enter any desired additional details.
         "a_key": "A String",
       },
@@ -1155,7 +1468,7 @@ 
Method Details

     "cpe": "A String", # The CPE of the resource being scanned.
     "lastScanTime": "A String", # The last time this resource was scanned.
   },
-  "dsseAttestation": { # Describes an attestation of an artifact using dsse.
+  "dsseAttestation": { # Deprecated. Prefer to use a regular Occurrence, and populate the Envelope at the top level of the Occurrence. # Describes an attestation of an artifact using dsse.
     "envelope": { # MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type. # If doing something security critical, make sure to verify the signatures in this metadata.
       "payload": "A String",
       "payloadType": "A String",
@@ -1167,7 +1480,8 @@ 
Method Details

       ],
     },
     "statement": { # Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload. Envelope.payloadType is always "application/vnd.in-toto+json".
-      "predicateType": "A String", # "https://in-toto.io/Provenance/v0.1" for InTotoProvenance.
+      "_type": "A String", # Always "https://in-toto.io/Statement/v0.1".
+      "predicateType": "A String", # "https://slsa.dev/provenance/v0.1" for SlsaProvenance.
       "provenance": {
         "builderConfig": { # required
           "id": "A String",
@@ -1202,15 +1516,49 @@ 
Method Details

           "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
         },
       },
+      "slsaProvenance": {
+        "builder": { # required
+          "id": "A String",
+        },
+        "materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
+          {
+            "digest": {
+              "a_key": "A String",
+            },
+            "uri": "A String",
+          },
+        ],
+        "metadata": { # Other properties of the build.
+          "buildFinishedOn": "A String", # The timestamp of when the build completed.
+          "buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
+          "buildStartedOn": "A String", # The timestamp of when the build started.
+          "completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
+            "arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
+            "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
+            "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
+          },
+          "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+        },
+        "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
+          "arguments": { # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Depending on the recipe Type, the structure may be different.
+            "a_key": "", # Properties of the object. Contains field @type with type URL.
+          },
+          "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+          "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+          "environment": { # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Depending on the recipe Type, the structure may be different.
+            "a_key": "", # Properties of the object. Contains field @type with type URL.
+          },
+          "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+        },
+      },
       "subject": [
         {
-          "digest": { # "": ""
+          "digest": { # "": "" Algorithms can be e.g. sha256, sha512 See https://github.com/in-toto/attestation/blob/main/spec/field_types.md#DigestSet
             "a_key": "A String",
           },
           "name": "A String",
         },
       ],
-      "type": "A String", # Always "https://in-toto.io/Statement/v0.1".
     },
   },
   "envelope": { # MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type. # https://github.com/secure-systems-lab/dsse
@@ -1369,7 +1717,7 @@ 
Method Details

     ],
   },
   "build": { # Details of a build occurrence. # Describes a verifiable build.
-    "intotoProvenance": { # In-toto Provenance representation as defined in spec.
+    "intotoProvenance": { # Deprecated. See InTotoStatement for the replacement. In-toto Provenance representation as defined in spec.
       "builderConfig": { # required
         "id": "A String",
       },
@@ -1385,25 +1733,106 @@ 
Method Details

           "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
           "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
         },
-        "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+        "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+      },
+      "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
+        "arguments": [ # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Since the arguments field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+          {
+            "a_key": "", # Properties of the object. Contains field @type with type URL.
+          },
+        ],
+        "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+        "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+        "environment": [ # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Since the environment field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+          {
+            "a_key": "", # Properties of the object. Contains field @type with type URL.
+          },
+        ],
+        "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+      },
+    },
+    "intotoStatement": { # Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload. Envelope.payloadType is always "application/vnd.in-toto+json". # In-toto Statement representation as defined in spec. The intoto_statement can contain any type of provenance. The serialized payload of the statement can be stored and signed in the Occurrence's envelope.
+      "_type": "A String", # Always "https://in-toto.io/Statement/v0.1".
+      "predicateType": "A String", # "https://slsa.dev/provenance/v0.1" for SlsaProvenance.
+      "provenance": {
+        "builderConfig": { # required
+          "id": "A String",
+        },
+        "materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
+          "A String",
+        ],
+        "metadata": { # Other properties of the build.
+          "buildFinishedOn": "A String", # The timestamp of when the build completed.
+          "buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
+          "buildStartedOn": "A String", # The timestamp of when the build started.
+          "completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
+            "arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
+            "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
+            "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
+          },
+          "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+        },
+        "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
+          "arguments": [ # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Since the arguments field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+            {
+              "a_key": "", # Properties of the object. Contains field @type with type URL.
+            },
+          ],
+          "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+          "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+          "environment": [ # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Since the environment field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+            {
+              "a_key": "", # Properties of the object. Contains field @type with type URL.
+            },
+          ],
+          "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+        },
       },
-      "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
-        "arguments": [ # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Since the arguments field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+      "slsaProvenance": {
+        "builder": { # required
+          "id": "A String",
+        },
+        "materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
           {
-            "a_key": "", # Properties of the object. Contains field @type with type URL.
+            "digest": {
+              "a_key": "A String",
+            },
+            "uri": "A String",
           },
         ],
-        "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
-        "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
-        "environment": [ # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Since the environment field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
-          {
+        "metadata": { # Other properties of the build.
+          "buildFinishedOn": "A String", # The timestamp of when the build completed.
+          "buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
+          "buildStartedOn": "A String", # The timestamp of when the build started.
+          "completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
+            "arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
+            "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
+            "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
+          },
+          "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+        },
+        "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
+          "arguments": { # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Depending on the recipe Type, the structure may be different.
             "a_key": "", # Properties of the object. Contains field @type with type URL.
           },
-        ],
-        "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+          "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+          "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+          "environment": { # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Depending on the recipe Type, the structure may be different.
+            "a_key": "", # Properties of the object. Contains field @type with type URL.
+          },
+          "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+        },
       },
+      "subject": [
+        {
+          "digest": { # "": "" Algorithms can be e.g. sha256, sha512 See https://github.com/in-toto/attestation/blob/main/spec/field_types.md#DigestSet
+            "a_key": "A String",
+          },
+          "name": "A String",
+        },
+      ],
     },
-    "provenance": { # Provenance of a build. Contains all information needed to verify the full details about the build from source to completion. # Required. The actual provenance for the build.
+    "provenance": { # Provenance of a build. Contains all information needed to verify the full details about the build from source to completion. # The actual provenance for the build.
       "buildOptions": { # Special options applied to this build. This is a catch-all field where build providers can enter any desired additional details.
         "a_key": "A String",
       },
@@ -1560,7 +1989,7 @@ 
Method Details

     "cpe": "A String", # The CPE of the resource being scanned.
     "lastScanTime": "A String", # The last time this resource was scanned.
   },
-  "dsseAttestation": { # Describes an attestation of an artifact using dsse.
+  "dsseAttestation": { # Deprecated. Prefer to use a regular Occurrence, and populate the Envelope at the top level of the Occurrence. # Describes an attestation of an artifact using dsse.
     "envelope": { # MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type. # If doing something security critical, make sure to verify the signatures in this metadata.
       "payload": "A String",
       "payloadType": "A String",
@@ -1572,7 +2001,8 @@ 
Method Details

       ],
     },
     "statement": { # Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload. Envelope.payloadType is always "application/vnd.in-toto+json".
-      "predicateType": "A String", # "https://in-toto.io/Provenance/v0.1" for InTotoProvenance.
+      "_type": "A String", # Always "https://in-toto.io/Statement/v0.1".
+      "predicateType": "A String", # "https://slsa.dev/provenance/v0.1" for SlsaProvenance.
       "provenance": {
         "builderConfig": { # required
           "id": "A String",
@@ -1607,15 +2037,49 @@ 
Method Details

           "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
         },
       },
+      "slsaProvenance": {
+        "builder": { # required
+          "id": "A String",
+        },
+        "materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
+          {
+            "digest": {
+              "a_key": "A String",
+            },
+            "uri": "A String",
+          },
+        ],
+        "metadata": { # Other properties of the build.
+          "buildFinishedOn": "A String", # The timestamp of when the build completed.
+          "buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
+          "buildStartedOn": "A String", # The timestamp of when the build started.
+          "completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
+            "arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
+            "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
+            "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
+          },
+          "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+        },
+        "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
+          "arguments": { # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Depending on the recipe Type, the structure may be different.
+            "a_key": "", # Properties of the object. Contains field @type with type URL.
+          },
+          "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+          "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+          "environment": { # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Depending on the recipe Type, the structure may be different.
+            "a_key": "", # Properties of the object. Contains field @type with type URL.
+          },
+          "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+        },
+      },
       "subject": [
         {
-          "digest": { # "": ""
+          "digest": { # "": "" Algorithms can be e.g. sha256, sha512 See https://github.com/in-toto/attestation/blob/main/spec/field_types.md#DigestSet
             "a_key": "A String",
           },
           "name": "A String",
         },
       ],
-      "type": "A String", # Always "https://in-toto.io/Statement/v0.1".
     },
   },
   "envelope": { # MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type. # https://github.com/secure-systems-lab/dsse
@@ -1799,7 +2263,7 @@ 
Method Details

     ],
   },
   "build": { # Details of a build occurrence. # Describes a verifiable build.
-    "intotoProvenance": { # In-toto Provenance representation as defined in spec.
+    "intotoProvenance": { # Deprecated. See InTotoStatement for the replacement. In-toto Provenance representation as defined in spec.
       "builderConfig": { # required
         "id": "A String",
       },
@@ -1833,7 +2297,88 @@ 
Method Details

         "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
       },
     },
-    "provenance": { # Provenance of a build. Contains all information needed to verify the full details about the build from source to completion. # Required. The actual provenance for the build.
+    "intotoStatement": { # Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload. Envelope.payloadType is always "application/vnd.in-toto+json". # In-toto Statement representation as defined in spec. The intoto_statement can contain any type of provenance. The serialized payload of the statement can be stored and signed in the Occurrence's envelope.
+      "_type": "A String", # Always "https://in-toto.io/Statement/v0.1".
+      "predicateType": "A String", # "https://slsa.dev/provenance/v0.1" for SlsaProvenance.
+      "provenance": {
+        "builderConfig": { # required
+          "id": "A String",
+        },
+        "materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
+          "A String",
+        ],
+        "metadata": { # Other properties of the build.
+          "buildFinishedOn": "A String", # The timestamp of when the build completed.
+          "buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
+          "buildStartedOn": "A String", # The timestamp of when the build started.
+          "completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
+            "arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
+            "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
+            "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
+          },
+          "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+        },
+        "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
+          "arguments": [ # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Since the arguments field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+            {
+              "a_key": "", # Properties of the object. Contains field @type with type URL.
+            },
+          ],
+          "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+          "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+          "environment": [ # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Since the environment field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+            {
+              "a_key": "", # Properties of the object. Contains field @type with type URL.
+            },
+          ],
+          "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+        },
+      },
+      "slsaProvenance": {
+        "builder": { # required
+          "id": "A String",
+        },
+        "materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
+          {
+            "digest": {
+              "a_key": "A String",
+            },
+            "uri": "A String",
+          },
+        ],
+        "metadata": { # Other properties of the build.
+          "buildFinishedOn": "A String", # The timestamp of when the build completed.
+          "buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
+          "buildStartedOn": "A String", # The timestamp of when the build started.
+          "completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
+            "arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
+            "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
+            "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
+          },
+          "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+        },
+        "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
+          "arguments": { # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Depending on the recipe Type, the structure may be different.
+            "a_key": "", # Properties of the object. Contains field @type with type URL.
+          },
+          "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+          "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+          "environment": { # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Depending on the recipe Type, the structure may be different.
+            "a_key": "", # Properties of the object. Contains field @type with type URL.
+          },
+          "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+        },
+      },
+      "subject": [
+        {
+          "digest": { # "": "" Algorithms can be e.g. sha256, sha512 See https://github.com/in-toto/attestation/blob/main/spec/field_types.md#DigestSet
+            "a_key": "A String",
+          },
+          "name": "A String",
+        },
+      ],
+    },
+    "provenance": { # Provenance of a build. Contains all information needed to verify the full details about the build from source to completion. # The actual provenance for the build.
       "buildOptions": { # Special options applied to this build. This is a catch-all field where build providers can enter any desired additional details.
         "a_key": "A String",
       },
@@ -1990,7 +2535,7 @@ 
Method Details

     "cpe": "A String", # The CPE of the resource being scanned.
     "lastScanTime": "A String", # The last time this resource was scanned.
   },
-  "dsseAttestation": { # Describes an attestation of an artifact using dsse.
+  "dsseAttestation": { # Deprecated. Prefer to use a regular Occurrence, and populate the Envelope at the top level of the Occurrence. # Describes an attestation of an artifact using dsse.
     "envelope": { # MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type. # If doing something security critical, make sure to verify the signatures in this metadata.
       "payload": "A String",
       "payloadType": "A String",
@@ -2002,7 +2547,8 @@ 
Method Details

       ],
     },
     "statement": { # Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload. Envelope.payloadType is always "application/vnd.in-toto+json".
-      "predicateType": "A String", # "https://in-toto.io/Provenance/v0.1" for InTotoProvenance.
+      "_type": "A String", # Always "https://in-toto.io/Statement/v0.1".
+      "predicateType": "A String", # "https://slsa.dev/provenance/v0.1" for SlsaProvenance.
       "provenance": {
         "builderConfig": { # required
           "id": "A String",
@@ -2037,15 +2583,49 @@ 
Method Details

           "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
         },
       },
+      "slsaProvenance": {
+        "builder": { # required
+          "id": "A String",
+        },
+        "materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
+          {
+            "digest": {
+              "a_key": "A String",
+            },
+            "uri": "A String",
+          },
+        ],
+        "metadata": { # Other properties of the build.
+          "buildFinishedOn": "A String", # The timestamp of when the build completed.
+          "buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
+          "buildStartedOn": "A String", # The timestamp of when the build started.
+          "completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
+            "arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
+            "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
+            "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
+          },
+          "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+        },
+        "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
+          "arguments": { # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Depending on the recipe Type, the structure may be different.
+            "a_key": "", # Properties of the object. Contains field @type with type URL.
+          },
+          "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+          "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+          "environment": { # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Depending on the recipe Type, the structure may be different.
+            "a_key": "", # Properties of the object. Contains field @type with type URL.
+          },
+          "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+        },
+      },
       "subject": [
         {
-          "digest": { # "": ""
+          "digest": { # "": "" Algorithms can be e.g. sha256, sha512 See https://github.com/in-toto/attestation/blob/main/spec/field_types.md#DigestSet
             "a_key": "A String",
           },
           "name": "A String",
         },
       ],
-      "type": "A String", # Always "https://in-toto.io/Statement/v0.1".
     },
   },
   "envelope": { # MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type. # https://github.com/secure-systems-lab/dsse
@@ -2192,7 +2772,7 @@ 
Method Details

 
 { # Request message for `GetIamPolicy` method.
   "options": { # Encapsulates settings provided to GetIamPolicy. # OPTIONAL: A `GetPolicyOptions` object for specifying options to `GetIamPolicy`.
-    "requestedPolicyVersion": 42, # Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+    "requestedPolicyVersion": 42, # Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   },
 }
 
@@ -2499,7 +3079,7 @@ 
Method Details

         ],
       },
       "build": { # Details of a build occurrence. # Describes a verifiable build.
-        "intotoProvenance": { # In-toto Provenance representation as defined in spec.
+        "intotoProvenance": { # Deprecated. See InTotoStatement for the replacement. In-toto Provenance representation as defined in spec.
           "builderConfig": { # required
             "id": "A String",
           },
@@ -2515,25 +3095,106 @@ 
Method Details

               "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
               "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
             },
-            "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
-          },
-          "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
-            "arguments": [ # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Since the arguments field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
-              {
+            "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+          },
+          "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
+            "arguments": [ # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Since the arguments field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+              {
+                "a_key": "", # Properties of the object. Contains field @type with type URL.
+              },
+            ],
+            "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+            "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+            "environment": [ # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Since the environment field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+              {
+                "a_key": "", # Properties of the object. Contains field @type with type URL.
+              },
+            ],
+            "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+          },
+        },
+        "intotoStatement": { # Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload. Envelope.payloadType is always "application/vnd.in-toto+json". # In-toto Statement representation as defined in spec. The intoto_statement can contain any type of provenance. The serialized payload of the statement can be stored and signed in the Occurrence's envelope.
+          "_type": "A String", # Always "https://in-toto.io/Statement/v0.1".
+          "predicateType": "A String", # "https://slsa.dev/provenance/v0.1" for SlsaProvenance.
+          "provenance": {
+            "builderConfig": { # required
+              "id": "A String",
+            },
+            "materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
+              "A String",
+            ],
+            "metadata": { # Other properties of the build.
+              "buildFinishedOn": "A String", # The timestamp of when the build completed.
+              "buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
+              "buildStartedOn": "A String", # The timestamp of when the build started.
+              "completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
+                "arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
+                "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
+                "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
+              },
+              "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+            },
+            "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
+              "arguments": [ # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Since the arguments field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+                {
+                  "a_key": "", # Properties of the object. Contains field @type with type URL.
+                },
+              ],
+              "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+              "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+              "environment": [ # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Since the environment field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+                {
+                  "a_key": "", # Properties of the object. Contains field @type with type URL.
+                },
+              ],
+              "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+            },
+          },
+          "slsaProvenance": {
+            "builder": { # required
+              "id": "A String",
+            },
+            "materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
+              {
+                "digest": {
+                  "a_key": "A String",
+                },
+                "uri": "A String",
+              },
+            ],
+            "metadata": { # Other properties of the build.
+              "buildFinishedOn": "A String", # The timestamp of when the build completed.
+              "buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
+              "buildStartedOn": "A String", # The timestamp of when the build started.
+              "completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
+                "arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
+                "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
+                "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
+              },
+              "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+            },
+            "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
+              "arguments": { # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Depending on the recipe Type, the structure may be different.
                 "a_key": "", # Properties of the object. Contains field @type with type URL.
               },
-            ],
-            "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
-            "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
-            "environment": [ # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Since the environment field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
-              {
+              "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+              "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+              "environment": { # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Depending on the recipe Type, the structure may be different.
                 "a_key": "", # Properties of the object. Contains field @type with type URL.
               },
-            ],
-            "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+              "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+            },
           },
+          "subject": [
+            {
+              "digest": { # "": "" Algorithms can be e.g. sha256, sha512 See https://github.com/in-toto/attestation/blob/main/spec/field_types.md#DigestSet
+                "a_key": "A String",
+              },
+              "name": "A String",
+            },
+          ],
         },
-        "provenance": { # Provenance of a build. Contains all information needed to verify the full details about the build from source to completion. # Required. The actual provenance for the build.
+        "provenance": { # Provenance of a build. Contains all information needed to verify the full details about the build from source to completion. # The actual provenance for the build.
           "buildOptions": { # Special options applied to this build. This is a catch-all field where build providers can enter any desired additional details.
             "a_key": "A String",
           },
@@ -2690,7 +3351,7 @@ 
Method Details

         "cpe": "A String", # The CPE of the resource being scanned.
         "lastScanTime": "A String", # The last time this resource was scanned.
       },
-      "dsseAttestation": { # Describes an attestation of an artifact using dsse.
+      "dsseAttestation": { # Deprecated. Prefer to use a regular Occurrence, and populate the Envelope at the top level of the Occurrence. # Describes an attestation of an artifact using dsse.
         "envelope": { # MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type. # If doing something security critical, make sure to verify the signatures in this metadata.
           "payload": "A String",
           "payloadType": "A String",
@@ -2702,7 +3363,8 @@ 
Method Details

           ],
         },
         "statement": { # Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload. Envelope.payloadType is always "application/vnd.in-toto+json".
-          "predicateType": "A String", # "https://in-toto.io/Provenance/v0.1" for InTotoProvenance.
+          "_type": "A String", # Always "https://in-toto.io/Statement/v0.1".
+          "predicateType": "A String", # "https://slsa.dev/provenance/v0.1" for SlsaProvenance.
           "provenance": {
             "builderConfig": { # required
               "id": "A String",
@@ -2737,15 +3399,49 @@ 
Method Details

               "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
             },
           },
+          "slsaProvenance": {
+            "builder": { # required
+              "id": "A String",
+            },
+            "materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
+              {
+                "digest": {
+                  "a_key": "A String",
+                },
+                "uri": "A String",
+              },
+            ],
+            "metadata": { # Other properties of the build.
+              "buildFinishedOn": "A String", # The timestamp of when the build completed.
+              "buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
+              "buildStartedOn": "A String", # The timestamp of when the build started.
+              "completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
+                "arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
+                "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
+                "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
+              },
+              "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+            },
+            "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
+              "arguments": { # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Depending on the recipe Type, the structure may be different.
+                "a_key": "", # Properties of the object. Contains field @type with type URL.
+              },
+              "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+              "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+              "environment": { # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Depending on the recipe Type, the structure may be different.
+                "a_key": "", # Properties of the object. Contains field @type with type URL.
+              },
+              "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+            },
+          },
           "subject": [
             {
-              "digest": { # "": ""
+              "digest": { # "": "" Algorithms can be e.g. sha256, sha512 See https://github.com/in-toto/attestation/blob/main/spec/field_types.md#DigestSet
                 "a_key": "A String",
               },
               "name": "A String",
             },
           ],
-          "type": "A String", # Always "https://in-toto.io/Statement/v0.1".
         },
       },
       "envelope": { # MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type. # https://github.com/secure-systems-lab/dsse
@@ -2922,7 +3618,7 @@ 
Method Details

     ],
   },
   "build": { # Details of a build occurrence. # Describes a verifiable build.
-    "intotoProvenance": { # In-toto Provenance representation as defined in spec.
+    "intotoProvenance": { # Deprecated. See InTotoStatement for the replacement. In-toto Provenance representation as defined in spec.
       "builderConfig": { # required
         "id": "A String",
       },
@@ -2956,7 +3652,88 @@ 
Method Details

         "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
       },
     },
-    "provenance": { # Provenance of a build. Contains all information needed to verify the full details about the build from source to completion. # Required. The actual provenance for the build.
+    "intotoStatement": { # Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload. Envelope.payloadType is always "application/vnd.in-toto+json". # In-toto Statement representation as defined in spec. The intoto_statement can contain any type of provenance. The serialized payload of the statement can be stored and signed in the Occurrence's envelope.
+      "_type": "A String", # Always "https://in-toto.io/Statement/v0.1".
+      "predicateType": "A String", # "https://slsa.dev/provenance/v0.1" for SlsaProvenance.
+      "provenance": {
+        "builderConfig": { # required
+          "id": "A String",
+        },
+        "materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
+          "A String",
+        ],
+        "metadata": { # Other properties of the build.
+          "buildFinishedOn": "A String", # The timestamp of when the build completed.
+          "buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
+          "buildStartedOn": "A String", # The timestamp of when the build started.
+          "completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
+            "arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
+            "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
+            "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
+          },
+          "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+        },
+        "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
+          "arguments": [ # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Since the arguments field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+            {
+              "a_key": "", # Properties of the object. Contains field @type with type URL.
+            },
+          ],
+          "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+          "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+          "environment": [ # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Since the environment field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+            {
+              "a_key": "", # Properties of the object. Contains field @type with type URL.
+            },
+          ],
+          "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+        },
+      },
+      "slsaProvenance": {
+        "builder": { # required
+          "id": "A String",
+        },
+        "materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
+          {
+            "digest": {
+              "a_key": "A String",
+            },
+            "uri": "A String",
+          },
+        ],
+        "metadata": { # Other properties of the build.
+          "buildFinishedOn": "A String", # The timestamp of when the build completed.
+          "buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
+          "buildStartedOn": "A String", # The timestamp of when the build started.
+          "completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
+            "arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
+            "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
+            "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
+          },
+          "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+        },
+        "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
+          "arguments": { # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Depending on the recipe Type, the structure may be different.
+            "a_key": "", # Properties of the object. Contains field @type with type URL.
+          },
+          "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+          "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+          "environment": { # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Depending on the recipe Type, the structure may be different.
+            "a_key": "", # Properties of the object. Contains field @type with type URL.
+          },
+          "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+        },
+      },
+      "subject": [
+        {
+          "digest": { # "": "" Algorithms can be e.g. sha256, sha512 See https://github.com/in-toto/attestation/blob/main/spec/field_types.md#DigestSet
+            "a_key": "A String",
+          },
+          "name": "A String",
+        },
+      ],
+    },
+    "provenance": { # Provenance of a build. Contains all information needed to verify the full details about the build from source to completion. # The actual provenance for the build.
       "buildOptions": { # Special options applied to this build. This is a catch-all field where build providers can enter any desired additional details.
         "a_key": "A String",
       },
@@ -3113,7 +3890,7 @@ 
Method Details

     "cpe": "A String", # The CPE of the resource being scanned.
     "lastScanTime": "A String", # The last time this resource was scanned.
   },
-  "dsseAttestation": { # Describes an attestation of an artifact using dsse.
+  "dsseAttestation": { # Deprecated. Prefer to use a regular Occurrence, and populate the Envelope at the top level of the Occurrence. # Describes an attestation of an artifact using dsse.
     "envelope": { # MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type. # If doing something security critical, make sure to verify the signatures in this metadata.
       "payload": "A String",
       "payloadType": "A String",
@@ -3125,7 +3902,8 @@ 
Method Details

       ],
     },
     "statement": { # Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload. Envelope.payloadType is always "application/vnd.in-toto+json".
-      "predicateType": "A String", # "https://in-toto.io/Provenance/v0.1" for InTotoProvenance.
+      "_type": "A String", # Always "https://in-toto.io/Statement/v0.1".
+      "predicateType": "A String", # "https://slsa.dev/provenance/v0.1" for SlsaProvenance.
       "provenance": {
         "builderConfig": { # required
           "id": "A String",
@@ -3160,15 +3938,49 @@ 
Method Details

           "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
         },
       },
+      "slsaProvenance": {
+        "builder": { # required
+          "id": "A String",
+        },
+        "materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
+          {
+            "digest": {
+              "a_key": "A String",
+            },
+            "uri": "A String",
+          },
+        ],
+        "metadata": { # Other properties of the build.
+          "buildFinishedOn": "A String", # The timestamp of when the build completed.
+          "buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
+          "buildStartedOn": "A String", # The timestamp of when the build started.
+          "completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
+            "arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
+            "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
+            "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
+          },
+          "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+        },
+        "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
+          "arguments": { # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Depending on the recipe Type, the structure may be different.
+            "a_key": "", # Properties of the object. Contains field @type with type URL.
+          },
+          "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+          "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+          "environment": { # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Depending on the recipe Type, the structure may be different.
+            "a_key": "", # Properties of the object. Contains field @type with type URL.
+          },
+          "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+        },
+      },
       "subject": [
         {
-          "digest": { # "": ""
+          "digest": { # "": "" Algorithms can be e.g. sha256, sha512 See https://github.com/in-toto/attestation/blob/main/spec/field_types.md#DigestSet
             "a_key": "A String",
           },
           "name": "A String",
         },
       ],
-      "type": "A String", # Always "https://in-toto.io/Statement/v0.1".
     },
   },
   "envelope": { # MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type. # https://github.com/secure-systems-lab/dsse
@@ -3328,7 +4140,7 @@ 
Method Details

     ],
   },
   "build": { # Details of a build occurrence. # Describes a verifiable build.
-    "intotoProvenance": { # In-toto Provenance representation as defined in spec.
+    "intotoProvenance": { # Deprecated. See InTotoStatement for the replacement. In-toto Provenance representation as defined in spec.
       "builderConfig": { # required
         "id": "A String",
       },
@@ -3362,7 +4174,88 @@ 
Method Details

         "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
       },
     },
-    "provenance": { # Provenance of a build. Contains all information needed to verify the full details about the build from source to completion. # Required. The actual provenance for the build.
+    "intotoStatement": { # Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload. Envelope.payloadType is always "application/vnd.in-toto+json". # In-toto Statement representation as defined in spec. The intoto_statement can contain any type of provenance. The serialized payload of the statement can be stored and signed in the Occurrence's envelope.
+      "_type": "A String", # Always "https://in-toto.io/Statement/v0.1".
+      "predicateType": "A String", # "https://slsa.dev/provenance/v0.1" for SlsaProvenance.
+      "provenance": {
+        "builderConfig": { # required
+          "id": "A String",
+        },
+        "materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
+          "A String",
+        ],
+        "metadata": { # Other properties of the build.
+          "buildFinishedOn": "A String", # The timestamp of when the build completed.
+          "buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
+          "buildStartedOn": "A String", # The timestamp of when the build started.
+          "completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
+            "arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
+            "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
+            "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
+          },
+          "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+        },
+        "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
+          "arguments": [ # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Since the arguments field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+            {
+              "a_key": "", # Properties of the object. Contains field @type with type URL.
+            },
+          ],
+          "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+          "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+          "environment": [ # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Since the environment field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+            {
+              "a_key": "", # Properties of the object. Contains field @type with type URL.
+            },
+          ],
+          "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+        },
+      },
+      "slsaProvenance": {
+        "builder": { # required
+          "id": "A String",
+        },
+        "materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
+          {
+            "digest": {
+              "a_key": "A String",
+            },
+            "uri": "A String",
+          },
+        ],
+        "metadata": { # Other properties of the build.
+          "buildFinishedOn": "A String", # The timestamp of when the build completed.
+          "buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
+          "buildStartedOn": "A String", # The timestamp of when the build started.
+          "completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
+            "arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
+            "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
+            "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
+          },
+          "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+        },
+        "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
+          "arguments": { # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Depending on the recipe Type, the structure may be different.
+            "a_key": "", # Properties of the object. Contains field @type with type URL.
+          },
+          "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+          "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+          "environment": { # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Depending on the recipe Type, the structure may be different.
+            "a_key": "", # Properties of the object. Contains field @type with type URL.
+          },
+          "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+        },
+      },
+      "subject": [
+        {
+          "digest": { # "": "" Algorithms can be e.g. sha256, sha512 See https://github.com/in-toto/attestation/blob/main/spec/field_types.md#DigestSet
+            "a_key": "A String",
+          },
+          "name": "A String",
+        },
+      ],
+    },
+    "provenance": { # Provenance of a build. Contains all information needed to verify the full details about the build from source to completion. # The actual provenance for the build.
       "buildOptions": { # Special options applied to this build. This is a catch-all field where build providers can enter any desired additional details.
         "a_key": "A String",
       },
@@ -3519,7 +4412,7 @@ 
Method Details

     "cpe": "A String", # The CPE of the resource being scanned.
     "lastScanTime": "A String", # The last time this resource was scanned.
   },
-  "dsseAttestation": { # Describes an attestation of an artifact using dsse.
+  "dsseAttestation": { # Deprecated. Prefer to use a regular Occurrence, and populate the Envelope at the top level of the Occurrence. # Describes an attestation of an artifact using dsse.
     "envelope": { # MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type. # If doing something security critical, make sure to verify the signatures in this metadata.
       "payload": "A String",
       "payloadType": "A String",
@@ -3531,7 +4424,8 @@ 
Method Details

       ],
     },
     "statement": { # Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload. Envelope.payloadType is always "application/vnd.in-toto+json".
-      "predicateType": "A String", # "https://in-toto.io/Provenance/v0.1" for InTotoProvenance.
+      "_type": "A String", # Always "https://in-toto.io/Statement/v0.1".
+      "predicateType": "A String", # "https://slsa.dev/provenance/v0.1" for SlsaProvenance.
       "provenance": {
         "builderConfig": { # required
           "id": "A String",
@@ -3566,15 +4460,49 @@ 
Method Details

           "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
         },
       },
+      "slsaProvenance": {
+        "builder": { # required
+          "id": "A String",
+        },
+        "materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
+          {
+            "digest": {
+              "a_key": "A String",
+            },
+            "uri": "A String",
+          },
+        ],
+        "metadata": { # Other properties of the build.
+          "buildFinishedOn": "A String", # The timestamp of when the build completed.
+          "buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
+          "buildStartedOn": "A String", # The timestamp of when the build started.
+          "completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
+            "arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
+            "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
+            "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
+          },
+          "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+        },
+        "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
+          "arguments": { # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Depending on the recipe Type, the structure may be different.
+            "a_key": "", # Properties of the object. Contains field @type with type URL.
+          },
+          "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+          "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+          "environment": { # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Depending on the recipe Type, the structure may be different.
+            "a_key": "", # Properties of the object. Contains field @type with type URL.
+          },
+          "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+        },
+      },
       "subject": [
         {
-          "digest": { # "": ""
+          "digest": { # "": "" Algorithms can be e.g. sha256, sha512 See https://github.com/in-toto/attestation/blob/main/spec/field_types.md#DigestSet
             "a_key": "A String",
           },
           "name": "A String",
         },
       ],
-      "type": "A String", # Always "https://in-toto.io/Statement/v0.1".
     },
   },
   "envelope": { # MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type. # https://github.com/secure-systems-lab/dsse
diff --git a/docs/dyn/containeranalysis_v1alpha1.projects.notes.html b/docs/dyn/containeranalysis_v1alpha1.projects.notes.html
index a5198d18272..05d505e465c 100644
--- a/docs/dyn/containeranalysis_v1alpha1.projects.notes.html
+++ b/docs/dyn/containeranalysis_v1alpha1.projects.notes.html
@@ -764,7 +764,7 @@ 
Method Details

 
 { # Request message for `GetIamPolicy` method.
   "options": { # Encapsulates settings provided to GetIamPolicy. # OPTIONAL: A `GetPolicyOptions` object for specifying options to `GetIamPolicy`.
-    "requestedPolicyVersion": 42, # Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+    "requestedPolicyVersion": 42, # Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   },
 }
 
diff --git a/docs/dyn/containeranalysis_v1alpha1.projects.notes.occurrences.html b/docs/dyn/containeranalysis_v1alpha1.projects.notes.occurrences.html
index 06ef16ff2f2..c40b88200a7 100644
--- a/docs/dyn/containeranalysis_v1alpha1.projects.notes.occurrences.html
+++ b/docs/dyn/containeranalysis_v1alpha1.projects.notes.occurrences.html
@@ -373,8 +373,9 @@ 
Method Details

           ],
         },
         "statement": { # Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload. Envelope.payloadType is always "application/vnd.in-toto+json".
-          "predicateType": "A String", # "https://in-toto.io/Provenance/v0.1" for InTotoProvenance.
-          "provenance": {
+          "_type": "A String", # Always "https://in-toto.io/Statement/v0.1".
+          "predicateType": "A String", # "https://slsa.dev/provenance/v0.1" for SlsaProvenance.
+          "provenance": { # provenance is a predicate of type intotoprovenance
             "builderConfig": { # required
               "id": "A String",
             },
@@ -408,15 +409,49 @@ 
Method Details

               "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
             },
           },
-          "subject": [
-            {
-              "digest": { # "": ""
+          "slsaProvenance": { # SlsaProvenance is the slsa provenance as defined by the slsa spec. # slsa_provenance is a predicate of type slsaProvenance
+            "builder": { # SlsaBuilder encapsulates the identity of the builder of this provenance. # builder is the builder of this provenance
+              "id": "A String", # id is the id of the slsa provenance builder
+            },
+            "materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
+              { # Material is a material used in the generation of the provenance
+                "digest": { # digest is a map from a hash algorithm (e.g. sha256) to the value in the material
+                  "a_key": "A String",
+                },
+                "uri": "A String", # uri is the uri of the material
+              },
+            ],
+            "metadata": { # Other properties of the build. # metadata is the metadata of the provenance
+              "buildFinishedOn": "A String", # The timestamp of when the build completed.
+              "buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
+              "buildStartedOn": "A String", # The timestamp of when the build started.
+              "completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
+                "arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
+                "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
+                "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
+              },
+              "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+            },
+            "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible).
+              "arguments": { # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Depending on the recipe Type, the structure may be different.
+                "a_key": "", # Properties of the object. Contains field @type with type URL.
+              },
+              "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+              "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+              "environment": { # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Depending on the recipe Type, the structure may be different.
+                "a_key": "", # Properties of the object. Contains field @type with type URL.
+              },
+              "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+            },
+          },
+          "subject": [ # subject is the subjects of the intoto statement
+            { # Subject refers to the subject of the intoto statement
+              "digest": { # "": "" Algorithms can be e.g. sha256, sha512 See https://github.com/in-toto/attestation/blob/main/spec/field_types.md#DigestSet
                 "a_key": "A String",
               },
-              "name": "A String",
+              "name": "A String", # name is the name of the Subject used here
             },
           ],
-          "type": "A String", # Always "https://in-toto.io/Statement/v0.1".
         },
       },
       "envelope": { # MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type. # https://github.com/secure-systems-lab/dsse
diff --git a/docs/dyn/containeranalysis_v1alpha1.projects.occurrences.html b/docs/dyn/containeranalysis_v1alpha1.projects.occurrences.html
index 59622299e0a..72932c1d248 100644
--- a/docs/dyn/containeranalysis_v1alpha1.projects.occurrences.html
+++ b/docs/dyn/containeranalysis_v1alpha1.projects.occurrences.html
@@ -389,8 +389,9 @@ 
Method Details

       ],
     },
     "statement": { # Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload. Envelope.payloadType is always "application/vnd.in-toto+json".
-      "predicateType": "A String", # "https://in-toto.io/Provenance/v0.1" for InTotoProvenance.
-      "provenance": {
+      "_type": "A String", # Always "https://in-toto.io/Statement/v0.1".
+      "predicateType": "A String", # "https://slsa.dev/provenance/v0.1" for SlsaProvenance.
+      "provenance": { # provenance is a predicate of type intotoprovenance
         "builderConfig": { # required
           "id": "A String",
         },
@@ -424,15 +425,49 @@ 
Method Details

           "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
         },
       },
-      "subject": [
-        {
-          "digest": { # "": ""
+      "slsaProvenance": { # SlsaProvenance is the slsa provenance as defined by the slsa spec. # slsa_provenance is a predicate of type slsaProvenance
+        "builder": { # SlsaBuilder encapsulates the identity of the builder of this provenance. # builder is the builder of this provenance
+          "id": "A String", # id is the id of the slsa provenance builder
+        },
+        "materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
+          { # Material is a material used in the generation of the provenance
+            "digest": { # digest is a map from a hash algorithm (e.g. sha256) to the value in the material
+              "a_key": "A String",
+            },
+            "uri": "A String", # uri is the uri of the material
+          },
+        ],
+        "metadata": { # Other properties of the build. # metadata is the metadata of the provenance
+          "buildFinishedOn": "A String", # The timestamp of when the build completed.
+          "buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
+          "buildStartedOn": "A String", # The timestamp of when the build started.
+          "completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
+            "arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
+            "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
+            "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
+          },
+          "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+        },
+        "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible).
+          "arguments": { # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Depending on the recipe Type, the structure may be different.
+            "a_key": "", # Properties of the object. Contains field @type with type URL.
+          },
+          "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+          "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+          "environment": { # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Depending on the recipe Type, the structure may be different.
+            "a_key": "", # Properties of the object. Contains field @type with type URL.
+          },
+          "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+        },
+      },
+      "subject": [ # subject is the subjects of the intoto statement
+        { # Subject refers to the subject of the intoto statement
+          "digest": { # "": "" Algorithms can be e.g. sha256, sha512 See https://github.com/in-toto/attestation/blob/main/spec/field_types.md#DigestSet
             "a_key": "A String",
           },
-          "name": "A String",
+          "name": "A String", # name is the name of the Subject used here
         },
       ],
-      "type": "A String", # Always "https://in-toto.io/Statement/v0.1".
     },
   },
   "envelope": { # MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type. # https://github.com/secure-systems-lab/dsse
@@ -858,8 +893,9 @@ 
Method Details

       ],
     },
     "statement": { # Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload. Envelope.payloadType is always "application/vnd.in-toto+json".
-      "predicateType": "A String", # "https://in-toto.io/Provenance/v0.1" for InTotoProvenance.
-      "provenance": {
+      "_type": "A String", # Always "https://in-toto.io/Statement/v0.1".
+      "predicateType": "A String", # "https://slsa.dev/provenance/v0.1" for SlsaProvenance.
+      "provenance": { # provenance is a predicate of type intotoprovenance
         "builderConfig": { # required
           "id": "A String",
         },
@@ -893,15 +929,49 @@ 
Method Details

           "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
         },
       },
-      "subject": [
-        {
-          "digest": { # "": ""
+      "slsaProvenance": { # SlsaProvenance is the slsa provenance as defined by the slsa spec. # slsa_provenance is a predicate of type slsaProvenance
+        "builder": { # SlsaBuilder encapsulates the identity of the builder of this provenance. # builder is the builder of this provenance
+          "id": "A String", # id is the id of the slsa provenance builder
+        },
+        "materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
+          { # Material is a material used in the generation of the provenance
+            "digest": { # digest is a map from a hash algorithm (e.g. sha256) to the value in the material
+              "a_key": "A String",
+            },
+            "uri": "A String", # uri is the uri of the material
+          },
+        ],
+        "metadata": { # Other properties of the build. # metadata is the metadata of the provenance
+          "buildFinishedOn": "A String", # The timestamp of when the build completed.
+          "buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
+          "buildStartedOn": "A String", # The timestamp of when the build started.
+          "completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
+            "arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
+            "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
+            "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
+          },
+          "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+        },
+        "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible).
+          "arguments": { # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Depending on the recipe Type, the structure may be different.
+            "a_key": "", # Properties of the object. Contains field @type with type URL.
+          },
+          "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+          "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+          "environment": { # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Depending on the recipe Type, the structure may be different.
+            "a_key": "", # Properties of the object. Contains field @type with type URL.
+          },
+          "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+        },
+      },
+      "subject": [ # subject is the subjects of the intoto statement
+        { # Subject refers to the subject of the intoto statement
+          "digest": { # "": "" Algorithms can be e.g. sha256, sha512 See https://github.com/in-toto/attestation/blob/main/spec/field_types.md#DigestSet
             "a_key": "A String",
           },
-          "name": "A String",
+          "name": "A String", # name is the name of the Subject used here
         },
       ],
-      "type": "A String", # Always "https://in-toto.io/Statement/v0.1".
     },
   },
   "envelope": { # MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type. # https://github.com/secure-systems-lab/dsse
@@ -1351,8 +1421,9 @@ 
Method Details

       ],
     },
     "statement": { # Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload. Envelope.payloadType is always "application/vnd.in-toto+json".
-      "predicateType": "A String", # "https://in-toto.io/Provenance/v0.1" for InTotoProvenance.
-      "provenance": {
+      "_type": "A String", # Always "https://in-toto.io/Statement/v0.1".
+      "predicateType": "A String", # "https://slsa.dev/provenance/v0.1" for SlsaProvenance.
+      "provenance": { # provenance is a predicate of type intotoprovenance
         "builderConfig": { # required
           "id": "A String",
         },
@@ -1386,15 +1457,49 @@ 
Method Details

           "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
         },
       },
-      "subject": [
-        {
-          "digest": { # "": ""
+      "slsaProvenance": { # SlsaProvenance is the slsa provenance as defined by the slsa spec. # slsa_provenance is a predicate of type slsaProvenance
+        "builder": { # SlsaBuilder encapsulates the identity of the builder of this provenance. # builder is the builder of this provenance
+          "id": "A String", # id is the id of the slsa provenance builder
+        },
+        "materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
+          { # Material is a material used in the generation of the provenance
+            "digest": { # digest is a map from a hash algorithm (e.g. sha256) to the value in the material
+              "a_key": "A String",
+            },
+            "uri": "A String", # uri is the uri of the material
+          },
+        ],
+        "metadata": { # Other properties of the build. # metadata is the metadata of the provenance
+          "buildFinishedOn": "A String", # The timestamp of when the build completed.
+          "buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
+          "buildStartedOn": "A String", # The timestamp of when the build started.
+          "completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
+            "arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
+            "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
+            "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
+          },
+          "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+        },
+        "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible).
+          "arguments": { # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Depending on the recipe Type, the structure may be different.
+            "a_key": "", # Properties of the object. Contains field @type with type URL.
+          },
+          "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+          "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+          "environment": { # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Depending on the recipe Type, the structure may be different.
+            "a_key": "", # Properties of the object. Contains field @type with type URL.
+          },
+          "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+        },
+      },
+      "subject": [ # subject is the subjects of the intoto statement
+        { # Subject refers to the subject of the intoto statement
+          "digest": { # "": "" Algorithms can be e.g. sha256, sha512 See https://github.com/in-toto/attestation/blob/main/spec/field_types.md#DigestSet
             "a_key": "A String",
           },
-          "name": "A String",
+          "name": "A String", # name is the name of the Subject used here
         },
       ],
-      "type": "A String", # Always "https://in-toto.io/Statement/v0.1".
     },
   },
   "envelope": { # MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type. # https://github.com/secure-systems-lab/dsse
@@ -1559,7 +1664,7 @@ 
Method Details

 
 { # Request message for `GetIamPolicy` method.
   "options": { # Encapsulates settings provided to GetIamPolicy. # OPTIONAL: A `GetPolicyOptions` object for specifying options to `GetIamPolicy`.
-    "requestedPolicyVersion": 42, # Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+    "requestedPolicyVersion": 42, # Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   },
 }
 
@@ -2128,8 +2233,9 @@ 
Method Details

           ],
         },
         "statement": { # Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload. Envelope.payloadType is always "application/vnd.in-toto+json".
-          "predicateType": "A String", # "https://in-toto.io/Provenance/v0.1" for InTotoProvenance.
-          "provenance": {
+          "_type": "A String", # Always "https://in-toto.io/Statement/v0.1".
+          "predicateType": "A String", # "https://slsa.dev/provenance/v0.1" for SlsaProvenance.
+          "provenance": { # provenance is a predicate of type intotoprovenance
             "builderConfig": { # required
               "id": "A String",
             },
@@ -2163,15 +2269,49 @@ 
Method Details

               "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
             },
           },
-          "subject": [
-            {
-              "digest": { # "": ""
+          "slsaProvenance": { # SlsaProvenance is the slsa provenance as defined by the slsa spec. # slsa_provenance is a predicate of type slsaProvenance
+            "builder": { # SlsaBuilder encapsulates the identity of the builder of this provenance. # builder is the builder of this provenance
+              "id": "A String", # id is the id of the slsa provenance builder
+            },
+            "materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
+              { # Material is a material used in the generation of the provenance
+                "digest": { # digest is a map from a hash algorithm (e.g. sha256) to the value in the material
+                  "a_key": "A String",
+                },
+                "uri": "A String", # uri is the uri of the material
+              },
+            ],
+            "metadata": { # Other properties of the build. # metadata is the metadata of the provenance
+              "buildFinishedOn": "A String", # The timestamp of when the build completed.
+              "buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
+              "buildStartedOn": "A String", # The timestamp of when the build started.
+              "completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
+                "arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
+                "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
+                "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
+              },
+              "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+            },
+            "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible).
+              "arguments": { # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Depending on the recipe Type, the structure may be different.
+                "a_key": "", # Properties of the object. Contains field @type with type URL.
+              },
+              "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+              "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+              "environment": { # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Depending on the recipe Type, the structure may be different.
+                "a_key": "", # Properties of the object. Contains field @type with type URL.
+              },
+              "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+            },
+          },
+          "subject": [ # subject is the subjects of the intoto statement
+            { # Subject refers to the subject of the intoto statement
+              "digest": { # "": "" Algorithms can be e.g. sha256, sha512 See https://github.com/in-toto/attestation/blob/main/spec/field_types.md#DigestSet
                 "a_key": "A String",
               },
-              "name": "A String",
+              "name": "A String", # name is the name of the Subject used here
             },
           ],
-          "type": "A String", # Always "https://in-toto.io/Statement/v0.1".
         },
       },
       "envelope": { # MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type. # https://github.com/secure-systems-lab/dsse
@@ -2614,8 +2754,9 @@ 
Method Details

       ],
     },
     "statement": { # Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload. Envelope.payloadType is always "application/vnd.in-toto+json".
-      "predicateType": "A String", # "https://in-toto.io/Provenance/v0.1" for InTotoProvenance.
-      "provenance": {
+      "_type": "A String", # Always "https://in-toto.io/Statement/v0.1".
+      "predicateType": "A String", # "https://slsa.dev/provenance/v0.1" for SlsaProvenance.
+      "provenance": { # provenance is a predicate of type intotoprovenance
         "builderConfig": { # required
           "id": "A String",
         },
@@ -2649,15 +2790,49 @@ 
Method Details

           "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
         },
       },
-      "subject": [
-        {
-          "digest": { # "": ""
+      "slsaProvenance": { # SlsaProvenance is the slsa provenance as defined by the slsa spec. # slsa_provenance is a predicate of type slsaProvenance
+        "builder": { # SlsaBuilder encapsulates the identity of the builder of this provenance. # builder is the builder of this provenance
+          "id": "A String", # id is the id of the slsa provenance builder
+        },
+        "materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
+          { # Material is a material used in the generation of the provenance
+            "digest": { # digest is a map from a hash algorithm (e.g. sha256) to the value in the material
+              "a_key": "A String",
+            },
+            "uri": "A String", # uri is the uri of the material
+          },
+        ],
+        "metadata": { # Other properties of the build. # metadata is the metadata of the provenance
+          "buildFinishedOn": "A String", # The timestamp of when the build completed.
+          "buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
+          "buildStartedOn": "A String", # The timestamp of when the build started.
+          "completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
+            "arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
+            "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
+            "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
+          },
+          "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+        },
+        "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible).
+          "arguments": { # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Depending on the recipe Type, the structure may be different.
+            "a_key": "", # Properties of the object. Contains field @type with type URL.
+          },
+          "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+          "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+          "environment": { # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Depending on the recipe Type, the structure may be different.
+            "a_key": "", # Properties of the object. Contains field @type with type URL.
+          },
+          "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+        },
+      },
+      "subject": [ # subject is the subjects of the intoto statement
+        { # Subject refers to the subject of the intoto statement
+          "digest": { # "": "" Algorithms can be e.g. sha256, sha512 See https://github.com/in-toto/attestation/blob/main/spec/field_types.md#DigestSet
             "a_key": "A String",
           },
-          "name": "A String",
+          "name": "A String", # name is the name of the Subject used here
         },
       ],
-      "type": "A String", # Always "https://in-toto.io/Statement/v0.1".
     },
   },
   "envelope": { # MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type. # https://github.com/secure-systems-lab/dsse
@@ -3083,8 +3258,9 @@ 
Method Details

       ],
     },
     "statement": { # Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload. Envelope.payloadType is always "application/vnd.in-toto+json".
-      "predicateType": "A String", # "https://in-toto.io/Provenance/v0.1" for InTotoProvenance.
-      "provenance": {
+      "_type": "A String", # Always "https://in-toto.io/Statement/v0.1".
+      "predicateType": "A String", # "https://slsa.dev/provenance/v0.1" for SlsaProvenance.
+      "provenance": { # provenance is a predicate of type intotoprovenance
         "builderConfig": { # required
           "id": "A String",
         },
@@ -3118,15 +3294,49 @@ 
Method Details

           "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
         },
       },
-      "subject": [
-        {
-          "digest": { # "": ""
+      "slsaProvenance": { # SlsaProvenance is the slsa provenance as defined by the slsa spec. # slsa_provenance is a predicate of type slsaProvenance
+        "builder": { # SlsaBuilder encapsulates the identity of the builder of this provenance. # builder is the builder of this provenance
+          "id": "A String", # id is the id of the slsa provenance builder
+        },
+        "materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
+          { # Material is a material used in the generation of the provenance
+            "digest": { # digest is a map from a hash algorithm (e.g. sha256) to the value in the material
+              "a_key": "A String",
+            },
+            "uri": "A String", # uri is the uri of the material
+          },
+        ],
+        "metadata": { # Other properties of the build. # metadata is the metadata of the provenance
+          "buildFinishedOn": "A String", # The timestamp of when the build completed.
+          "buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
+          "buildStartedOn": "A String", # The timestamp of when the build started.
+          "completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
+            "arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
+            "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
+            "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
+          },
+          "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+        },
+        "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible).
+          "arguments": { # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Depending on the recipe Type, the structure may be different.
+            "a_key": "", # Properties of the object. Contains field @type with type URL.
+          },
+          "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+          "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+          "environment": { # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Depending on the recipe Type, the structure may be different.
+            "a_key": "", # Properties of the object. Contains field @type with type URL.
+          },
+          "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+        },
+      },
+      "subject": [ # subject is the subjects of the intoto statement
+        { # Subject refers to the subject of the intoto statement
+          "digest": { # "": "" Algorithms can be e.g. sha256, sha512 See https://github.com/in-toto/attestation/blob/main/spec/field_types.md#DigestSet
             "a_key": "A String",
           },
-          "name": "A String",
+          "name": "A String", # name is the name of the Subject used here
         },
       ],
-      "type": "A String", # Always "https://in-toto.io/Statement/v0.1".
     },
   },
   "envelope": { # MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type. # https://github.com/secure-systems-lab/dsse
diff --git a/docs/dyn/containeranalysis_v1alpha1.providers.notes.html b/docs/dyn/containeranalysis_v1alpha1.providers.notes.html
index d702cbe9ab4..17509e49908 100644
--- a/docs/dyn/containeranalysis_v1alpha1.providers.notes.html
+++ b/docs/dyn/containeranalysis_v1alpha1.providers.notes.html
@@ -764,7 +764,7 @@ 
Method Details

 
 { # Request message for `GetIamPolicy` method.
   "options": { # Encapsulates settings provided to GetIamPolicy. # OPTIONAL: A `GetPolicyOptions` object for specifying options to `GetIamPolicy`.
-    "requestedPolicyVersion": 42, # Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+    "requestedPolicyVersion": 42, # Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   },
 }
 
diff --git a/docs/dyn/containeranalysis_v1alpha1.providers.notes.occurrences.html b/docs/dyn/containeranalysis_v1alpha1.providers.notes.occurrences.html
index d4fd73a8acc..0c6450438c0 100644
--- a/docs/dyn/containeranalysis_v1alpha1.providers.notes.occurrences.html
+++ b/docs/dyn/containeranalysis_v1alpha1.providers.notes.occurrences.html
@@ -373,8 +373,9 @@ 
Method Details

           ],
         },
         "statement": { # Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload. Envelope.payloadType is always "application/vnd.in-toto+json".
-          "predicateType": "A String", # "https://in-toto.io/Provenance/v0.1" for InTotoProvenance.
-          "provenance": {
+          "_type": "A String", # Always "https://in-toto.io/Statement/v0.1".
+          "predicateType": "A String", # "https://slsa.dev/provenance/v0.1" for SlsaProvenance.
+          "provenance": { # provenance is a predicate of type intotoprovenance
             "builderConfig": { # required
               "id": "A String",
             },
@@ -408,15 +409,49 @@ 
Method Details

               "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
             },
           },
-          "subject": [
-            {
-              "digest": { # "": ""
+          "slsaProvenance": { # SlsaProvenance is the slsa provenance as defined by the slsa spec. # slsa_provenance is a predicate of type slsaProvenance
+            "builder": { # SlsaBuilder encapsulates the identity of the builder of this provenance. # builder is the builder of this provenance
+              "id": "A String", # id is the id of the slsa provenance builder
+            },
+            "materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
+              { # Material is a material used in the generation of the provenance
+                "digest": { # digest is a map from a hash algorithm (e.g. sha256) to the value in the material
+                  "a_key": "A String",
+                },
+                "uri": "A String", # uri is the uri of the material
+              },
+            ],
+            "metadata": { # Other properties of the build. # metadata is the metadata of the provenance
+              "buildFinishedOn": "A String", # The timestamp of when the build completed.
+              "buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
+              "buildStartedOn": "A String", # The timestamp of when the build started.
+              "completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
+                "arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
+                "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
+                "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
+              },
+              "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+            },
+            "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible).
+              "arguments": { # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Depending on the recipe Type, the structure may be different.
+                "a_key": "", # Properties of the object. Contains field @type with type URL.
+              },
+              "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+              "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+              "environment": { # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Depending on the recipe Type, the structure may be different.
+                "a_key": "", # Properties of the object. Contains field @type with type URL.
+              },
+              "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+            },
+          },
+          "subject": [ # subject is the subjects of the intoto statement
+            { # Subject refers to the subject of the intoto statement
+              "digest": { # "": "" Algorithms can be e.g. sha256, sha512 See https://github.com/in-toto/attestation/blob/main/spec/field_types.md#DigestSet
                 "a_key": "A String",
               },
-              "name": "A String",
+              "name": "A String", # name is the name of the Subject used here
             },
           ],
-          "type": "A String", # Always "https://in-toto.io/Statement/v0.1".
         },
       },
       "envelope": { # MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type. # https://github.com/secure-systems-lab/dsse
diff --git a/docs/dyn/containeranalysis_v1beta1.projects.notes.html b/docs/dyn/containeranalysis_v1beta1.projects.notes.html
index a75ac71299e..8c01cd70005 100644
--- a/docs/dyn/containeranalysis_v1beta1.projects.notes.html
+++ b/docs/dyn/containeranalysis_v1beta1.projects.notes.html
@@ -1272,7 +1272,7 @@ 
Method Details

 
 { # Request message for `GetIamPolicy` method.
   "options": { # Encapsulates settings provided to GetIamPolicy. # OPTIONAL: A `GetPolicyOptions` object for specifying options to `GetIamPolicy`.
-    "requestedPolicyVersion": 42, # Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+    "requestedPolicyVersion": 42, # Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   },
 }
 
diff --git a/docs/dyn/containeranalysis_v1beta1.projects.occurrences.html b/docs/dyn/containeranalysis_v1beta1.projects.occurrences.html
index 207ce97014c..5685046ae09 100644
--- a/docs/dyn/containeranalysis_v1beta1.projects.occurrences.html
+++ b/docs/dyn/containeranalysis_v1beta1.projects.occurrences.html
@@ -2007,7 +2007,7 @@ 
Method Details

 
 { # Request message for `GetIamPolicy` method.
   "options": { # Encapsulates settings provided to GetIamPolicy. # OPTIONAL: A `GetPolicyOptions` object for specifying options to `GetIamPolicy`.
-    "requestedPolicyVersion": 42, # Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+    "requestedPolicyVersion": 42, # Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   },
 }
 
diff --git a/docs/dyn/datapipelines_v1.projects.locations.html b/docs/dyn/datapipelines_v1.projects.locations.html
index 3bb9ef8ea9e..fa95dda142f 100644
--- a/docs/dyn/datapipelines_v1.projects.locations.html
+++ b/docs/dyn/datapipelines_v1.projects.locations.html
@@ -120,6 +120,9 @@ 
Method Details

       "jobCount": 42, # Output only. Number of jobs.
       "lastUpdateTime": "A String", # Output only. Immutable. The timestamp when the pipeline was last modified. Set by the Data Pipelines service.
       "name": "A String", # The pipeline name. For example: `projects/PROJECT_ID/locations/LOCATION_ID/pipelines/PIPELINE_ID`. * `PROJECT_ID` can contain letters ([A-Za-z]), numbers ([0-9]), hyphens (-), colons (:), and periods (.). For more information, see [Identifying projects](https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects) * `LOCATION_ID` is the canonical ID for the pipeline's location. The list of available locations can be obtained by calling ListLocations. Note that the Data Pipelines service is not available in all regions. It depends on Cloud Scheduler, an App Engine application, so it's only available in [App Engine regions](https://cloud.google.com/about/locations#region). * `PIPELINE_ID` is the ID of the pipeline. Must be unique for the selected project and location.
+      "pipelineSources": { # Immutable. The sources of the pipeline (for example, Dataplex). The keys and values are set by the corresponding sources during pipeline creation.
+        "a_key": "A String",
+      },
       "scheduleInfo": { # Details of the schedule the pipeline runs on. # Internal scheduling information for a pipeline. If this information is provided, periodic jobs will be created per the schedule. If not, users are responsible for creating jobs externally.
         "nextJobTime": "A String", # Output only. When the next Scheduler job is going to run.
         "schedule": "A String", # Unix-cron format of the schedule. This information is retrieved from the linked Cloud Scheduler.
diff --git a/docs/dyn/datapipelines_v1.projects.locations.pipelines.html b/docs/dyn/datapipelines_v1.projects.locations.pipelines.html
index e9b0b0ea86b..2f7291879fc 100644
--- a/docs/dyn/datapipelines_v1.projects.locations.pipelines.html
+++ b/docs/dyn/datapipelines_v1.projects.locations.pipelines.html
@@ -116,6 +116,9 @@ 
Method Details

   "jobCount": 42, # Output only. Number of jobs.
   "lastUpdateTime": "A String", # Output only. Immutable. The timestamp when the pipeline was last modified. Set by the Data Pipelines service.
   "name": "A String", # The pipeline name. For example: `projects/PROJECT_ID/locations/LOCATION_ID/pipelines/PIPELINE_ID`. * `PROJECT_ID` can contain letters ([A-Za-z]), numbers ([0-9]), hyphens (-), colons (:), and periods (.). For more information, see [Identifying projects](https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects) * `LOCATION_ID` is the canonical ID for the pipeline's location. The list of available locations can be obtained by calling ListLocations. Note that the Data Pipelines service is not available in all regions. It depends on Cloud Scheduler, an App Engine application, so it's only available in [App Engine regions](https://cloud.google.com/about/locations#region). * `PIPELINE_ID` is the ID of the pipeline. Must be unique for the selected project and location.
+  "pipelineSources": { # Immutable. The sources of the pipeline (for example, Dataplex). The keys and values are set by the corresponding sources during pipeline creation.
+    "a_key": "A String",
+  },
   "scheduleInfo": { # Details of the schedule the pipeline runs on. # Internal scheduling information for a pipeline. If this information is provided, periodic jobs will be created per the schedule. If not, users are responsible for creating jobs externally.
     "nextJobTime": "A String", # Output only. When the next Scheduler job is going to run.
     "schedule": "A String", # Unix-cron format of the schedule. This information is retrieved from the linked Cloud Scheduler.
@@ -221,6 +224,9 @@ 
Method Details

   "jobCount": 42, # Output only. Number of jobs.
   "lastUpdateTime": "A String", # Output only. Immutable. The timestamp when the pipeline was last modified. Set by the Data Pipelines service.
   "name": "A String", # The pipeline name. For example: `projects/PROJECT_ID/locations/LOCATION_ID/pipelines/PIPELINE_ID`. * `PROJECT_ID` can contain letters ([A-Za-z]), numbers ([0-9]), hyphens (-), colons (:), and periods (.). For more information, see [Identifying projects](https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects) * `LOCATION_ID` is the canonical ID for the pipeline's location. The list of available locations can be obtained by calling ListLocations. Note that the Data Pipelines service is not available in all regions. It depends on Cloud Scheduler, an App Engine application, so it's only available in [App Engine regions](https://cloud.google.com/about/locations#region). * `PIPELINE_ID` is the ID of the pipeline. Must be unique for the selected project and location.
+  "pipelineSources": { # Immutable. The sources of the pipeline (for example, Dataplex). The keys and values are set by the corresponding sources during pipeline creation.
+    "a_key": "A String",
+  },
   "scheduleInfo": { # Details of the schedule the pipeline runs on. # Internal scheduling information for a pipeline. If this information is provided, periodic jobs will be created per the schedule. If not, users are responsible for creating jobs externally.
     "nextJobTime": "A String", # Output only. When the next Scheduler job is going to run.
     "schedule": "A String", # Unix-cron format of the schedule. This information is retrieved from the linked Cloud Scheduler.
@@ -351,6 +357,9 @@ 
Method Details

   "jobCount": 42, # Output only. Number of jobs.
   "lastUpdateTime": "A String", # Output only. Immutable. The timestamp when the pipeline was last modified. Set by the Data Pipelines service.
   "name": "A String", # The pipeline name. For example: `projects/PROJECT_ID/locations/LOCATION_ID/pipelines/PIPELINE_ID`. * `PROJECT_ID` can contain letters ([A-Za-z]), numbers ([0-9]), hyphens (-), colons (:), and periods (.). For more information, see [Identifying projects](https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects) * `LOCATION_ID` is the canonical ID for the pipeline's location. The list of available locations can be obtained by calling ListLocations. Note that the Data Pipelines service is not available in all regions. It depends on Cloud Scheduler, an App Engine application, so it's only available in [App Engine regions](https://cloud.google.com/about/locations#region). * `PIPELINE_ID` is the ID of the pipeline. Must be unique for the selected project and location.
+  "pipelineSources": { # Immutable. The sources of the pipeline (for example, Dataplex). The keys and values are set by the corresponding sources during pipeline creation.
+    "a_key": "A String",
+  },
   "scheduleInfo": { # Details of the schedule the pipeline runs on. # Internal scheduling information for a pipeline. If this information is provided, periodic jobs will be created per the schedule. If not, users are responsible for creating jobs externally.
     "nextJobTime": "A String", # Output only. When the next Scheduler job is going to run.
     "schedule": "A String", # Unix-cron format of the schedule. This information is retrieved from the linked Cloud Scheduler.
@@ -458,6 +467,9 @@ 
Method Details

   "jobCount": 42, # Output only. Number of jobs.
   "lastUpdateTime": "A String", # Output only. Immutable. The timestamp when the pipeline was last modified. Set by the Data Pipelines service.
   "name": "A String", # The pipeline name. For example: `projects/PROJECT_ID/locations/LOCATION_ID/pipelines/PIPELINE_ID`. * `PROJECT_ID` can contain letters ([A-Za-z]), numbers ([0-9]), hyphens (-), colons (:), and periods (.). For more information, see [Identifying projects](https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects) * `LOCATION_ID` is the canonical ID for the pipeline's location. The list of available locations can be obtained by calling ListLocations. Note that the Data Pipelines service is not available in all regions. It depends on Cloud Scheduler, an App Engine application, so it's only available in [App Engine regions](https://cloud.google.com/about/locations#region). * `PIPELINE_ID` is the ID of the pipeline. Must be unique for the selected project and location.
+  "pipelineSources": { # Immutable. The sources of the pipeline (for example, Dataplex). The keys and values are set by the corresponding sources during pipeline creation.
+    "a_key": "A String",
+  },
   "scheduleInfo": { # Details of the schedule the pipeline runs on. # Internal scheduling information for a pipeline. If this information is provided, periodic jobs will be created per the schedule. If not, users are responsible for creating jobs externally.
     "nextJobTime": "A String", # Output only. When the next Scheduler job is going to run.
     "schedule": "A String", # Unix-cron format of the schedule. This information is retrieved from the linked Cloud Scheduler.
@@ -564,6 +576,9 @@ 
Method Details

   "jobCount": 42, # Output only. Number of jobs.
   "lastUpdateTime": "A String", # Output only. Immutable. The timestamp when the pipeline was last modified. Set by the Data Pipelines service.
   "name": "A String", # The pipeline name. For example: `projects/PROJECT_ID/locations/LOCATION_ID/pipelines/PIPELINE_ID`. * `PROJECT_ID` can contain letters ([A-Za-z]), numbers ([0-9]), hyphens (-), colons (:), and periods (.). For more information, see [Identifying projects](https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects) * `LOCATION_ID` is the canonical ID for the pipeline's location. The list of available locations can be obtained by calling ListLocations. Note that the Data Pipelines service is not available in all regions. It depends on Cloud Scheduler, an App Engine application, so it's only available in [App Engine regions](https://cloud.google.com/about/locations#region). * `PIPELINE_ID` is the ID of the pipeline. Must be unique for the selected project and location.
+  "pipelineSources": { # Immutable. The sources of the pipeline (for example, Dataplex). The keys and values are set by the corresponding sources during pipeline creation.
+    "a_key": "A String",
+  },
   "scheduleInfo": { # Details of the schedule the pipeline runs on. # Internal scheduling information for a pipeline. If this information is provided, periodic jobs will be created per the schedule. If not, users are responsible for creating jobs externally.
     "nextJobTime": "A String", # Output only. When the next Scheduler job is going to run.
     "schedule": "A String", # Unix-cron format of the schedule. This information is retrieved from the linked Cloud Scheduler.
@@ -733,6 +748,9 @@ 
Method Details

   "jobCount": 42, # Output only. Number of jobs.
   "lastUpdateTime": "A String", # Output only. Immutable. The timestamp when the pipeline was last modified. Set by the Data Pipelines service.
   "name": "A String", # The pipeline name. For example: `projects/PROJECT_ID/locations/LOCATION_ID/pipelines/PIPELINE_ID`. * `PROJECT_ID` can contain letters ([A-Za-z]), numbers ([0-9]), hyphens (-), colons (:), and periods (.). For more information, see [Identifying projects](https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects) * `LOCATION_ID` is the canonical ID for the pipeline's location. The list of available locations can be obtained by calling ListLocations. Note that the Data Pipelines service is not available in all regions. It depends on Cloud Scheduler, an App Engine application, so it's only available in [App Engine regions](https://cloud.google.com/about/locations#region). * `PIPELINE_ID` is the ID of the pipeline. Must be unique for the selected project and location.
+  "pipelineSources": { # Immutable. The sources of the pipeline (for example, Dataplex). The keys and values are set by the corresponding sources during pipeline creation.
+    "a_key": "A String",
+  },
   "scheduleInfo": { # Details of the schedule the pipeline runs on. # Internal scheduling information for a pipeline. If this information is provided, periodic jobs will be created per the schedule. If not, users are responsible for creating jobs externally.
     "nextJobTime": "A String", # Output only. When the next Scheduler job is going to run.
     "schedule": "A String", # Unix-cron format of the schedule. This information is retrieved from the linked Cloud Scheduler.
diff --git a/docs/dyn/datastore_v1beta3.projects.html b/docs/dyn/datastore_v1beta3.projects.html
index 68130019c47..5bd9b3632f1 100644
--- a/docs/dyn/datastore_v1beta3.projects.html
+++ b/docs/dyn/datastore_v1beta3.projects.html
@@ -232,40 +232,7 @@ 
Method Details

           ],
         },
         "properties": { # The entity's properties. The map's keys are property names. A property name matching regex `__.*__` is reserved. A reserved property name is forbidden in certain documented contexts. The name must not contain more than 500 characters. The name cannot be `""`.
-          "a_key": { # A message that can hold any of the supported value types and associated metadata.
-            "arrayValue": { # An array value. # An array value. Cannot contain another array value. A `Value` instance that sets field `array_value` must not set fields `meaning` or `exclude_from_indexes`.
-              "values": [ # Values in the array. The order of values in an array is preserved as long as all values have identical settings for 'exclude_from_indexes'.
-                # Object with schema name: Value
-              ],
-            },
-            "blobValue": "A String", # A blob value. May have at most 1,000,000 bytes. When `exclude_from_indexes` is false, may have at most 1500 bytes. In JSON requests, must be base64-encoded.
-            "booleanValue": True or False, # A boolean value.
-            "doubleValue": 3.14, # A double value.
-            "entityValue": # Object with schema name: Entity # An entity value. - May have no key. - May have a key with an incomplete key path. - May have a reserved/read-only key.
-            "excludeFromIndexes": True or False, # If the value should be excluded from all indexes including those defined explicitly.
-            "geoPointValue": { # An object that represents a latitude/longitude pair. This is expressed as a pair of doubles to represent degrees latitude and degrees longitude. Unless specified otherwise, this object must conform to the WGS84 standard. Values must be within normalized ranges. # A geo point value representing a point on the surface of Earth.
-              "latitude": 3.14, # The latitude in degrees. It must be in the range [-90.0, +90.0].
-              "longitude": 3.14, # The longitude in degrees. It must be in the range [-180.0, +180.0].
-            },
-            "integerValue": "A String", # An integer value.
-            "keyValue": { # A unique identifier for an entity. If a key's partition ID or any of its path kinds or names are reserved/read-only, the key is reserved/read-only. A reserved/read-only key is forbidden in certain documented contexts. # A key value.
-              "partitionId": { # A partition ID identifies a grouping of entities. The grouping is always by project and namespace, however the namespace ID may be empty. A partition ID contains several dimensions: project ID and namespace ID. Partition dimensions: - May be `""`. - Must be valid UTF-8 bytes. - Must have values that match regex `[A-Za-z\d\.\-_]{1,100}` If the value of any dimension matches regex `__.*__`, the partition is reserved/read-only. A reserved/read-only partition ID is forbidden in certain documented contexts. Foreign partition IDs (in which the project ID does not match the context project ID ) are discouraged. Reads and writes of foreign partition IDs may fail if the project is not in an active state. # Entities are partitioned into subsets, currently identified by a project ID and namespace ID. Queries are scoped to a single partition.
-                "namespaceId": "A String", # If not empty, the ID of the namespace to which the entities belong.
-                "projectId": "A String", # The ID of the project to which the entities belong.
-              },
-              "path": [ # The entity path. An entity path consists of one or more elements composed of a kind and a string or numerical identifier, which identify entities. The first element identifies a _root entity_, the second element identifies a _child_ of the root entity, the third element identifies a child of the second entity, and so forth. The entities identified by all prefixes of the path are called the element's _ancestors_. An entity path is always fully complete: *all* of the entity's ancestors are required to be in the path along with the entity identifier itself. The only exception is that in some documented cases, the identifier in the last path element (for the entity) itself may be omitted. For example, the last path element of the key of `Mutation.insert` may have no identifier. A path can never be empty, and a path can have at most 100 elements.
-                { # A (kind, ID/name) pair used to construct a key path. If either name or ID is set, the element is complete. If neither is set, the element is incomplete.
-                  "id": "A String", # The auto-allocated ID of the entity. Never equal to zero. Values less than zero are discouraged and may not be supported in the future.
-                  "kind": "A String", # The kind of the entity. A kind matching regex `__.*__` is reserved/read-only. A kind must not contain more than 1500 bytes when UTF-8 encoded. Cannot be `""`.
-                  "name": "A String", # The name of the entity. A name matching regex `__.*__` is reserved/read-only. A name must not be more than 1500 bytes when UTF-8 encoded. Cannot be `""`.
-                },
-              ],
-            },
-            "meaning": 42, # The `meaning` field should only be populated for backwards compatibility.
-            "nullValue": "A String", # A null value.
-            "stringValue": "A String", # A UTF-8 encoded string value. When `exclude_from_indexes` is false (it is indexed) , may have at most 1500 bytes. Otherwise, may be set to at most 1,000,000 bytes.
-            "timestampValue": "A String", # A timestamp value. When stored in the Datastore, precise only to microseconds; any additional precision is rounded down.
-          },
+          "a_key": # Object with schema name: Value
         },
       },
       "update": { # A Datastore data object. An entity is limited to 1 megabyte when stored. That _roughly_ corresponds to a limit of 1 megabyte for the serialized form of this message. # The entity to update. The entity must already exist. Must have a complete key path.
@@ -283,40 +250,7 @@ 
Method Details

           ],
         },
         "properties": { # The entity's properties. The map's keys are property names. A property name matching regex `__.*__` is reserved. A reserved property name is forbidden in certain documented contexts. The name must not contain more than 500 characters. The name cannot be `""`.
-          "a_key": { # A message that can hold any of the supported value types and associated metadata.
-            "arrayValue": { # An array value. # An array value. Cannot contain another array value. A `Value` instance that sets field `array_value` must not set fields `meaning` or `exclude_from_indexes`.
-              "values": [ # Values in the array. The order of values in an array is preserved as long as all values have identical settings for 'exclude_from_indexes'.
-                # Object with schema name: Value
-              ],
-            },
-            "blobValue": "A String", # A blob value. May have at most 1,000,000 bytes. When `exclude_from_indexes` is false, may have at most 1500 bytes. In JSON requests, must be base64-encoded.
-            "booleanValue": True or False, # A boolean value.
-            "doubleValue": 3.14, # A double value.
-            "entityValue": # Object with schema name: Entity # An entity value. - May have no key. - May have a key with an incomplete key path. - May have a reserved/read-only key.
-            "excludeFromIndexes": True or False, # If the value should be excluded from all indexes including those defined explicitly.
-            "geoPointValue": { # An object that represents a latitude/longitude pair. This is expressed as a pair of doubles to represent degrees latitude and degrees longitude. Unless specified otherwise, this object must conform to the WGS84 standard. Values must be within normalized ranges. # A geo point value representing a point on the surface of Earth.
-              "latitude": 3.14, # The latitude in degrees. It must be in the range [-90.0, +90.0].
-              "longitude": 3.14, # The longitude in degrees. It must be in the range [-180.0, +180.0].
-            },
-            "integerValue": "A String", # An integer value.
-            "keyValue": { # A unique identifier for an entity. If a key's partition ID or any of its path kinds or names are reserved/read-only, the key is reserved/read-only. A reserved/read-only key is forbidden in certain documented contexts. # A key value.
-              "partitionId": { # A partition ID identifies a grouping of entities. The grouping is always by project and namespace, however the namespace ID may be empty. A partition ID contains several dimensions: project ID and namespace ID. Partition dimensions: - May be `""`. - Must be valid UTF-8 bytes. - Must have values that match regex `[A-Za-z\d\.\-_]{1,100}` If the value of any dimension matches regex `__.*__`, the partition is reserved/read-only. A reserved/read-only partition ID is forbidden in certain documented contexts. Foreign partition IDs (in which the project ID does not match the context project ID ) are discouraged. Reads and writes of foreign partition IDs may fail if the project is not in an active state. # Entities are partitioned into subsets, currently identified by a project ID and namespace ID. Queries are scoped to a single partition.
-                "namespaceId": "A String", # If not empty, the ID of the namespace to which the entities belong.
-                "projectId": "A String", # The ID of the project to which the entities belong.
-              },
-              "path": [ # The entity path. An entity path consists of one or more elements composed of a kind and a string or numerical identifier, which identify entities. The first element identifies a _root entity_, the second element identifies a _child_ of the root entity, the third element identifies a child of the second entity, and so forth. The entities identified by all prefixes of the path are called the element's _ancestors_. An entity path is always fully complete: *all* of the entity's ancestors are required to be in the path along with the entity identifier itself. The only exception is that in some documented cases, the identifier in the last path element (for the entity) itself may be omitted. For example, the last path element of the key of `Mutation.insert` may have no identifier. A path can never be empty, and a path can have at most 100 elements.
-                { # A (kind, ID/name) pair used to construct a key path. If either name or ID is set, the element is complete. If neither is set, the element is incomplete.
-                  "id": "A String", # The auto-allocated ID of the entity. Never equal to zero. Values less than zero are discouraged and may not be supported in the future.
-                  "kind": "A String", # The kind of the entity. A kind matching regex `__.*__` is reserved/read-only. A kind must not contain more than 1500 bytes when UTF-8 encoded. Cannot be `""`.
-                  "name": "A String", # The name of the entity. A name matching regex `__.*__` is reserved/read-only. A name must not be more than 1500 bytes when UTF-8 encoded. Cannot be `""`.
-                },
-              ],
-            },
-            "meaning": 42, # The `meaning` field should only be populated for backwards compatibility.
-            "nullValue": "A String", # A null value.
-            "stringValue": "A String", # A UTF-8 encoded string value. When `exclude_from_indexes` is false (it is indexed) , may have at most 1500 bytes. Otherwise, may be set to at most 1,000,000 bytes.
-            "timestampValue": "A String", # A timestamp value. When stored in the Datastore, precise only to microseconds; any additional precision is rounded down.
-          },
+          "a_key": # Object with schema name: Value
         },
       },
       "upsert": { # A Datastore data object. An entity is limited to 1 megabyte when stored. That _roughly_ corresponds to a limit of 1 megabyte for the serialized form of this message. # The entity to upsert. The entity may or may not already exist. The entity key's final path element may be incomplete.
@@ -334,40 +268,7 @@ 
Method Details

           ],
         },
         "properties": { # The entity's properties. The map's keys are property names. A property name matching regex `__.*__` is reserved. A reserved property name is forbidden in certain documented contexts. The name must not contain more than 500 characters. The name cannot be `""`.
-          "a_key": { # A message that can hold any of the supported value types and associated metadata.
-            "arrayValue": { # An array value. # An array value. Cannot contain another array value. A `Value` instance that sets field `array_value` must not set fields `meaning` or `exclude_from_indexes`.
-              "values": [ # Values in the array. The order of values in an array is preserved as long as all values have identical settings for 'exclude_from_indexes'.
-                # Object with schema name: Value
-              ],
-            },
-            "blobValue": "A String", # A blob value. May have at most 1,000,000 bytes. When `exclude_from_indexes` is false, may have at most 1500 bytes. In JSON requests, must be base64-encoded.
-            "booleanValue": True or False, # A boolean value.
-            "doubleValue": 3.14, # A double value.
-            "entityValue": # Object with schema name: Entity # An entity value. - May have no key. - May have a key with an incomplete key path. - May have a reserved/read-only key.
-            "excludeFromIndexes": True or False, # If the value should be excluded from all indexes including those defined explicitly.
-            "geoPointValue": { # An object that represents a latitude/longitude pair. This is expressed as a pair of doubles to represent degrees latitude and degrees longitude. Unless specified otherwise, this object must conform to the WGS84 standard. Values must be within normalized ranges. # A geo point value representing a point on the surface of Earth.
-              "latitude": 3.14, # The latitude in degrees. It must be in the range [-90.0, +90.0].
-              "longitude": 3.14, # The longitude in degrees. It must be in the range [-180.0, +180.0].
-            },
-            "integerValue": "A String", # An integer value.
-            "keyValue": { # A unique identifier for an entity. If a key's partition ID or any of its path kinds or names are reserved/read-only, the key is reserved/read-only. A reserved/read-only key is forbidden in certain documented contexts. # A key value.
-              "partitionId": { # A partition ID identifies a grouping of entities. The grouping is always by project and namespace, however the namespace ID may be empty. A partition ID contains several dimensions: project ID and namespace ID. Partition dimensions: - May be `""`. - Must be valid UTF-8 bytes. - Must have values that match regex `[A-Za-z\d\.\-_]{1,100}` If the value of any dimension matches regex `__.*__`, the partition is reserved/read-only. A reserved/read-only partition ID is forbidden in certain documented contexts. Foreign partition IDs (in which the project ID does not match the context project ID ) are discouraged. Reads and writes of foreign partition IDs may fail if the project is not in an active state. # Entities are partitioned into subsets, currently identified by a project ID and namespace ID. Queries are scoped to a single partition.
-                "namespaceId": "A String", # If not empty, the ID of the namespace to which the entities belong.
-                "projectId": "A String", # The ID of the project to which the entities belong.
-              },
-              "path": [ # The entity path. An entity path consists of one or more elements composed of a kind and a string or numerical identifier, which identify entities. The first element identifies a _root entity_, the second element identifies a _child_ of the root entity, the third element identifies a child of the second entity, and so forth. The entities identified by all prefixes of the path are called the element's _ancestors_. An entity path is always fully complete: *all* of the entity's ancestors are required to be in the path along with the entity identifier itself. The only exception is that in some documented cases, the identifier in the last path element (for the entity) itself may be omitted. For example, the last path element of the key of `Mutation.insert` may have no identifier. A path can never be empty, and a path can have at most 100 elements.
-                { # A (kind, ID/name) pair used to construct a key path. If either name or ID is set, the element is complete. If neither is set, the element is incomplete.
-                  "id": "A String", # The auto-allocated ID of the entity. Never equal to zero. Values less than zero are discouraged and may not be supported in the future.
-                  "kind": "A String", # The kind of the entity. A kind matching regex `__.*__` is reserved/read-only. A kind must not contain more than 1500 bytes when UTF-8 encoded. Cannot be `""`.
-                  "name": "A String", # The name of the entity. A name matching regex `__.*__` is reserved/read-only. A name must not be more than 1500 bytes when UTF-8 encoded. Cannot be `""`.
-                },
-              ],
-            },
-            "meaning": 42, # The `meaning` field should only be populated for backwards compatibility.
-            "nullValue": "A String", # A null value.
-            "stringValue": "A String", # A UTF-8 encoded string value. When `exclude_from_indexes` is false (it is indexed) , may have at most 1500 bytes. Otherwise, may be set to at most 1,000,000 bytes.
-            "timestampValue": "A String", # A timestamp value. When stored in the Datastore, precise only to microseconds; any additional precision is rounded down.
-          },
+          "a_key": # Object with schema name: Value
         },
       },
     },
@@ -480,40 +381,7 @@ 
Method Details

           ],
         },
         "properties": { # The entity's properties. The map's keys are property names. A property name matching regex `__.*__` is reserved. A reserved property name is forbidden in certain documented contexts. The name must not contain more than 500 characters. The name cannot be `""`.
-          "a_key": { # A message that can hold any of the supported value types and associated metadata.
-            "arrayValue": { # An array value. # An array value. Cannot contain another array value. A `Value` instance that sets field `array_value` must not set fields `meaning` or `exclude_from_indexes`.
-              "values": [ # Values in the array. The order of values in an array is preserved as long as all values have identical settings for 'exclude_from_indexes'.
-                # Object with schema name: Value
-              ],
-            },
-            "blobValue": "A String", # A blob value. May have at most 1,000,000 bytes. When `exclude_from_indexes` is false, may have at most 1500 bytes. In JSON requests, must be base64-encoded.
-            "booleanValue": True or False, # A boolean value.
-            "doubleValue": 3.14, # A double value.
-            "entityValue": # Object with schema name: Entity # An entity value. - May have no key. - May have a key with an incomplete key path. - May have a reserved/read-only key.
-            "excludeFromIndexes": True or False, # If the value should be excluded from all indexes including those defined explicitly.
-            "geoPointValue": { # An object that represents a latitude/longitude pair. This is expressed as a pair of doubles to represent degrees latitude and degrees longitude. Unless specified otherwise, this object must conform to the WGS84 standard. Values must be within normalized ranges. # A geo point value representing a point on the surface of Earth.
-              "latitude": 3.14, # The latitude in degrees. It must be in the range [-90.0, +90.0].
-              "longitude": 3.14, # The longitude in degrees. It must be in the range [-180.0, +180.0].
-            },
-            "integerValue": "A String", # An integer value.
-            "keyValue": { # A unique identifier for an entity. If a key's partition ID or any of its path kinds or names are reserved/read-only, the key is reserved/read-only. A reserved/read-only key is forbidden in certain documented contexts. # A key value.
-              "partitionId": { # A partition ID identifies a grouping of entities. The grouping is always by project and namespace, however the namespace ID may be empty. A partition ID contains several dimensions: project ID and namespace ID. Partition dimensions: - May be `""`. - Must be valid UTF-8 bytes. - Must have values that match regex `[A-Za-z\d\.\-_]{1,100}` If the value of any dimension matches regex `__.*__`, the partition is reserved/read-only. A reserved/read-only partition ID is forbidden in certain documented contexts. Foreign partition IDs (in which the project ID does not match the context project ID ) are discouraged. Reads and writes of foreign partition IDs may fail if the project is not in an active state. # Entities are partitioned into subsets, currently identified by a project ID and namespace ID. Queries are scoped to a single partition.
-                "namespaceId": "A String", # If not empty, the ID of the namespace to which the entities belong.
-                "projectId": "A String", # The ID of the project to which the entities belong.
-              },
-              "path": [ # The entity path. An entity path consists of one or more elements composed of a kind and a string or numerical identifier, which identify entities. The first element identifies a _root entity_, the second element identifies a _child_ of the root entity, the third element identifies a child of the second entity, and so forth. The entities identified by all prefixes of the path are called the element's _ancestors_. An entity path is always fully complete: *all* of the entity's ancestors are required to be in the path along with the entity identifier itself. The only exception is that in some documented cases, the identifier in the last path element (for the entity) itself may be omitted. For example, the last path element of the key of `Mutation.insert` may have no identifier. A path can never be empty, and a path can have at most 100 elements.
-                { # A (kind, ID/name) pair used to construct a key path. If either name or ID is set, the element is complete. If neither is set, the element is incomplete.
-                  "id": "A String", # The auto-allocated ID of the entity. Never equal to zero. Values less than zero are discouraged and may not be supported in the future.
-                  "kind": "A String", # The kind of the entity. A kind matching regex `__.*__` is reserved/read-only. A kind must not contain more than 1500 bytes when UTF-8 encoded. Cannot be `""`.
-                  "name": "A String", # The name of the entity. A name matching regex `__.*__` is reserved/read-only. A name must not be more than 1500 bytes when UTF-8 encoded. Cannot be `""`.
-                },
-              ],
-            },
-            "meaning": 42, # The `meaning` field should only be populated for backwards compatibility.
-            "nullValue": "A String", # A null value.
-            "stringValue": "A String", # A UTF-8 encoded string value. When `exclude_from_indexes` is false (it is indexed) , may have at most 1500 bytes. Otherwise, may be set to at most 1,000,000 bytes.
-            "timestampValue": "A String", # A timestamp value. When stored in the Datastore, precise only to microseconds; any additional precision is rounded down.
-          },
+          "a_key": # Object with schema name: Value
         },
       },
       "version": "A String", # The version of the entity, a strictly positive number that monotonically increases with changes to the entity. This field is set for `FULL` entity results. For missing entities in `LookupResponse`, this is the version of the snapshot that was used to look up the entity, and it is always set except for eventually consistent reads.
@@ -537,40 +405,7 @@ 
Method Details

           ],
         },
         "properties": { # The entity's properties. The map's keys are property names. A property name matching regex `__.*__` is reserved. A reserved property name is forbidden in certain documented contexts. The name must not contain more than 500 characters. The name cannot be `""`.
-          "a_key": { # A message that can hold any of the supported value types and associated metadata.
-            "arrayValue": { # An array value. # An array value. Cannot contain another array value. A `Value` instance that sets field `array_value` must not set fields `meaning` or `exclude_from_indexes`.
-              "values": [ # Values in the array. The order of values in an array is preserved as long as all values have identical settings for 'exclude_from_indexes'.
-                # Object with schema name: Value
-              ],
-            },
-            "blobValue": "A String", # A blob value. May have at most 1,000,000 bytes. When `exclude_from_indexes` is false, may have at most 1500 bytes. In JSON requests, must be base64-encoded.
-            "booleanValue": True or False, # A boolean value.
-            "doubleValue": 3.14, # A double value.
-            "entityValue": # Object with schema name: Entity # An entity value. - May have no key. - May have a key with an incomplete key path. - May have a reserved/read-only key.
-            "excludeFromIndexes": True or False, # If the value should be excluded from all indexes including those defined explicitly.
-            "geoPointValue": { # An object that represents a latitude/longitude pair. This is expressed as a pair of doubles to represent degrees latitude and degrees longitude. Unless specified otherwise, this object must conform to the WGS84 standard. Values must be within normalized ranges. # A geo point value representing a point on the surface of Earth.
-              "latitude": 3.14, # The latitude in degrees. It must be in the range [-90.0, +90.0].
-              "longitude": 3.14, # The longitude in degrees. It must be in the range [-180.0, +180.0].
-            },
-            "integerValue": "A String", # An integer value.
-            "keyValue": { # A unique identifier for an entity. If a key's partition ID or any of its path kinds or names are reserved/read-only, the key is reserved/read-only. A reserved/read-only key is forbidden in certain documented contexts. # A key value.
-              "partitionId": { # A partition ID identifies a grouping of entities. The grouping is always by project and namespace, however the namespace ID may be empty. A partition ID contains several dimensions: project ID and namespace ID. Partition dimensions: - May be `""`. - Must be valid UTF-8 bytes. - Must have values that match regex `[A-Za-z\d\.\-_]{1,100}` If the value of any dimension matches regex `__.*__`, the partition is reserved/read-only. A reserved/read-only partition ID is forbidden in certain documented contexts. Foreign partition IDs (in which the project ID does not match the context project ID ) are discouraged. Reads and writes of foreign partition IDs may fail if the project is not in an active state. # Entities are partitioned into subsets, currently identified by a project ID and namespace ID. Queries are scoped to a single partition.
-                "namespaceId": "A String", # If not empty, the ID of the namespace to which the entities belong.
-                "projectId": "A String", # The ID of the project to which the entities belong.
-              },
-              "path": [ # The entity path. An entity path consists of one or more elements composed of a kind and a string or numerical identifier, which identify entities. The first element identifies a _root entity_, the second element identifies a _child_ of the root entity, the third element identifies a child of the second entity, and so forth. The entities identified by all prefixes of the path are called the element's _ancestors_. An entity path is always fully complete: *all* of the entity's ancestors are required to be in the path along with the entity identifier itself. The only exception is that in some documented cases, the identifier in the last path element (for the entity) itself may be omitted. For example, the last path element of the key of `Mutation.insert` may have no identifier. A path can never be empty, and a path can have at most 100 elements.
-                { # A (kind, ID/name) pair used to construct a key path. If either name or ID is set, the element is complete. If neither is set, the element is incomplete.
-                  "id": "A String", # The auto-allocated ID of the entity. Never equal to zero. Values less than zero are discouraged and may not be supported in the future.
-                  "kind": "A String", # The kind of the entity. A kind matching regex `__.*__` is reserved/read-only. A kind must not contain more than 1500 bytes when UTF-8 encoded. Cannot be `""`.
-                  "name": "A String", # The name of the entity. A name matching regex `__.*__` is reserved/read-only. A name must not be more than 1500 bytes when UTF-8 encoded. Cannot be `""`.
-                },
-              ],
-            },
-            "meaning": 42, # The `meaning` field should only be populated for backwards compatibility.
-            "nullValue": "A String", # A null value.
-            "stringValue": "A String", # A UTF-8 encoded string value. When `exclude_from_indexes` is false (it is indexed) , may have at most 1500 bytes. Otherwise, may be set to at most 1,000,000 bytes.
-            "timestampValue": "A String", # A timestamp value. When stored in the Datastore, precise only to microseconds; any additional precision is rounded down.
-          },
+          "a_key": # Object with schema name: Value
         },
       },
       "version": "A String", # The version of the entity, a strictly positive number that monotonically increases with changes to the entity. This field is set for `FULL` entity results. For missing entities in `LookupResponse`, this is the version of the snapshot that was used to look up the entity, and it is always set except for eventually consistent reads.
@@ -668,7 +503,24 @@ 
Method Details

           "blobValue": "A String", # A blob value. May have at most 1,000,000 bytes. When `exclude_from_indexes` is false, may have at most 1500 bytes. In JSON requests, must be base64-encoded.
           "booleanValue": True or False, # A boolean value.
           "doubleValue": 3.14, # A double value.
-          "entityValue": # Object with schema name: Entity # An entity value. - May have no key. - May have a key with an incomplete key path. - May have a reserved/read-only key.
+          "entityValue": { # A Datastore data object. An entity is limited to 1 megabyte when stored. That _roughly_ corresponds to a limit of 1 megabyte for the serialized form of this message. # An entity value. - May have no key. - May have a key with an incomplete key path. - May have a reserved/read-only key.
+            "key": { # A unique identifier for an entity. If a key's partition ID or any of its path kinds or names are reserved/read-only, the key is reserved/read-only. A reserved/read-only key is forbidden in certain documented contexts. # The entity's key. An entity must have a key, unless otherwise documented (for example, an entity in `Value.entity_value` may have no key). An entity's kind is its key path's last element's kind, or null if it has no key.
+              "partitionId": { # A partition ID identifies a grouping of entities. The grouping is always by project and namespace, however the namespace ID may be empty. A partition ID contains several dimensions: project ID and namespace ID. Partition dimensions: - May be `""`. - Must be valid UTF-8 bytes. - Must have values that match regex `[A-Za-z\d\.\-_]{1,100}` If the value of any dimension matches regex `__.*__`, the partition is reserved/read-only. A reserved/read-only partition ID is forbidden in certain documented contexts. Foreign partition IDs (in which the project ID does not match the context project ID ) are discouraged. Reads and writes of foreign partition IDs may fail if the project is not in an active state. # Entities are partitioned into subsets, currently identified by a project ID and namespace ID. Queries are scoped to a single partition.
+                "namespaceId": "A String", # If not empty, the ID of the namespace to which the entities belong.
+                "projectId": "A String", # The ID of the project to which the entities belong.
+              },
+              "path": [ # The entity path. An entity path consists of one or more elements composed of a kind and a string or numerical identifier, which identify entities. The first element identifies a _root entity_, the second element identifies a _child_ of the root entity, the third element identifies a child of the second entity, and so forth. The entities identified by all prefixes of the path are called the element's _ancestors_. An entity path is always fully complete: *all* of the entity's ancestors are required to be in the path along with the entity identifier itself. The only exception is that in some documented cases, the identifier in the last path element (for the entity) itself may be omitted. For example, the last path element of the key of `Mutation.insert` may have no identifier. A path can never be empty, and a path can have at most 100 elements.
+                { # A (kind, ID/name) pair used to construct a key path. If either name or ID is set, the element is complete. If neither is set, the element is incomplete.
+                  "id": "A String", # The auto-allocated ID of the entity. Never equal to zero. Values less than zero are discouraged and may not be supported in the future.
+                  "kind": "A String", # The kind of the entity. A kind matching regex `__.*__` is reserved/read-only. A kind must not contain more than 1500 bytes when UTF-8 encoded. Cannot be `""`.
+                  "name": "A String", # The name of the entity. A name matching regex `__.*__` is reserved/read-only. A name must not be more than 1500 bytes when UTF-8 encoded. Cannot be `""`.
+                },
+              ],
+            },
+            "properties": { # The entity's properties. The map's keys are property names. A property name matching regex `__.*__` is reserved. A reserved property name is forbidden in certain documented contexts. The name must not contain more than 500 characters. The name cannot be `""`.
+              "a_key": # Object with schema name: Value
+            },
+          },
           "excludeFromIndexes": True or False, # If the value should be excluded from all indexes including those defined explicitly.
           "geoPointValue": { # An object that represents a latitude/longitude pair. This is expressed as a pair of doubles to represent degrees latitude and degrees longitude. Unless specified otherwise, this object must conform to the WGS84 standard. Values must be within normalized ranges. # A geo point value representing a point on the surface of Earth.
             "latitude": 3.14, # The latitude in degrees. It must be in the range [-90.0, +90.0].
@@ -707,7 +559,24 @@ 
Method Details

           "blobValue": "A String", # A blob value. May have at most 1,000,000 bytes. When `exclude_from_indexes` is false, may have at most 1500 bytes. In JSON requests, must be base64-encoded.
           "booleanValue": True or False, # A boolean value.
           "doubleValue": 3.14, # A double value.
-          "entityValue": # Object with schema name: Entity # An entity value. - May have no key. - May have a key with an incomplete key path. - May have a reserved/read-only key.
+          "entityValue": { # A Datastore data object. An entity is limited to 1 megabyte when stored. That _roughly_ corresponds to a limit of 1 megabyte for the serialized form of this message. # An entity value. - May have no key. - May have a key with an incomplete key path. - May have a reserved/read-only key.
+            "key": { # A unique identifier for an entity. If a key's partition ID or any of its path kinds or names are reserved/read-only, the key is reserved/read-only. A reserved/read-only key is forbidden in certain documented contexts. # The entity's key. An entity must have a key, unless otherwise documented (for example, an entity in `Value.entity_value` may have no key). An entity's kind is its key path's last element's kind, or null if it has no key.
+              "partitionId": { # A partition ID identifies a grouping of entities. The grouping is always by project and namespace, however the namespace ID may be empty. A partition ID contains several dimensions: project ID and namespace ID. Partition dimensions: - May be `""`. - Must be valid UTF-8 bytes. - Must have values that match regex `[A-Za-z\d\.\-_]{1,100}` If the value of any dimension matches regex `__.*__`, the partition is reserved/read-only. A reserved/read-only partition ID is forbidden in certain documented contexts. Foreign partition IDs (in which the project ID does not match the context project ID ) are discouraged. Reads and writes of foreign partition IDs may fail if the project is not in an active state. # Entities are partitioned into subsets, currently identified by a project ID and namespace ID. Queries are scoped to a single partition.
+                "namespaceId": "A String", # If not empty, the ID of the namespace to which the entities belong.
+                "projectId": "A String", # The ID of the project to which the entities belong.
+              },
+              "path": [ # The entity path. An entity path consists of one or more elements composed of a kind and a string or numerical identifier, which identify entities. The first element identifies a _root entity_, the second element identifies a _child_ of the root entity, the third element identifies a child of the second entity, and so forth. The entities identified by all prefixes of the path are called the element's _ancestors_. An entity path is always fully complete: *all* of the entity's ancestors are required to be in the path along with the entity identifier itself. The only exception is that in some documented cases, the identifier in the last path element (for the entity) itself may be omitted. For example, the last path element of the key of `Mutation.insert` may have no identifier. A path can never be empty, and a path can have at most 100 elements.
+                { # A (kind, ID/name) pair used to construct a key path. If either name or ID is set, the element is complete. If neither is set, the element is incomplete.
+                  "id": "A String", # The auto-allocated ID of the entity. Never equal to zero. Values less than zero are discouraged and may not be supported in the future.
+                  "kind": "A String", # The kind of the entity. A kind matching regex `__.*__` is reserved/read-only. A kind must not contain more than 1500 bytes when UTF-8 encoded. Cannot be `""`.
+                  "name": "A String", # The name of the entity. A name matching regex `__.*__` is reserved/read-only. A name must not be more than 1500 bytes when UTF-8 encoded. Cannot be `""`.
+                },
+              ],
+            },
+            "properties": { # The entity's properties. The map's keys are property names. A property name matching regex `__.*__` is reserved. A reserved property name is forbidden in certain documented contexts. The name must not contain more than 500 characters. The name cannot be `""`.
+              "a_key": # Object with schema name: Value
+            },
+          },
           "excludeFromIndexes": True or False, # If the value should be excluded from all indexes including those defined explicitly.
           "geoPointValue": { # An object that represents a latitude/longitude pair. This is expressed as a pair of doubles to represent degrees latitude and degrees longitude. Unless specified otherwise, this object must conform to the WGS84 standard. Values must be within normalized ranges. # A geo point value representing a point on the surface of Earth.
             "latitude": 3.14, # The latitude in degrees. It must be in the range [-90.0, +90.0].
@@ -768,7 +637,24 @@ 
Method Details

           "blobValue": "A String", # A blob value. May have at most 1,000,000 bytes. When `exclude_from_indexes` is false, may have at most 1500 bytes. In JSON requests, must be base64-encoded.
           "booleanValue": True or False, # A boolean value.
           "doubleValue": 3.14, # A double value.
-          "entityValue": # Object with schema name: Entity # An entity value. - May have no key. - May have a key with an incomplete key path. - May have a reserved/read-only key.
+          "entityValue": { # A Datastore data object. An entity is limited to 1 megabyte when stored. That _roughly_ corresponds to a limit of 1 megabyte for the serialized form of this message. # An entity value. - May have no key. - May have a key with an incomplete key path. - May have a reserved/read-only key.
+            "key": { # A unique identifier for an entity. If a key's partition ID or any of its path kinds or names are reserved/read-only, the key is reserved/read-only. A reserved/read-only key is forbidden in certain documented contexts. # The entity's key. An entity must have a key, unless otherwise documented (for example, an entity in `Value.entity_value` may have no key). An entity's kind is its key path's last element's kind, or null if it has no key.
+              "partitionId": { # A partition ID identifies a grouping of entities. The grouping is always by project and namespace, however the namespace ID may be empty. A partition ID contains several dimensions: project ID and namespace ID. Partition dimensions: - May be `""`. - Must be valid UTF-8 bytes. - Must have values that match regex `[A-Za-z\d\.\-_]{1,100}` If the value of any dimension matches regex `__.*__`, the partition is reserved/read-only. A reserved/read-only partition ID is forbidden in certain documented contexts. Foreign partition IDs (in which the project ID does not match the context project ID ) are discouraged. Reads and writes of foreign partition IDs may fail if the project is not in an active state. # Entities are partitioned into subsets, currently identified by a project ID and namespace ID. Queries are scoped to a single partition.
+                "namespaceId": "A String", # If not empty, the ID of the namespace to which the entities belong.
+                "projectId": "A String", # The ID of the project to which the entities belong.
+              },
+              "path": [ # The entity path. An entity path consists of one or more elements composed of a kind and a string or numerical identifier, which identify entities. The first element identifies a _root entity_, the second element identifies a _child_ of the root entity, the third element identifies a child of the second entity, and so forth. The entities identified by all prefixes of the path are called the element's _ancestors_. An entity path is always fully complete: *all* of the entity's ancestors are required to be in the path along with the entity identifier itself. The only exception is that in some documented cases, the identifier in the last path element (for the entity) itself may be omitted. For example, the last path element of the key of `Mutation.insert` may have no identifier. A path can never be empty, and a path can have at most 100 elements.
+                { # A (kind, ID/name) pair used to construct a key path. If either name or ID is set, the element is complete. If neither is set, the element is incomplete.
+                  "id": "A String", # The auto-allocated ID of the entity. Never equal to zero. Values less than zero are discouraged and may not be supported in the future.
+                  "kind": "A String", # The kind of the entity. A kind matching regex `__.*__` is reserved/read-only. A kind must not contain more than 1500 bytes when UTF-8 encoded. Cannot be `""`.
+                  "name": "A String", # The name of the entity. A name matching regex `__.*__` is reserved/read-only. A name must not be more than 1500 bytes when UTF-8 encoded. Cannot be `""`.
+                },
+              ],
+            },
+            "properties": { # The entity's properties. The map's keys are property names. A property name matching regex `__.*__` is reserved. A reserved property name is forbidden in certain documented contexts. The name must not contain more than 500 characters. The name cannot be `""`.
+              "a_key": # Object with schema name: Value
+            },
+          },
           "excludeFromIndexes": True or False, # If the value should be excluded from all indexes including those defined explicitly.
           "geoPointValue": { # An object that represents a latitude/longitude pair. This is expressed as a pair of doubles to represent degrees latitude and degrees longitude. Unless specified otherwise, this object must conform to the WGS84 standard. Values must be within normalized ranges. # A geo point value representing a point on the surface of Earth.
             "latitude": 3.14, # The latitude in degrees. It must be in the range [-90.0, +90.0].
@@ -855,40 +741,7 @@ 
Method Details

             ],
           },
           "properties": { # The entity's properties. The map's keys are property names. A property name matching regex `__.*__` is reserved. A reserved property name is forbidden in certain documented contexts. The name must not contain more than 500 characters. The name cannot be `""`.
-            "a_key": { # A message that can hold any of the supported value types and associated metadata.
-              "arrayValue": { # An array value. # An array value. Cannot contain another array value. A `Value` instance that sets field `array_value` must not set fields `meaning` or `exclude_from_indexes`.
-                "values": [ # Values in the array. The order of values in an array is preserved as long as all values have identical settings for 'exclude_from_indexes'.
-                  # Object with schema name: Value
-                ],
-              },
-              "blobValue": "A String", # A blob value. May have at most 1,000,000 bytes. When `exclude_from_indexes` is false, may have at most 1500 bytes. In JSON requests, must be base64-encoded.
-              "booleanValue": True or False, # A boolean value.
-              "doubleValue": 3.14, # A double value.
-              "entityValue": # Object with schema name: Entity # An entity value. - May have no key. - May have a key with an incomplete key path. - May have a reserved/read-only key.
-              "excludeFromIndexes": True or False, # If the value should be excluded from all indexes including those defined explicitly.
-              "geoPointValue": { # An object that represents a latitude/longitude pair. This is expressed as a pair of doubles to represent degrees latitude and degrees longitude. Unless specified otherwise, this object must conform to the WGS84 standard. Values must be within normalized ranges. # A geo point value representing a point on the surface of Earth.
-                "latitude": 3.14, # The latitude in degrees. It must be in the range [-90.0, +90.0].
-                "longitude": 3.14, # The longitude in degrees. It must be in the range [-180.0, +180.0].
-              },
-              "integerValue": "A String", # An integer value.
-              "keyValue": { # A unique identifier for an entity. If a key's partition ID or any of its path kinds or names are reserved/read-only, the key is reserved/read-only. A reserved/read-only key is forbidden in certain documented contexts. # A key value.
-                "partitionId": { # A partition ID identifies a grouping of entities. The grouping is always by project and namespace, however the namespace ID may be empty. A partition ID contains several dimensions: project ID and namespace ID. Partition dimensions: - May be `""`. - Must be valid UTF-8 bytes. - Must have values that match regex `[A-Za-z\d\.\-_]{1,100}` If the value of any dimension matches regex `__.*__`, the partition is reserved/read-only. A reserved/read-only partition ID is forbidden in certain documented contexts. Foreign partition IDs (in which the project ID does not match the context project ID ) are discouraged. Reads and writes of foreign partition IDs may fail if the project is not in an active state. # Entities are partitioned into subsets, currently identified by a project ID and namespace ID. Queries are scoped to a single partition.
-                  "namespaceId": "A String", # If not empty, the ID of the namespace to which the entities belong.
-                  "projectId": "A String", # The ID of the project to which the entities belong.
-                },
-                "path": [ # The entity path. An entity path consists of one or more elements composed of a kind and a string or numerical identifier, which identify entities. The first element identifies a _root entity_, the second element identifies a _child_ of the root entity, the third element identifies a child of the second entity, and so forth. The entities identified by all prefixes of the path are called the element's _ancestors_. An entity path is always fully complete: *all* of the entity's ancestors are required to be in the path along with the entity identifier itself. The only exception is that in some documented cases, the identifier in the last path element (for the entity) itself may be omitted. For example, the last path element of the key of `Mutation.insert` may have no identifier. A path can never be empty, and a path can have at most 100 elements.
-                  { # A (kind, ID/name) pair used to construct a key path. If either name or ID is set, the element is complete. If neither is set, the element is incomplete.
-                    "id": "A String", # The auto-allocated ID of the entity. Never equal to zero. Values less than zero are discouraged and may not be supported in the future.
-                    "kind": "A String", # The kind of the entity. A kind matching regex `__.*__` is reserved/read-only. A kind must not contain more than 1500 bytes when UTF-8 encoded. Cannot be `""`.
-                    "name": "A String", # The name of the entity. A name matching regex `__.*__` is reserved/read-only. A name must not be more than 1500 bytes when UTF-8 encoded. Cannot be `""`.
-                  },
-                ],
-              },
-              "meaning": 42, # The `meaning` field should only be populated for backwards compatibility.
-              "nullValue": "A String", # A null value.
-              "stringValue": "A String", # A UTF-8 encoded string value. When `exclude_from_indexes` is false (it is indexed) , may have at most 1500 bytes. Otherwise, may be set to at most 1,000,000 bytes.
-              "timestampValue": "A String", # A timestamp value. When stored in the Datastore, precise only to microseconds; any additional precision is rounded down.
-            },
+            "a_key": # Object with schema name: Value
           },
         },
         "version": "A String", # The version of the entity, a strictly positive number that monotonically increases with changes to the entity. This field is set for `FULL` entity results. For missing entities in `LookupResponse`, this is the version of the snapshot that was used to look up the entity, and it is always set except for eventually consistent reads.
@@ -927,7 +780,24 @@ 
Method Details

           "blobValue": "A String", # A blob value. May have at most 1,000,000 bytes. When `exclude_from_indexes` is false, may have at most 1500 bytes. In JSON requests, must be base64-encoded.
           "booleanValue": True or False, # A boolean value.
           "doubleValue": 3.14, # A double value.
-          "entityValue": # Object with schema name: Entity # An entity value. - May have no key. - May have a key with an incomplete key path. - May have a reserved/read-only key.
+          "entityValue": { # A Datastore data object. An entity is limited to 1 megabyte when stored. That _roughly_ corresponds to a limit of 1 megabyte for the serialized form of this message. # An entity value. - May have no key. - May have a key with an incomplete key path. - May have a reserved/read-only key.
+            "key": { # A unique identifier for an entity. If a key's partition ID or any of its path kinds or names are reserved/read-only, the key is reserved/read-only. A reserved/read-only key is forbidden in certain documented contexts. # The entity's key. An entity must have a key, unless otherwise documented (for example, an entity in `Value.entity_value` may have no key). An entity's kind is its key path's last element's kind, or null if it has no key.
+              "partitionId": { # A partition ID identifies a grouping of entities. The grouping is always by project and namespace, however the namespace ID may be empty. A partition ID contains several dimensions: project ID and namespace ID. Partition dimensions: - May be `""`. - Must be valid UTF-8 bytes. - Must have values that match regex `[A-Za-z\d\.\-_]{1,100}` If the value of any dimension matches regex `__.*__`, the partition is reserved/read-only. A reserved/read-only partition ID is forbidden in certain documented contexts. Foreign partition IDs (in which the project ID does not match the context project ID ) are discouraged. Reads and writes of foreign partition IDs may fail if the project is not in an active state. # Entities are partitioned into subsets, currently identified by a project ID and namespace ID. Queries are scoped to a single partition.
+                "namespaceId": "A String", # If not empty, the ID of the namespace to which the entities belong.
+                "projectId": "A String", # The ID of the project to which the entities belong.
+              },
+              "path": [ # The entity path. An entity path consists of one or more elements composed of a kind and a string or numerical identifier, which identify entities. The first element identifies a _root entity_, the second element identifies a _child_ of the root entity, the third element identifies a child of the second entity, and so forth. The entities identified by all prefixes of the path are called the element's _ancestors_. An entity path is always fully complete: *all* of the entity's ancestors are required to be in the path along with the entity identifier itself. The only exception is that in some documented cases, the identifier in the last path element (for the entity) itself may be omitted. For example, the last path element of the key of `Mutation.insert` may have no identifier. A path can never be empty, and a path can have at most 100 elements.
+                { # A (kind, ID/name) pair used to construct a key path. If either name or ID is set, the element is complete. If neither is set, the element is incomplete.
+                  "id": "A String", # The auto-allocated ID of the entity. Never equal to zero. Values less than zero are discouraged and may not be supported in the future.
+                  "kind": "A String", # The kind of the entity. A kind matching regex `__.*__` is reserved/read-only. A kind must not contain more than 1500 bytes when UTF-8 encoded. Cannot be `""`.
+                  "name": "A String", # The name of the entity. A name matching regex `__.*__` is reserved/read-only. A name must not be more than 1500 bytes when UTF-8 encoded. Cannot be `""`.
+                },
+              ],
+            },
+            "properties": { # The entity's properties. The map's keys are property names. A property name matching regex `__.*__` is reserved. A reserved property name is forbidden in certain documented contexts. The name must not contain more than 500 characters. The name cannot be `""`.
+              "a_key": # Object with schema name: Value
+            },
+          },
           "excludeFromIndexes": True or False, # If the value should be excluded from all indexes including those defined explicitly.
           "geoPointValue": { # An object that represents a latitude/longitude pair. This is expressed as a pair of doubles to represent degrees latitude and degrees longitude. Unless specified otherwise, this object must conform to the WGS84 standard. Values must be within normalized ranges. # A geo point value representing a point on the surface of Earth.
             "latitude": 3.14, # The latitude in degrees. It must be in the range [-90.0, +90.0].
diff --git a/docs/dyn/datastream_v1.html b/docs/dyn/datastream_v1.html
new file mode 100644
index 00000000000..8f66bf82eb1
--- /dev/null
+++ b/docs/dyn/datastream_v1.html
@@ -0,0 +1,111 @@
+
+
+
+
Datastream API

+
Instance Methods

+

+  projects()
+

+
Returns the projects Resource.

+
+

+  close()

+
Close httplib2 connections.

+

+  new_batch_http_request()

+
Create a BatchHttpRequest object based on the discovery document.

+
Method Details

+

+    close()
+  
Close httplib2 connections.

+

+
+

+    new_batch_http_request()
+  
Create a BatchHttpRequest object based on the discovery document.
+
+        Args:
+          callback: callable, A callback to be called for each response, of the
+            form callback(id, response, exception). The first parameter is the
+            request id, and the second is the deserialized response object. The
+            third is an apiclient.errors.HttpError exception object if an HTTP
+            error occurred while processing the request, or None if no error
+            occurred.
+
+        Returns:
+          A BatchHttpRequest object based on the discovery document.
+        

+

+
+
\ No newline at end of file
diff --git a/docs/dyn/datastream_v1.projects.html b/docs/dyn/datastream_v1.projects.html
new file mode 100644
index 00000000000..bcf277adf72
--- /dev/null
+++ b/docs/dyn/datastream_v1.projects.html
@@ -0,0 +1,91 @@
+
+
+
+
Datastream API . projects

+
Instance Methods

+

+  locations()
+

+
Returns the locations Resource.

+
+

+  close()

+
Close httplib2 connections.

+
Method Details

+

+    close()
+  
Close httplib2 connections.

+

+
+
\ No newline at end of file
diff --git a/docs/dyn/datastream_v1.projects.locations.html b/docs/dyn/datastream_v1.projects.locations.html
new file mode 100644
index 00000000000..6b2699671c0
--- /dev/null
+++ b/docs/dyn/datastream_v1.projects.locations.html
@@ -0,0 +1,176 @@
+
+
+
+
Datastream API . projects . locations

+
Instance Methods

+

+  operations()
+

+
Returns the operations Resource.

+
+

+  close()

+
Close httplib2 connections.

+

+  get(name, x__xgafv=None)

+
Gets information about a location.

+

+  list(name, filter=None, pageSize=None, pageToken=None, x__xgafv=None)

+
Lists information about the supported locations for this service.

+

+  list_next(previous_request, previous_response)

+
Retrieves the next page of results.

+
Method Details

+

+    close()
+  
Close httplib2 connections.

+

+
+

+    get(name, x__xgafv=None)
+  
Gets information about a location.
+
+Args:
+  name: string, Resource name for the location. (required)
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # A resource that represents Google Cloud Platform location.
+  "displayName": "A String", # The friendly name for this location, typically a nearby city name. For example, "Tokyo".
+  "labels": { # Cross-service attributes for the location. For example {"cloud.googleapis.com/region": "us-east1"}
+    "a_key": "A String",
+  },
+  "locationId": "A String", # The canonical id for this location. For example: `"us-east1"`.
+  "metadata": { # Service-specific metadata. For example the available capacity at the given location.
+    "a_key": "", # Properties of the object. Contains field @type with type URL.
+  },
+  "name": "A String", # Resource name for the location, which may vary between implementations. For example: `"projects/example-project/locations/us-east1"`
+}

+

+
+

+    list(name, filter=None, pageSize=None, pageToken=None, x__xgafv=None)
+  
Lists information about the supported locations for this service.
+
+Args:
+  name: string, The resource that owns the locations collection, if applicable. (required)
+  filter: string, A filter to narrow down results to a preferred subset. The filtering language accepts strings like "displayName=tokyo", and is documented in more detail in [AIP-160](https://google.aip.dev/160).
+  pageSize: integer, The maximum number of results to return. If not set, the service selects a default.
+  pageToken: string, A page token received from the `next_page_token` field in the response. Send that page token to receive the subsequent page.
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # The response message for Locations.ListLocations.
+  "locations": [ # A list of locations that matches the specified filter in the request.
+    { # A resource that represents Google Cloud Platform location.
+      "displayName": "A String", # The friendly name for this location, typically a nearby city name. For example, "Tokyo".
+      "labels": { # Cross-service attributes for the location. For example {"cloud.googleapis.com/region": "us-east1"}
+        "a_key": "A String",
+      },
+      "locationId": "A String", # The canonical id for this location. For example: `"us-east1"`.
+      "metadata": { # Service-specific metadata. For example the available capacity at the given location.
+        "a_key": "", # Properties of the object. Contains field @type with type URL.
+      },
+      "name": "A String", # Resource name for the location, which may vary between implementations. For example: `"projects/example-project/locations/us-east1"`
+    },
+  ],
+  "nextPageToken": "A String", # The standard List next-page token.
+}

+

+
+

+    list_next(previous_request, previous_response)
+  
Retrieves the next page of results.
+
+Args:
+  previous_request: The request for the previous page. (required)
+  previous_response: The response from the request for the previous page. (required)
+
+Returns:
+  A request object that you can call 'execute()' on to request the next
+  page. Returns None if there are no more items in the collection.
+    

+

+
+
\ No newline at end of file
diff --git a/docs/dyn/datastream_v1.projects.locations.operations.html b/docs/dyn/datastream_v1.projects.locations.operations.html
new file mode 100644
index 00000000000..2dbd1dd1dce
--- /dev/null
+++ b/docs/dyn/datastream_v1.projects.locations.operations.html
@@ -0,0 +1,235 @@
+
+
+
+
Datastream API . projects . locations . operations

+
Instance Methods

+

+  cancel(name, body=None, x__xgafv=None)

+
Starts asynchronous cancellation on a long-running operation. The server makes a best effort to cancel the operation, but success is not guaranteed. If the server doesn't support this method, it returns `google.rpc.Code.UNIMPLEMENTED`. Clients can use Operations.GetOperation or other methods to check whether the cancellation succeeded or whether the operation completed despite cancellation. On successful cancellation, the operation is not deleted; instead, it becomes an operation with an Operation.error value with a google.rpc.Status.code of 1, corresponding to `Code.CANCELLED`.

+

+  close()

+
Close httplib2 connections.

+

+  delete(name, x__xgafv=None)

+
Deletes a long-running operation. This method indicates that the client is no longer interested in the operation result. It does not cancel the operation. If the server doesn't support this method, it returns `google.rpc.Code.UNIMPLEMENTED`.

+

+  get(name, x__xgafv=None)

+
Gets the latest state of a long-running operation. Clients can use this method to poll the operation result at intervals as recommended by the API service.

+

+  list(name, filter=None, pageSize=None, pageToken=None, x__xgafv=None)

+
Lists operations that match the specified filter in the request. If the server doesn't support this method, it returns `UNIMPLEMENTED`. NOTE: the `name` binding allows API services to override the binding to use different resource name schemes, such as `users/*/operations`. To override the binding, API services can add a binding such as `"/v1/{name=users/*}/operations"` to their service configuration. For backwards compatibility, the default name includes the operations collection id, however overriding users must ensure the name binding is the parent resource, without the operations collection id.

+

+  list_next(previous_request, previous_response)

+
Retrieves the next page of results.

+
Method Details

+

+    cancel(name, body=None, x__xgafv=None)
+  
Starts asynchronous cancellation on a long-running operation. The server makes a best effort to cancel the operation, but success is not guaranteed. If the server doesn't support this method, it returns `google.rpc.Code.UNIMPLEMENTED`. Clients can use Operations.GetOperation or other methods to check whether the cancellation succeeded or whether the operation completed despite cancellation. On successful cancellation, the operation is not deleted; instead, it becomes an operation with an Operation.error value with a google.rpc.Status.code of 1, corresponding to `Code.CANCELLED`.
+
+Args:
+  name: string, The name of the operation resource to be cancelled. (required)
+  body: object, The request body.
+    The object takes the form of:
+
+{ # The request message for Operations.CancelOperation.
+}
+
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for `Empty` is empty JSON object `{}`.
+}

+

+
+

+    close()
+  
Close httplib2 connections.

+

+
+

+    delete(name, x__xgafv=None)
+  
Deletes a long-running operation. This method indicates that the client is no longer interested in the operation result. It does not cancel the operation. If the server doesn't support this method, it returns `google.rpc.Code.UNIMPLEMENTED`.
+
+Args:
+  name: string, The name of the operation resource to be deleted. (required)
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for `Empty` is empty JSON object `{}`.
+}

+

+
+

+    get(name, x__xgafv=None)
+  
Gets the latest state of a long-running operation. Clients can use this method to poll the operation result at intervals as recommended by the API service.
+
+Args:
+  name: string, The name of the operation resource. (required)
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # This resource represents a long-running operation that is the result of a network API call.
+  "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+  "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+    "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+    "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+      {
+        "a_key": "", # Properties of the object. Contains field @type with type URL.
+      },
+    ],
+    "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+  },
+  "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+    "a_key": "", # Properties of the object. Contains field @type with type URL.
+  },
+  "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+  "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+    "a_key": "", # Properties of the object. Contains field @type with type URL.
+  },
+}

+

+
+

+    list(name, filter=None, pageSize=None, pageToken=None, x__xgafv=None)
+  
Lists operations that match the specified filter in the request. If the server doesn't support this method, it returns `UNIMPLEMENTED`. NOTE: the `name` binding allows API services to override the binding to use different resource name schemes, such as `users/*/operations`. To override the binding, API services can add a binding such as `"/v1/{name=users/*}/operations"` to their service configuration. For backwards compatibility, the default name includes the operations collection id, however overriding users must ensure the name binding is the parent resource, without the operations collection id.
+
+Args:
+  name: string, The name of the operation's parent resource. (required)
+  filter: string, The standard list filter.
+  pageSize: integer, The standard list page size.
+  pageToken: string, The standard list page token.
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # The response message for Operations.ListOperations.
+  "nextPageToken": "A String", # The standard List next-page token.
+  "operations": [ # A list of operations that matches the specified filter in the request.
+    { # This resource represents a long-running operation that is the result of a network API call.
+      "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+      "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+        "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+        "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+          {
+            "a_key": "", # Properties of the object. Contains field @type with type URL.
+          },
+        ],
+        "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+      },
+      "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+        "a_key": "", # Properties of the object. Contains field @type with type URL.
+      },
+      "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+      "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+        "a_key": "", # Properties of the object. Contains field @type with type URL.
+      },
+    },
+  ],
+}

+

+
+

+    list_next(previous_request, previous_response)
+  
Retrieves the next page of results.
+
+Args:
+  previous_request: The request for the previous page. (required)
+  previous_response: The response from the request for the previous page. (required)
+
+Returns:
+  A request object that you can call 'execute()' on to request the next
+  page. Returns None if there are no more items in the collection.
+    

+

+
+
\ No newline at end of file
diff --git a/docs/dyn/dialogflow_v2.projects.conversationProfiles.html b/docs/dyn/dialogflow_v2.projects.conversationProfiles.html
index efa291c5af9..4d0b547a4ae 100644
--- a/docs/dyn/dialogflow_v2.projects.conversationProfiles.html
+++ b/docs/dyn/dialogflow_v2.projects.conversationProfiles.html
@@ -112,7 +112,7 @@ 
Method Details

 
 { # Defines the services to connect to incoming Dialogflow conversations.
   "automatedAgentConfig": { # Defines the Automated Agent to connect to a conversation. # Configuration for an automated agent to use with this profile.
-    "agent": "A String", # Required. ID of the Dialogflow agent environment to use. This project needs to either be the same project as the conversation or you need to grant `service-@gcp-sa-dialogflow.iam.gserviceaccount.com` the `Dialogflow API Service Agent` role in this project. Format: `projects//locations//agent/environments/`. If environment is not specified, the default `draft` environment is used. Refer to [DetectIntentRequest](/dialogflow/docs/reference/rpc/google.cloud.dialogflow.v2#google.cloud.dialogflow.v2.DetectIntentRequest) for more details.
+    "agent": "A String", # Required. ID of the Dialogflow agent environment to use. This project needs to either be the same project as the conversation or you need to grant `service-@gcp-sa-dialogflow.iam.gserviceaccount.com` the `Dialogflow API Service Agent` role in this project. - For ES agents, use format: `projects//locations//agent/environments/`. If environment is not specified, the default `draft` environment is used. Refer to [DetectIntentRequest](/dialogflow/docs/reference/rpc/google.cloud.dialogflow.v2#google.cloud.dialogflow.v2.DetectIntentRequest) for more details. - For CX agents, use format `projects//locations//agents//environments/`. If environment is not specified, the default `draft` environment is used.
   },
   "createTime": "A String", # Output only. Create time of the conversation profile.
   "displayName": "A String", # Required. Human readable name for this profile. Max length 1024 bytes.
@@ -125,7 +125,7 @@ 
Method Details

           },
           "enableEventBasedSuggestion": True or False, # Automatically iterates all participants and tries to compile suggestions. Supported features: ARTICLE_SUGGESTION, FAQ, DIALOGFLOW_ASSIST.
           "queryConfig": { # Config for suggestion query. # Configs of query.
-            "confidenceThreshold": 3.14, # Confidence threshold of query result. Agent Assist gives each suggestion a score in the range [0.0, 1.0], based on the relevance between the suggestion and the current conversation context. A score of 0.0 has no relevance, while a score of 1.0 has high relevance. Only suggestions with a score greater than or equal to the value of this field are included in the results. For a baseline model (the default), the recommended value is in the range [0.05, 0.1]. For a custom model, there is no recommended value. Tune this value by starting from a very low value and slowly increasing until you have desired results. If this field is not set, it defaults to 0.0, which means that all suggestions are returned. Supported features: ARTICLE_SUGGESTION.
+            "confidenceThreshold": 3.14, # Confidence threshold of query result. Agent Assist gives each suggestion a score in the range [0.0, 1.0], based on the relevance between the suggestion and the current conversation context. A score of 0.0 has no relevance, while a score of 1.0 has high relevance. Only suggestions with a score greater than or equal to the value of this field are included in the results. For a baseline model (the default), the recommended value is in the range [0.05, 0.1]. For a custom model, there is no recommended value. Tune this value by starting from a very low value and slowly increasing until you have desired results. If this field is not set, it defaults to 0.0, which means that all suggestions are returned. Supported features: ARTICLE_SUGGESTION, FAQ, SMART_REPLY, SMART_COMPOSE.
             "contextFilterSettings": { # Settings that determine how to filter recent conversation context when generating suggestions. # Determines how recent conversation context is filtered when generating suggestions. If unspecified, no messages will be dropped.
               "dropHandoffMessages": True or False, # If set to true, the last message from virtual agent (hand off message) and the message before it (trigger message of hand off) are dropped.
               "dropIvrMessages": True or False, # If set to true, all messages from ivr stage are dropped.
@@ -165,7 +165,7 @@ 
Method Details

           },
           "enableEventBasedSuggestion": True or False, # Automatically iterates all participants and tries to compile suggestions. Supported features: ARTICLE_SUGGESTION, FAQ, DIALOGFLOW_ASSIST.
           "queryConfig": { # Config for suggestion query. # Configs of query.
-            "confidenceThreshold": 3.14, # Confidence threshold of query result. Agent Assist gives each suggestion a score in the range [0.0, 1.0], based on the relevance between the suggestion and the current conversation context. A score of 0.0 has no relevance, while a score of 1.0 has high relevance. Only suggestions with a score greater than or equal to the value of this field are included in the results. For a baseline model (the default), the recommended value is in the range [0.05, 0.1]. For a custom model, there is no recommended value. Tune this value by starting from a very low value and slowly increasing until you have desired results. If this field is not set, it defaults to 0.0, which means that all suggestions are returned. Supported features: ARTICLE_SUGGESTION.
+            "confidenceThreshold": 3.14, # Confidence threshold of query result. Agent Assist gives each suggestion a score in the range [0.0, 1.0], based on the relevance between the suggestion and the current conversation context. A score of 0.0 has no relevance, while a score of 1.0 has high relevance. Only suggestions with a score greater than or equal to the value of this field are included in the results. For a baseline model (the default), the recommended value is in the range [0.05, 0.1]. For a custom model, there is no recommended value. Tune this value by starting from a very low value and slowly increasing until you have desired results. If this field is not set, it defaults to 0.0, which means that all suggestions are returned. Supported features: ARTICLE_SUGGESTION, FAQ, SMART_REPLY, SMART_COMPOSE.
             "contextFilterSettings": { # Settings that determine how to filter recent conversation context when generating suggestions. # Determines how recent conversation context is filtered when generating suggestions. If unspecified, no messages will be dropped.
               "dropHandoffMessages": True or False, # If set to true, the last message from virtual agent (hand off message) and the message before it (trigger message of hand off) are dropped.
               "dropIvrMessages": True or False, # If set to true, all messages from ivr stage are dropped.
@@ -217,7 +217,7 @@ 
Method Details

       "organizationId": "A String", # Required. The organization ID of the Salesforce account.
     },
   },
-  "languageCode": "A String", # Language which represents the conversationProfile. If unspecified, the default language code en-us applies. Users need to create a ConversationProfile for each language they want to support.
+  "languageCode": "A String", # Language code for the conversation profile. If not specified, the language is en-US. Language at ConversationProfile should be set for all non en-US languages. This should be a [BCP-47](https://www.rfc-editor.org/rfc/bcp/bcp47.txt) language tag. Example: "en-US".
   "loggingConfig": { # Defines logging behavior for conversation lifecycle events. # Configuration for logging conversation lifecycle events.
     "enableStackdriverLogging": True or False, # Whether to log conversation events like CONVERSATION_STARTED to Stackdriver in the conversation project as JSON format ConversationEvent protos.
   },
@@ -230,9 +230,11 @@ 
Method Details

     "messageFormat": "A String", # Format of message.
     "topic": "A String", # Name of the Pub/Sub topic to publish conversation events like CONVERSATION_STARTED as serialized ConversationEvent protos. Notification works for phone calls, if this topic either is in the same project as the conversation or you grant `service-@gcp-sa-dialogflow.iam.gserviceaccount.com` the `Dialogflow Service Agent` role in the topic project. Format: `projects//locations//topics/`.
   },
+  "securitySettings": "A String", # Name of the CX SecuritySettings reference for the agent. Format: `projects//locations//securitySettings/`.
   "sttConfig": { # Configures speech transcription for ConversationProfile. # Settings for speech transcription.
     "speechModelVariant": "A String", # Optional. The speech model used in speech to text. `SPEECH_MODEL_VARIANT_UNSPECIFIED`, `USE_BEST_AVAILABLE` will be treated as `USE_ENHANCED`. It can be overridden in AnalyzeContentRequest and StreamingAnalyzeContentRequest request.
   },
+  "timeZone": "A String", # The time zone of this conversational profile from the [time zone database](https://www.iana.org/time-zones), e.g., America/New_York, Europe/Paris. Defaults to America/New_York.
   "updateTime": "A String", # Output only. Update time of the conversation profile.
 }
 
@@ -246,7 +248,7 @@ 
Method Details

 
     { # Defines the services to connect to incoming Dialogflow conversations.
   "automatedAgentConfig": { # Defines the Automated Agent to connect to a conversation. # Configuration for an automated agent to use with this profile.
-    "agent": "A String", # Required. ID of the Dialogflow agent environment to use. This project needs to either be the same project as the conversation or you need to grant `service-@gcp-sa-dialogflow.iam.gserviceaccount.com` the `Dialogflow API Service Agent` role in this project. Format: `projects//locations//agent/environments/`. If environment is not specified, the default `draft` environment is used. Refer to [DetectIntentRequest](/dialogflow/docs/reference/rpc/google.cloud.dialogflow.v2#google.cloud.dialogflow.v2.DetectIntentRequest) for more details.
+    "agent": "A String", # Required. ID of the Dialogflow agent environment to use. This project needs to either be the same project as the conversation or you need to grant `service-@gcp-sa-dialogflow.iam.gserviceaccount.com` the `Dialogflow API Service Agent` role in this project. - For ES agents, use format: `projects//locations//agent/environments/`. If environment is not specified, the default `draft` environment is used. Refer to [DetectIntentRequest](/dialogflow/docs/reference/rpc/google.cloud.dialogflow.v2#google.cloud.dialogflow.v2.DetectIntentRequest) for more details. - For CX agents, use format `projects//locations//agents//environments/`. If environment is not specified, the default `draft` environment is used.
   },
   "createTime": "A String", # Output only. Create time of the conversation profile.
   "displayName": "A String", # Required. Human readable name for this profile. Max length 1024 bytes.
@@ -259,7 +261,7 @@ 
Method Details

           },
           "enableEventBasedSuggestion": True or False, # Automatically iterates all participants and tries to compile suggestions. Supported features: ARTICLE_SUGGESTION, FAQ, DIALOGFLOW_ASSIST.
           "queryConfig": { # Config for suggestion query. # Configs of query.
-            "confidenceThreshold": 3.14, # Confidence threshold of query result. Agent Assist gives each suggestion a score in the range [0.0, 1.0], based on the relevance between the suggestion and the current conversation context. A score of 0.0 has no relevance, while a score of 1.0 has high relevance. Only suggestions with a score greater than or equal to the value of this field are included in the results. For a baseline model (the default), the recommended value is in the range [0.05, 0.1]. For a custom model, there is no recommended value. Tune this value by starting from a very low value and slowly increasing until you have desired results. If this field is not set, it defaults to 0.0, which means that all suggestions are returned. Supported features: ARTICLE_SUGGESTION.
+            "confidenceThreshold": 3.14, # Confidence threshold of query result. Agent Assist gives each suggestion a score in the range [0.0, 1.0], based on the relevance between the suggestion and the current conversation context. A score of 0.0 has no relevance, while a score of 1.0 has high relevance. Only suggestions with a score greater than or equal to the value of this field are included in the results. For a baseline model (the default), the recommended value is in the range [0.05, 0.1]. For a custom model, there is no recommended value. Tune this value by starting from a very low value and slowly increasing until you have desired results. If this field is not set, it defaults to 0.0, which means that all suggestions are returned. Supported features: ARTICLE_SUGGESTION, FAQ, SMART_REPLY, SMART_COMPOSE.
             "contextFilterSettings": { # Settings that determine how to filter recent conversation context when generating suggestions. # Determines how recent conversation context is filtered when generating suggestions. If unspecified, no messages will be dropped.
               "dropHandoffMessages": True or False, # If set to true, the last message from virtual agent (hand off message) and the message before it (trigger message of hand off) are dropped.
               "dropIvrMessages": True or False, # If set to true, all messages from ivr stage are dropped.
@@ -299,7 +301,7 @@ 
Method Details

           },
           "enableEventBasedSuggestion": True or False, # Automatically iterates all participants and tries to compile suggestions. Supported features: ARTICLE_SUGGESTION, FAQ, DIALOGFLOW_ASSIST.
           "queryConfig": { # Config for suggestion query. # Configs of query.
-            "confidenceThreshold": 3.14, # Confidence threshold of query result. Agent Assist gives each suggestion a score in the range [0.0, 1.0], based on the relevance between the suggestion and the current conversation context. A score of 0.0 has no relevance, while a score of 1.0 has high relevance. Only suggestions with a score greater than or equal to the value of this field are included in the results. For a baseline model (the default), the recommended value is in the range [0.05, 0.1]. For a custom model, there is no recommended value. Tune this value by starting from a very low value and slowly increasing until you have desired results. If this field is not set, it defaults to 0.0, which means that all suggestions are returned. Supported features: ARTICLE_SUGGESTION.
+            "confidenceThreshold": 3.14, # Confidence threshold of query result. Agent Assist gives each suggestion a score in the range [0.0, 1.0], based on the relevance between the suggestion and the current conversation context. A score of 0.0 has no relevance, while a score of 1.0 has high relevance. Only suggestions with a score greater than or equal to the value of this field are included in the results. For a baseline model (the default), the recommended value is in the range [0.05, 0.1]. For a custom model, there is no recommended value. Tune this value by starting from a very low value and slowly increasing until you have desired results. If this field is not set, it defaults to 0.0, which means that all suggestions are returned. Supported features: ARTICLE_SUGGESTION, FAQ, SMART_REPLY, SMART_COMPOSE.
             "contextFilterSettings": { # Settings that determine how to filter recent conversation context when generating suggestions. # Determines how recent conversation context is filtered when generating suggestions. If unspecified, no messages will be dropped.
               "dropHandoffMessages": True or False, # If set to true, the last message from virtual agent (hand off message) and the message before it (trigger message of hand off) are dropped.
               "dropIvrMessages": True or False, # If set to true, all messages from ivr stage are dropped.
@@ -351,7 +353,7 @@ 
Method Details

       "organizationId": "A String", # Required. The organization ID of the Salesforce account.
     },
   },
-  "languageCode": "A String", # Language which represents the conversationProfile. If unspecified, the default language code en-us applies. Users need to create a ConversationProfile for each language they want to support.
+  "languageCode": "A String", # Language code for the conversation profile. If not specified, the language is en-US. Language at ConversationProfile should be set for all non en-US languages. This should be a [BCP-47](https://www.rfc-editor.org/rfc/bcp/bcp47.txt) language tag. Example: "en-US".
   "loggingConfig": { # Defines logging behavior for conversation lifecycle events. # Configuration for logging conversation lifecycle events.
     "enableStackdriverLogging": True or False, # Whether to log conversation events like CONVERSATION_STARTED to Stackdriver in the conversation project as JSON format ConversationEvent protos.
   },
@@ -364,9 +366,11 @@ 
Method Details

     "messageFormat": "A String", # Format of message.
     "topic": "A String", # Name of the Pub/Sub topic to publish conversation events like CONVERSATION_STARTED as serialized ConversationEvent protos. Notification works for phone calls, if this topic either is in the same project as the conversation or you grant `service-@gcp-sa-dialogflow.iam.gserviceaccount.com` the `Dialogflow Service Agent` role in the topic project. Format: `projects//locations//topics/`.
   },
+  "securitySettings": "A String", # Name of the CX SecuritySettings reference for the agent. Format: `projects//locations//securitySettings/`.
   "sttConfig": { # Configures speech transcription for ConversationProfile. # Settings for speech transcription.
     "speechModelVariant": "A String", # Optional. The speech model used in speech to text. `SPEECH_MODEL_VARIANT_UNSPECIFIED`, `USE_BEST_AVAILABLE` will be treated as `USE_ENHANCED`. It can be overridden in AnalyzeContentRequest and StreamingAnalyzeContentRequest request.
   },
+  "timeZone": "A String", # The time zone of this conversational profile from the [time zone database](https://www.iana.org/time-zones), e.g., America/New_York, Europe/Paris. Defaults to America/New_York.
   "updateTime": "A String", # Output only. Update time of the conversation profile.
 }
@@ -405,7 +409,7 @@

Method Details

{ # Defines the services to connect to incoming Dialogflow conversations. "automatedAgentConfig": { # Defines the Automated Agent to connect to a conversation. # Configuration for an automated agent to use with this profile. - "agent": "A String", # Required. ID of the Dialogflow agent environment to use. This project needs to either be the same project as the conversation or you need to grant `service-@gcp-sa-dialogflow.iam.gserviceaccount.com` the `Dialogflow API Service Agent` role in this project. Format: `projects//locations//agent/environments/`. If environment is not specified, the default `draft` environment is used. Refer to [DetectIntentRequest](/dialogflow/docs/reference/rpc/google.cloud.dialogflow.v2#google.cloud.dialogflow.v2.DetectIntentRequest) for more details. + "agent": "A String", # Required. ID of the Dialogflow agent environment to use. This project needs to either be the same project as the conversation or you need to grant `service-@gcp-sa-dialogflow.iam.gserviceaccount.com` the `Dialogflow API Service Agent` role in this project. - For ES agents, use format: `projects//locations//agent/environments/`. If environment is not specified, the default `draft` environment is used. Refer to [DetectIntentRequest](/dialogflow/docs/reference/rpc/google.cloud.dialogflow.v2#google.cloud.dialogflow.v2.DetectIntentRequest) for more details. - For CX agents, use format `projects//locations//agents//environments/`. If environment is not specified, the default `draft` environment is used. }, "createTime": "A String", # Output only. Create time of the conversation profile. "displayName": "A String", # Required. Human readable name for this profile. Max length 1024 bytes. @@ -418,7 +422,7 @@

Method Details

}, "enableEventBasedSuggestion": True or False, # Automatically iterates all participants and tries to compile suggestions. Supported features: ARTICLE_SUGGESTION, FAQ, DIALOGFLOW_ASSIST. "queryConfig": { # Config for suggestion query. # Configs of query. - "confidenceThreshold": 3.14, # Confidence threshold of query result. Agent Assist gives each suggestion a score in the range [0.0, 1.0], based on the relevance between the suggestion and the current conversation context. A score of 0.0 has no relevance, while a score of 1.0 has high relevance. Only suggestions with a score greater than or equal to the value of this field are included in the results. For a baseline model (the default), the recommended value is in the range [0.05, 0.1]. For a custom model, there is no recommended value. Tune this value by starting from a very low value and slowly increasing until you have desired results. If this field is not set, it defaults to 0.0, which means that all suggestions are returned. Supported features: ARTICLE_SUGGESTION. + "confidenceThreshold": 3.14, # Confidence threshold of query result. Agent Assist gives each suggestion a score in the range [0.0, 1.0], based on the relevance between the suggestion and the current conversation context. A score of 0.0 has no relevance, while a score of 1.0 has high relevance. Only suggestions with a score greater than or equal to the value of this field are included in the results. For a baseline model (the default), the recommended value is in the range [0.05, 0.1]. For a custom model, there is no recommended value. Tune this value by starting from a very low value and slowly increasing until you have desired results. If this field is not set, it defaults to 0.0, which means that all suggestions are returned. Supported features: ARTICLE_SUGGESTION, FAQ, SMART_REPLY, SMART_COMPOSE. "contextFilterSettings": { # Settings that determine how to filter recent conversation context when generating suggestions. # Determines how recent conversation context is filtered when generating suggestions. If unspecified, no messages will be dropped. "dropHandoffMessages": True or False, # If set to true, the last message from virtual agent (hand off message) and the message before it (trigger message of hand off) are dropped. "dropIvrMessages": True or False, # If set to true, all messages from ivr stage are dropped. @@ -458,7 +462,7 @@

Method Details

}, "enableEventBasedSuggestion": True or False, # Automatically iterates all participants and tries to compile suggestions. Supported features: ARTICLE_SUGGESTION, FAQ, DIALOGFLOW_ASSIST. "queryConfig": { # Config for suggestion query. # Configs of query. - "confidenceThreshold": 3.14, # Confidence threshold of query result. Agent Assist gives each suggestion a score in the range [0.0, 1.0], based on the relevance between the suggestion and the current conversation context. A score of 0.0 has no relevance, while a score of 1.0 has high relevance. Only suggestions with a score greater than or equal to the value of this field are included in the results. For a baseline model (the default), the recommended value is in the range [0.05, 0.1]. For a custom model, there is no recommended value. Tune this value by starting from a very low value and slowly increasing until you have desired results. If this field is not set, it defaults to 0.0, which means that all suggestions are returned. Supported features: ARTICLE_SUGGESTION. + "confidenceThreshold": 3.14, # Confidence threshold of query result. Agent Assist gives each suggestion a score in the range [0.0, 1.0], based on the relevance between the suggestion and the current conversation context. A score of 0.0 has no relevance, while a score of 1.0 has high relevance. Only suggestions with a score greater than or equal to the value of this field are included in the results. For a baseline model (the default), the recommended value is in the range [0.05, 0.1]. For a custom model, there is no recommended value. Tune this value by starting from a very low value and slowly increasing until you have desired results. If this field is not set, it defaults to 0.0, which means that all suggestions are returned. Supported features: ARTICLE_SUGGESTION, FAQ, SMART_REPLY, SMART_COMPOSE. "contextFilterSettings": { # Settings that determine how to filter recent conversation context when generating suggestions. # Determines how recent conversation context is filtered when generating suggestions. If unspecified, no messages will be dropped. "dropHandoffMessages": True or False, # If set to true, the last message from virtual agent (hand off message) and the message before it (trigger message of hand off) are dropped. "dropIvrMessages": True or False, # If set to true, all messages from ivr stage are dropped. @@ -510,7 +514,7 @@

Method Details

"organizationId": "A String", # Required. The organization ID of the Salesforce account. }, }, - "languageCode": "A String", # Language which represents the conversationProfile. If unspecified, the default language code en-us applies. Users need to create a ConversationProfile for each language they want to support. + "languageCode": "A String", # Language code for the conversation profile. If not specified, the language is en-US. Language at ConversationProfile should be set for all non en-US languages. This should be a [BCP-47](https://www.rfc-editor.org/rfc/bcp/bcp47.txt) language tag. Example: "en-US". "loggingConfig": { # Defines logging behavior for conversation lifecycle events. # Configuration for logging conversation lifecycle events. "enableStackdriverLogging": True or False, # Whether to log conversation events like CONVERSATION_STARTED to Stackdriver in the conversation project as JSON format ConversationEvent protos. }, @@ -523,9 +527,11 @@

Method Details

"messageFormat": "A String", # Format of message. "topic": "A String", # Name of the Pub/Sub topic to publish conversation events like CONVERSATION_STARTED as serialized ConversationEvent protos. Notification works for phone calls, if this topic either is in the same project as the conversation or you grant `service-@gcp-sa-dialogflow.iam.gserviceaccount.com` the `Dialogflow Service Agent` role in the topic project. Format: `projects//locations//topics/`. }, + "securitySettings": "A String", # Name of the CX SecuritySettings reference for the agent. Format: `projects//locations//securitySettings/`. "sttConfig": { # Configures speech transcription for ConversationProfile. # Settings for speech transcription. "speechModelVariant": "A String", # Optional. The speech model used in speech to text. `SPEECH_MODEL_VARIANT_UNSPECIFIED`, `USE_BEST_AVAILABLE` will be treated as `USE_ENHANCED`. It can be overridden in AnalyzeContentRequest and StreamingAnalyzeContentRequest request. }, + "timeZone": "A String", # The time zone of this conversational profile from the [time zone database](https://www.iana.org/time-zones), e.g., America/New_York, Europe/Paris. Defaults to America/New_York. "updateTime": "A String", # Output only. Update time of the conversation profile. } @@ -550,7 +556,7 @@

Method Details

"conversationProfiles": [ # The list of project conversation profiles. There is a maximum number of items returned based on the page_size field in the request. { # Defines the services to connect to incoming Dialogflow conversations. "automatedAgentConfig": { # Defines the Automated Agent to connect to a conversation. # Configuration for an automated agent to use with this profile. - "agent": "A String", # Required. ID of the Dialogflow agent environment to use. This project needs to either be the same project as the conversation or you need to grant `service-@gcp-sa-dialogflow.iam.gserviceaccount.com` the `Dialogflow API Service Agent` role in this project. Format: `projects//locations//agent/environments/`. If environment is not specified, the default `draft` environment is used. Refer to [DetectIntentRequest](/dialogflow/docs/reference/rpc/google.cloud.dialogflow.v2#google.cloud.dialogflow.v2.DetectIntentRequest) for more details. + "agent": "A String", # Required. ID of the Dialogflow agent environment to use. This project needs to either be the same project as the conversation or you need to grant `service-@gcp-sa-dialogflow.iam.gserviceaccount.com` the `Dialogflow API Service Agent` role in this project. - For ES agents, use format: `projects//locations//agent/environments/`. If environment is not specified, the default `draft` environment is used. Refer to [DetectIntentRequest](/dialogflow/docs/reference/rpc/google.cloud.dialogflow.v2#google.cloud.dialogflow.v2.DetectIntentRequest) for more details. - For CX agents, use format `projects//locations//agents//environments/`. If environment is not specified, the default `draft` environment is used. }, "createTime": "A String", # Output only. Create time of the conversation profile. "displayName": "A String", # Required. Human readable name for this profile. Max length 1024 bytes. @@ -563,7 +569,7 @@

Method Details

}, "enableEventBasedSuggestion": True or False, # Automatically iterates all participants and tries to compile suggestions. Supported features: ARTICLE_SUGGESTION, FAQ, DIALOGFLOW_ASSIST. "queryConfig": { # Config for suggestion query. # Configs of query. - "confidenceThreshold": 3.14, # Confidence threshold of query result. Agent Assist gives each suggestion a score in the range [0.0, 1.0], based on the relevance between the suggestion and the current conversation context. A score of 0.0 has no relevance, while a score of 1.0 has high relevance. Only suggestions with a score greater than or equal to the value of this field are included in the results. For a baseline model (the default), the recommended value is in the range [0.05, 0.1]. For a custom model, there is no recommended value. Tune this value by starting from a very low value and slowly increasing until you have desired results. If this field is not set, it defaults to 0.0, which means that all suggestions are returned. Supported features: ARTICLE_SUGGESTION. + "confidenceThreshold": 3.14, # Confidence threshold of query result. Agent Assist gives each suggestion a score in the range [0.0, 1.0], based on the relevance between the suggestion and the current conversation context. A score of 0.0 has no relevance, while a score of 1.0 has high relevance. Only suggestions with a score greater than or equal to the value of this field are included in the results. For a baseline model (the default), the recommended value is in the range [0.05, 0.1]. For a custom model, there is no recommended value. Tune this value by starting from a very low value and slowly increasing until you have desired results. If this field is not set, it defaults to 0.0, which means that all suggestions are returned. Supported features: ARTICLE_SUGGESTION, FAQ, SMART_REPLY, SMART_COMPOSE. "contextFilterSettings": { # Settings that determine how to filter recent conversation context when generating suggestions. # Determines how recent conversation context is filtered when generating suggestions. If unspecified, no messages will be dropped. "dropHandoffMessages": True or False, # If set to true, the last message from virtual agent (hand off message) and the message before it (trigger message of hand off) are dropped. "dropIvrMessages": True or False, # If set to true, all messages from ivr stage are dropped. @@ -603,7 +609,7 @@

Method Details

}, "enableEventBasedSuggestion": True or False, # Automatically iterates all participants and tries to compile suggestions. Supported features: ARTICLE_SUGGESTION, FAQ, DIALOGFLOW_ASSIST. "queryConfig": { # Config for suggestion query. # Configs of query. - "confidenceThreshold": 3.14, # Confidence threshold of query result. Agent Assist gives each suggestion a score in the range [0.0, 1.0], based on the relevance between the suggestion and the current conversation context. A score of 0.0 has no relevance, while a score of 1.0 has high relevance. Only suggestions with a score greater than or equal to the value of this field are included in the results. For a baseline model (the default), the recommended value is in the range [0.05, 0.1]. For a custom model, there is no recommended value. Tune this value by starting from a very low value and slowly increasing until you have desired results. If this field is not set, it defaults to 0.0, which means that all suggestions are returned. Supported features: ARTICLE_SUGGESTION. + "confidenceThreshold": 3.14, # Confidence threshold of query result. Agent Assist gives each suggestion a score in the range [0.0, 1.0], based on the relevance between the suggestion and the current conversation context. A score of 0.0 has no relevance, while a score of 1.0 has high relevance. Only suggestions with a score greater than or equal to the value of this field are included in the results. For a baseline model (the default), the recommended value is in the range [0.05, 0.1]. For a custom model, there is no recommended value. Tune this value by starting from a very low value and slowly increasing until you have desired results. If this field is not set, it defaults to 0.0, which means that all suggestions are returned. Supported features: ARTICLE_SUGGESTION, FAQ, SMART_REPLY, SMART_COMPOSE. "contextFilterSettings": { # Settings that determine how to filter recent conversation context when generating suggestions. # Determines how recent conversation context is filtered when generating suggestions. If unspecified, no messages will be dropped. "dropHandoffMessages": True or False, # If set to true, the last message from virtual agent (hand off message) and the message before it (trigger message of hand off) are dropped. "dropIvrMessages": True or False, # If set to true, all messages from ivr stage are dropped. @@ -655,7 +661,7 @@

Method Details

"organizationId": "A String", # Required. The organization ID of the Salesforce account. }, }, - "languageCode": "A String", # Language which represents the conversationProfile. If unspecified, the default language code en-us applies. Users need to create a ConversationProfile for each language they want to support. + "languageCode": "A String", # Language code for the conversation profile. If not specified, the language is en-US. Language at ConversationProfile should be set for all non en-US languages. This should be a [BCP-47](https://www.rfc-editor.org/rfc/bcp/bcp47.txt) language tag. Example: "en-US". "loggingConfig": { # Defines logging behavior for conversation lifecycle events. # Configuration for logging conversation lifecycle events. "enableStackdriverLogging": True or False, # Whether to log conversation events like CONVERSATION_STARTED to Stackdriver in the conversation project as JSON format ConversationEvent protos. }, @@ -668,9 +674,11 @@

Method Details

"messageFormat": "A String", # Format of message. "topic": "A String", # Name of the Pub/Sub topic to publish conversation events like CONVERSATION_STARTED as serialized ConversationEvent protos. Notification works for phone calls, if this topic either is in the same project as the conversation or you grant `service-@gcp-sa-dialogflow.iam.gserviceaccount.com` the `Dialogflow Service Agent` role in the topic project. Format: `projects//locations//topics/`. }, + "securitySettings": "A String", # Name of the CX SecuritySettings reference for the agent. Format: `projects//locations//securitySettings/`. "sttConfig": { # Configures speech transcription for ConversationProfile. # Settings for speech transcription. "speechModelVariant": "A String", # Optional. The speech model used in speech to text. `SPEECH_MODEL_VARIANT_UNSPECIFIED`, `USE_BEST_AVAILABLE` will be treated as `USE_ENHANCED`. It can be overridden in AnalyzeContentRequest and StreamingAnalyzeContentRequest request. }, + "timeZone": "A String", # The time zone of this conversational profile from the [time zone database](https://www.iana.org/time-zones), e.g., America/New_York, Europe/Paris. Defaults to America/New_York. "updateTime": "A String", # Output only. Update time of the conversation profile. }, ], @@ -703,7 +711,7 @@

Method Details

{ # Defines the services to connect to incoming Dialogflow conversations. "automatedAgentConfig": { # Defines the Automated Agent to connect to a conversation. # Configuration for an automated agent to use with this profile. - "agent": "A String", # Required. ID of the Dialogflow agent environment to use. This project needs to either be the same project as the conversation or you need to grant `service-@gcp-sa-dialogflow.iam.gserviceaccount.com` the `Dialogflow API Service Agent` role in this project. Format: `projects//locations//agent/environments/`. If environment is not specified, the default `draft` environment is used. Refer to [DetectIntentRequest](/dialogflow/docs/reference/rpc/google.cloud.dialogflow.v2#google.cloud.dialogflow.v2.DetectIntentRequest) for more details. + "agent": "A String", # Required. ID of the Dialogflow agent environment to use. This project needs to either be the same project as the conversation or you need to grant `service-@gcp-sa-dialogflow.iam.gserviceaccount.com` the `Dialogflow API Service Agent` role in this project. - For ES agents, use format: `projects//locations//agent/environments/`. If environment is not specified, the default `draft` environment is used. Refer to [DetectIntentRequest](/dialogflow/docs/reference/rpc/google.cloud.dialogflow.v2#google.cloud.dialogflow.v2.DetectIntentRequest) for more details. - For CX agents, use format `projects//locations//agents//environments/`. If environment is not specified, the default `draft` environment is used. }, "createTime": "A String", # Output only. Create time of the conversation profile. "displayName": "A String", # Required. Human readable name for this profile. Max length 1024 bytes. @@ -716,7 +724,7 @@

Method Details

}, "enableEventBasedSuggestion": True or False, # Automatically iterates all participants and tries to compile suggestions. Supported features: ARTICLE_SUGGESTION, FAQ, DIALOGFLOW_ASSIST. "queryConfig": { # Config for suggestion query. # Configs of query. - "confidenceThreshold": 3.14, # Confidence threshold of query result. Agent Assist gives each suggestion a score in the range [0.0, 1.0], based on the relevance between the suggestion and the current conversation context. A score of 0.0 has no relevance, while a score of 1.0 has high relevance. Only suggestions with a score greater than or equal to the value of this field are included in the results. For a baseline model (the default), the recommended value is in the range [0.05, 0.1]. For a custom model, there is no recommended value. Tune this value by starting from a very low value and slowly increasing until you have desired results. If this field is not set, it defaults to 0.0, which means that all suggestions are returned. Supported features: ARTICLE_SUGGESTION. + "confidenceThreshold": 3.14, # Confidence threshold of query result. Agent Assist gives each suggestion a score in the range [0.0, 1.0], based on the relevance between the suggestion and the current conversation context. A score of 0.0 has no relevance, while a score of 1.0 has high relevance. Only suggestions with a score greater than or equal to the value of this field are included in the results. For a baseline model (the default), the recommended value is in the range [0.05, 0.1]. For a custom model, there is no recommended value. Tune this value by starting from a very low value and slowly increasing until you have desired results. If this field is not set, it defaults to 0.0, which means that all suggestions are returned. Supported features: ARTICLE_SUGGESTION, FAQ, SMART_REPLY, SMART_COMPOSE. "contextFilterSettings": { # Settings that determine how to filter recent conversation context when generating suggestions. # Determines how recent conversation context is filtered when generating suggestions. If unspecified, no messages will be dropped. "dropHandoffMessages": True or False, # If set to true, the last message from virtual agent (hand off message) and the message before it (trigger message of hand off) are dropped. "dropIvrMessages": True or False, # If set to true, all messages from ivr stage are dropped. @@ -756,7 +764,7 @@

Method Details

}, "enableEventBasedSuggestion": True or False, # Automatically iterates all participants and tries to compile suggestions. Supported features: ARTICLE_SUGGESTION, FAQ, DIALOGFLOW_ASSIST. "queryConfig": { # Config for suggestion query. # Configs of query. - "confidenceThreshold": 3.14, # Confidence threshold of query result. Agent Assist gives each suggestion a score in the range [0.0, 1.0], based on the relevance between the suggestion and the current conversation context. A score of 0.0 has no relevance, while a score of 1.0 has high relevance. Only suggestions with a score greater than or equal to the value of this field are included in the results. For a baseline model (the default), the recommended value is in the range [0.05, 0.1]. For a custom model, there is no recommended value. Tune this value by starting from a very low value and slowly increasing until you have desired results. If this field is not set, it defaults to 0.0, which means that all suggestions are returned. Supported features: ARTICLE_SUGGESTION. + "confidenceThreshold": 3.14, # Confidence threshold of query result. Agent Assist gives each suggestion a score in the range [0.0, 1.0], based on the relevance between the suggestion and the current conversation context. A score of 0.0 has no relevance, while a score of 1.0 has high relevance. Only suggestions with a score greater than or equal to the value of this field are included in the results. For a baseline model (the default), the recommended value is in the range [0.05, 0.1]. For a custom model, there is no recommended value. Tune this value by starting from a very low value and slowly increasing until you have desired results. If this field is not set, it defaults to 0.0, which means that all suggestions are returned. Supported features: ARTICLE_SUGGESTION, FAQ, SMART_REPLY, SMART_COMPOSE. "contextFilterSettings": { # Settings that determine how to filter recent conversation context when generating suggestions. # Determines how recent conversation context is filtered when generating suggestions. If unspecified, no messages will be dropped. "dropHandoffMessages": True or False, # If set to true, the last message from virtual agent (hand off message) and the message before it (trigger message of hand off) are dropped. "dropIvrMessages": True or False, # If set to true, all messages from ivr stage are dropped. @@ -808,7 +816,7 @@

Method Details

"organizationId": "A String", # Required. The organization ID of the Salesforce account. }, }, - "languageCode": "A String", # Language which represents the conversationProfile. If unspecified, the default language code en-us applies. Users need to create a ConversationProfile for each language they want to support. + "languageCode": "A String", # Language code for the conversation profile. If not specified, the language is en-US. Language at ConversationProfile should be set for all non en-US languages. This should be a [BCP-47](https://www.rfc-editor.org/rfc/bcp/bcp47.txt) language tag. Example: "en-US". "loggingConfig": { # Defines logging behavior for conversation lifecycle events. # Configuration for logging conversation lifecycle events. "enableStackdriverLogging": True or False, # Whether to log conversation events like CONVERSATION_STARTED to Stackdriver in the conversation project as JSON format ConversationEvent protos. }, @@ -821,9 +829,11 @@

Method Details

"messageFormat": "A String", # Format of message. "topic": "A String", # Name of the Pub/Sub topic to publish conversation events like CONVERSATION_STARTED as serialized ConversationEvent protos. Notification works for phone calls, if this topic either is in the same project as the conversation or you grant `service-@gcp-sa-dialogflow.iam.gserviceaccount.com` the `Dialogflow Service Agent` role in the topic project. Format: `projects//locations//topics/`. }, + "securitySettings": "A String", # Name of the CX SecuritySettings reference for the agent. Format: `projects//locations//securitySettings/`. "sttConfig": { # Configures speech transcription for ConversationProfile. # Settings for speech transcription. "speechModelVariant": "A String", # Optional. The speech model used in speech to text. `SPEECH_MODEL_VARIANT_UNSPECIFIED`, `USE_BEST_AVAILABLE` will be treated as `USE_ENHANCED`. It can be overridden in AnalyzeContentRequest and StreamingAnalyzeContentRequest request. }, + "timeZone": "A String", # The time zone of this conversational profile from the [time zone database](https://www.iana.org/time-zones), e.g., America/New_York, Europe/Paris. Defaults to America/New_York. "updateTime": "A String", # Output only. Update time of the conversation profile. } @@ -838,7 +848,7 @@

Method Details

{ # Defines the services to connect to incoming Dialogflow conversations. "automatedAgentConfig": { # Defines the Automated Agent to connect to a conversation. # Configuration for an automated agent to use with this profile. - "agent": "A String", # Required. ID of the Dialogflow agent environment to use. This project needs to either be the same project as the conversation or you need to grant `service-@gcp-sa-dialogflow.iam.gserviceaccount.com` the `Dialogflow API Service Agent` role in this project. Format: `projects//locations//agent/environments/`. If environment is not specified, the default `draft` environment is used. Refer to [DetectIntentRequest](/dialogflow/docs/reference/rpc/google.cloud.dialogflow.v2#google.cloud.dialogflow.v2.DetectIntentRequest) for more details. + "agent": "A String", # Required. ID of the Dialogflow agent environment to use. This project needs to either be the same project as the conversation or you need to grant `service-@gcp-sa-dialogflow.iam.gserviceaccount.com` the `Dialogflow API Service Agent` role in this project. - For ES agents, use format: `projects//locations//agent/environments/`. If environment is not specified, the default `draft` environment is used. Refer to [DetectIntentRequest](/dialogflow/docs/reference/rpc/google.cloud.dialogflow.v2#google.cloud.dialogflow.v2.DetectIntentRequest) for more details. - For CX agents, use format `projects//locations//agents//environments/`. If environment is not specified, the default `draft` environment is used. }, "createTime": "A String", # Output only. Create time of the conversation profile. "displayName": "A String", # Required. Human readable name for this profile. Max length 1024 bytes. @@ -851,7 +861,7 @@

Method Details

}, "enableEventBasedSuggestion": True or False, # Automatically iterates all participants and tries to compile suggestions. Supported features: ARTICLE_SUGGESTION, FAQ, DIALOGFLOW_ASSIST. "queryConfig": { # Config for suggestion query. # Configs of query. - "confidenceThreshold": 3.14, # Confidence threshold of query result. Agent Assist gives each suggestion a score in the range [0.0, 1.0], based on the relevance between the suggestion and the current conversation context. A score of 0.0 has no relevance, while a score of 1.0 has high relevance. Only suggestions with a score greater than or equal to the value of this field are included in the results. For a baseline model (the default), the recommended value is in the range [0.05, 0.1]. For a custom model, there is no recommended value. Tune this value by starting from a very low value and slowly increasing until you have desired results. If this field is not set, it defaults to 0.0, which means that all suggestions are returned. Supported features: ARTICLE_SUGGESTION. + "confidenceThreshold": 3.14, # Confidence threshold of query result. Agent Assist gives each suggestion a score in the range [0.0, 1.0], based on the relevance between the suggestion and the current conversation context. A score of 0.0 has no relevance, while a score of 1.0 has high relevance. Only suggestions with a score greater than or equal to the value of this field are included in the results. For a baseline model (the default), the recommended value is in the range [0.05, 0.1]. For a custom model, there is no recommended value. Tune this value by starting from a very low value and slowly increasing until you have desired results. If this field is not set, it defaults to 0.0, which means that all suggestions are returned. Supported features: ARTICLE_SUGGESTION, FAQ, SMART_REPLY, SMART_COMPOSE. "contextFilterSettings": { # Settings that determine how to filter recent conversation context when generating suggestions. # Determines how recent conversation context is filtered when generating suggestions. If unspecified, no messages will be dropped. "dropHandoffMessages": True or False, # If set to true, the last message from virtual agent (hand off message) and the message before it (trigger message of hand off) are dropped. "dropIvrMessages": True or False, # If set to true, all messages from ivr stage are dropped. @@ -891,7 +901,7 @@

Method Details

}, "enableEventBasedSuggestion": True or False, # Automatically iterates all participants and tries to compile suggestions. Supported features: ARTICLE_SUGGESTION, FAQ, DIALOGFLOW_ASSIST. "queryConfig": { # Config for suggestion query. # Configs of query. - "confidenceThreshold": 3.14, # Confidence threshold of query result. Agent Assist gives each suggestion a score in the range [0.0, 1.0], based on the relevance between the suggestion and the current conversation context. A score of 0.0 has no relevance, while a score of 1.0 has high relevance. Only suggestions with a score greater than or equal to the value of this field are included in the results. For a baseline model (the default), the recommended value is in the range [0.05, 0.1]. For a custom model, there is no recommended value. Tune this value by starting from a very low value and slowly increasing until you have desired results. If this field is not set, it defaults to 0.0, which means that all suggestions are returned. Supported features: ARTICLE_SUGGESTION. + "confidenceThreshold": 3.14, # Confidence threshold of query result. Agent Assist gives each suggestion a score in the range [0.0, 1.0], based on the relevance between the suggestion and the current conversation context. A score of 0.0 has no relevance, while a score of 1.0 has high relevance. Only suggestions with a score greater than or equal to the value of this field are included in the results. For a baseline model (the default), the recommended value is in the range [0.05, 0.1]. For a custom model, there is no recommended value. Tune this value by starting from a very low value and slowly increasing until you have desired results. If this field is not set, it defaults to 0.0, which means that all suggestions are returned. Supported features: ARTICLE_SUGGESTION, FAQ, SMART_REPLY, SMART_COMPOSE. "contextFilterSettings": { # Settings that determine how to filter recent conversation context when generating suggestions. # Determines how recent conversation context is filtered when generating suggestions. If unspecified, no messages will be dropped. "dropHandoffMessages": True or False, # If set to true, the last message from virtual agent (hand off message) and the message before it (trigger message of hand off) are dropped. "dropIvrMessages": True or False, # If set to true, all messages from ivr stage are dropped. @@ -943,7 +953,7 @@

Method Details

"organizationId": "A String", # Required. The organization ID of the Salesforce account. }, }, - "languageCode": "A String", # Language which represents the conversationProfile. If unspecified, the default language code en-us applies. Users need to create a ConversationProfile for each language they want to support. + "languageCode": "A String", # Language code for the conversation profile. If not specified, the language is en-US. Language at ConversationProfile should be set for all non en-US languages. This should be a [BCP-47](https://www.rfc-editor.org/rfc/bcp/bcp47.txt) language tag. Example: "en-US". "loggingConfig": { # Defines logging behavior for conversation lifecycle events. # Configuration for logging conversation lifecycle events. "enableStackdriverLogging": True or False, # Whether to log conversation events like CONVERSATION_STARTED to Stackdriver in the conversation project as JSON format ConversationEvent protos. }, @@ -956,9 +966,11 @@

Method Details

"messageFormat": "A String", # Format of message. "topic": "A String", # Name of the Pub/Sub topic to publish conversation events like CONVERSATION_STARTED as serialized ConversationEvent protos. Notification works for phone calls, if this topic either is in the same project as the conversation or you grant `service-@gcp-sa-dialogflow.iam.gserviceaccount.com` the `Dialogflow Service Agent` role in the topic project. Format: `projects//locations//topics/`. }, + "securitySettings": "A String", # Name of the CX SecuritySettings reference for the agent. Format: `projects//locations//securitySettings/`. "sttConfig": { # Configures speech transcription for ConversationProfile. # Settings for speech transcription. "speechModelVariant": "A String", # Optional. The speech model used in speech to text. `SPEECH_MODEL_VARIANT_UNSPECIFIED`, `USE_BEST_AVAILABLE` will be treated as `USE_ENHANCED`. It can be overridden in AnalyzeContentRequest and StreamingAnalyzeContentRequest request. }, + "timeZone": "A String", # The time zone of this conversational profile from the [time zone database](https://www.iana.org/time-zones), e.g., America/New_York, Europe/Paris. Defaults to America/New_York. "updateTime": "A String", # Output only. Update time of the conversation profile. } diff --git a/docs/dyn/dialogflow_v2.projects.locations.conversationProfiles.html b/docs/dyn/dialogflow_v2.projects.locations.conversationProfiles.html index 9bfc147a997..c7187d8449f 100644 --- a/docs/dyn/dialogflow_v2.projects.locations.conversationProfiles.html +++ b/docs/dyn/dialogflow_v2.projects.locations.conversationProfiles.html @@ -112,7 +112,7 @@

Method Details

{ # Defines the services to connect to incoming Dialogflow conversations. "automatedAgentConfig": { # Defines the Automated Agent to connect to a conversation. # Configuration for an automated agent to use with this profile. - "agent": "A String", # Required. ID of the Dialogflow agent environment to use. This project needs to either be the same project as the conversation or you need to grant `service-@gcp-sa-dialogflow.iam.gserviceaccount.com` the `Dialogflow API Service Agent` role in this project. Format: `projects//locations//agent/environments/`. If environment is not specified, the default `draft` environment is used. Refer to [DetectIntentRequest](/dialogflow/docs/reference/rpc/google.cloud.dialogflow.v2#google.cloud.dialogflow.v2.DetectIntentRequest) for more details. + "agent": "A String", # Required. ID of the Dialogflow agent environment to use. This project needs to either be the same project as the conversation or you need to grant `service-@gcp-sa-dialogflow.iam.gserviceaccount.com` the `Dialogflow API Service Agent` role in this project. - For ES agents, use format: `projects//locations//agent/environments/`. If environment is not specified, the default `draft` environment is used. Refer to [DetectIntentRequest](/dialogflow/docs/reference/rpc/google.cloud.dialogflow.v2#google.cloud.dialogflow.v2.DetectIntentRequest) for more details. - For CX agents, use format `projects//locations//agents//environments/`. If environment is not specified, the default `draft` environment is used. }, "createTime": "A String", # Output only. Create time of the conversation profile. "displayName": "A String", # Required. Human readable name for this profile. Max length 1024 bytes. @@ -125,7 +125,7 @@

Method Details

}, "enableEventBasedSuggestion": True or False, # Automatically iterates all participants and tries to compile suggestions. Supported features: ARTICLE_SUGGESTION, FAQ, DIALOGFLOW_ASSIST. "queryConfig": { # Config for suggestion query. # Configs of query. - "confidenceThreshold": 3.14, # Confidence threshold of query result. Agent Assist gives each suggestion a score in the range [0.0, 1.0], based on the relevance between the suggestion and the current conversation context. A score of 0.0 has no relevance, while a score of 1.0 has high relevance. Only suggestions with a score greater than or equal to the value of this field are included in the results. For a baseline model (the default), the recommended value is in the range [0.05, 0.1]. For a custom model, there is no recommended value. Tune this value by starting from a very low value and slowly increasing until you have desired results. If this field is not set, it defaults to 0.0, which means that all suggestions are returned. Supported features: ARTICLE_SUGGESTION. + "confidenceThreshold": 3.14, # Confidence threshold of query result. Agent Assist gives each suggestion a score in the range [0.0, 1.0], based on the relevance between the suggestion and the current conversation context. A score of 0.0 has no relevance, while a score of 1.0 has high relevance. Only suggestions with a score greater than or equal to the value of this field are included in the results. For a baseline model (the default), the recommended value is in the range [0.05, 0.1]. For a custom model, there is no recommended value. Tune this value by starting from a very low value and slowly increasing until you have desired results. If this field is not set, it defaults to 0.0, which means that all suggestions are returned. Supported features: ARTICLE_SUGGESTION, FAQ, SMART_REPLY, SMART_COMPOSE. "contextFilterSettings": { # Settings that determine how to filter recent conversation context when generating suggestions. # Determines how recent conversation context is filtered when generating suggestions. If unspecified, no messages will be dropped. "dropHandoffMessages": True or False, # If set to true, the last message from virtual agent (hand off message) and the message before it (trigger message of hand off) are dropped. "dropIvrMessages": True or False, # If set to true, all messages from ivr stage are dropped. @@ -165,7 +165,7 @@

Method Details

}, "enableEventBasedSuggestion": True or False, # Automatically iterates all participants and tries to compile suggestions. Supported features: ARTICLE_SUGGESTION, FAQ, DIALOGFLOW_ASSIST. "queryConfig": { # Config for suggestion query. # Configs of query. - "confidenceThreshold": 3.14, # Confidence threshold of query result. Agent Assist gives each suggestion a score in the range [0.0, 1.0], based on the relevance between the suggestion and the current conversation context. A score of 0.0 has no relevance, while a score of 1.0 has high relevance. Only suggestions with a score greater than or equal to the value of this field are included in the results. For a baseline model (the default), the recommended value is in the range [0.05, 0.1]. For a custom model, there is no recommended value. Tune this value by starting from a very low value and slowly increasing until you have desired results. If this field is not set, it defaults to 0.0, which means that all suggestions are returned. Supported features: ARTICLE_SUGGESTION. + "confidenceThreshold": 3.14, # Confidence threshold of query result. Agent Assist gives each suggestion a score in the range [0.0, 1.0], based on the relevance between the suggestion and the current conversation context. A score of 0.0 has no relevance, while a score of 1.0 has high relevance. Only suggestions with a score greater than or equal to the value of this field are included in the results. For a baseline model (the default), the recommended value is in the range [0.05, 0.1]. For a custom model, there is no recommended value. Tune this value by starting from a very low value and slowly increasing until you have desired results. If this field is not set, it defaults to 0.0, which means that all suggestions are returned. Supported features: ARTICLE_SUGGESTION, FAQ, SMART_REPLY, SMART_COMPOSE. "contextFilterSettings": { # Settings that determine how to filter recent conversation context when generating suggestions. # Determines how recent conversation context is filtered when generating suggestions. If unspecified, no messages will be dropped. "dropHandoffMessages": True or False, # If set to true, the last message from virtual agent (hand off message) and the message before it (trigger message of hand off) are dropped. "dropIvrMessages": True or False, # If set to true, all messages from ivr stage are dropped. @@ -217,7 +217,7 @@

Method Details

"organizationId": "A String", # Required. The organization ID of the Salesforce account. }, }, - "languageCode": "A String", # Language which represents the conversationProfile. If unspecified, the default language code en-us applies. Users need to create a ConversationProfile for each language they want to support. + "languageCode": "A String", # Language code for the conversation profile. If not specified, the language is en-US. Language at ConversationProfile should be set for all non en-US languages. This should be a [BCP-47](https://www.rfc-editor.org/rfc/bcp/bcp47.txt) language tag. Example: "en-US". "loggingConfig": { # Defines logging behavior for conversation lifecycle events. # Configuration for logging conversation lifecycle events. "enableStackdriverLogging": True or False, # Whether to log conversation events like CONVERSATION_STARTED to Stackdriver in the conversation project as JSON format ConversationEvent protos. }, @@ -230,9 +230,11 @@

Method Details

"messageFormat": "A String", # Format of message. "topic": "A String", # Name of the Pub/Sub topic to publish conversation events like CONVERSATION_STARTED as serialized ConversationEvent protos. Notification works for phone calls, if this topic either is in the same project as the conversation or you grant `service-@gcp-sa-dialogflow.iam.gserviceaccount.com` the `Dialogflow Service Agent` role in the topic project. Format: `projects//locations//topics/`. }, + "securitySettings": "A String", # Name of the CX SecuritySettings reference for the agent. Format: `projects//locations//securitySettings/`. "sttConfig": { # Configures speech transcription for ConversationProfile. # Settings for speech transcription. "speechModelVariant": "A String", # Optional. The speech model used in speech to text. `SPEECH_MODEL_VARIANT_UNSPECIFIED`, `USE_BEST_AVAILABLE` will be treated as `USE_ENHANCED`. It can be overridden in AnalyzeContentRequest and StreamingAnalyzeContentRequest request. }, + "timeZone": "A String", # The time zone of this conversational profile from the [time zone database](https://www.iana.org/time-zones), e.g., America/New_York, Europe/Paris. Defaults to America/New_York. "updateTime": "A String", # Output only. Update time of the conversation profile. } @@ -246,7 +248,7 @@

Method Details

{ # Defines the services to connect to incoming Dialogflow conversations. "automatedAgentConfig": { # Defines the Automated Agent to connect to a conversation. # Configuration for an automated agent to use with this profile. - "agent": "A String", # Required. ID of the Dialogflow agent environment to use. This project needs to either be the same project as the conversation or you need to grant `service-@gcp-sa-dialogflow.iam.gserviceaccount.com` the `Dialogflow API Service Agent` role in this project. Format: `projects//locations//agent/environments/`. If environment is not specified, the default `draft` environment is used. Refer to [DetectIntentRequest](/dialogflow/docs/reference/rpc/google.cloud.dialogflow.v2#google.cloud.dialogflow.v2.DetectIntentRequest) for more details. + "agent": "A String", # Required. ID of the Dialogflow agent environment to use. This project needs to either be the same project as the conversation or you need to grant `service-@gcp-sa-dialogflow.iam.gserviceaccount.com` the `Dialogflow API Service Agent` role in this project. - For ES agents, use format: `projects//locations//agent/environments/`. If environment is not specified, the default `draft` environment is used. Refer to [DetectIntentRequest](/dialogflow/docs/reference/rpc/google.cloud.dialogflow.v2#google.cloud.dialogflow.v2.DetectIntentRequest) for more details. - For CX agents, use format `projects//locations//agents//environments/`. If environment is not specified, the default `draft` environment is used. }, "createTime": "A String", # Output only. Create time of the conversation profile. "displayName": "A String", # Required. Human readable name for this profile. Max length 1024 bytes. @@ -259,7 +261,7 @@

Method Details

}, "enableEventBasedSuggestion": True or False, # Automatically iterates all participants and tries to compile suggestions. Supported features: ARTICLE_SUGGESTION, FAQ, DIALOGFLOW_ASSIST. "queryConfig": { # Config for suggestion query. # Configs of query. - "confidenceThreshold": 3.14, # Confidence threshold of query result. Agent Assist gives each suggestion a score in the range [0.0, 1.0], based on the relevance between the suggestion and the current conversation context. A score of 0.0 has no relevance, while a score of 1.0 has high relevance. Only suggestions with a score greater than or equal to the value of this field are included in the results. For a baseline model (the default), the recommended value is in the range [0.05, 0.1]. For a custom model, there is no recommended value. Tune this value by starting from a very low value and slowly increasing until you have desired results. If this field is not set, it defaults to 0.0, which means that all suggestions are returned. Supported features: ARTICLE_SUGGESTION. + "confidenceThreshold": 3.14, # Confidence threshold of query result. Agent Assist gives each suggestion a score in the range [0.0, 1.0], based on the relevance between the suggestion and the current conversation context. A score of 0.0 has no relevance, while a score of 1.0 has high relevance. Only suggestions with a score greater than or equal to the value of this field are included in the results. For a baseline model (the default), the recommended value is in the range [0.05, 0.1]. For a custom model, there is no recommended value. Tune this value by starting from a very low value and slowly increasing until you have desired results. If this field is not set, it defaults to 0.0, which means that all suggestions are returned. Supported features: ARTICLE_SUGGESTION, FAQ, SMART_REPLY, SMART_COMPOSE. "contextFilterSettings": { # Settings that determine how to filter recent conversation context when generating suggestions. # Determines how recent conversation context is filtered when generating suggestions. If unspecified, no messages will be dropped. "dropHandoffMessages": True or False, # If set to true, the last message from virtual agent (hand off message) and the message before it (trigger message of hand off) are dropped. "dropIvrMessages": True or False, # If set to true, all messages from ivr stage are dropped. @@ -299,7 +301,7 @@

Method Details

}, "enableEventBasedSuggestion": True or False, # Automatically iterates all participants and tries to compile suggestions. Supported features: ARTICLE_SUGGESTION, FAQ, DIALOGFLOW_ASSIST. "queryConfig": { # Config for suggestion query. # Configs of query. - "confidenceThreshold": 3.14, # Confidence threshold of query result. Agent Assist gives each suggestion a score in the range [0.0, 1.0], based on the relevance between the suggestion and the current conversation context. A score of 0.0 has no relevance, while a score of 1.0 has high relevance. Only suggestions with a score greater than or equal to the value of this field are included in the results. For a baseline model (the default), the recommended value is in the range [0.05, 0.1]. For a custom model, there is no recommended value. Tune this value by starting from a very low value and slowly increasing until you have desired results. If this field is not set, it defaults to 0.0, which means that all suggestions are returned. Supported features: ARTICLE_SUGGESTION. + "confidenceThreshold": 3.14, # Confidence threshold of query result. Agent Assist gives each suggestion a score in the range [0.0, 1.0], based on the relevance between the suggestion and the current conversation context. A score of 0.0 has no relevance, while a score of 1.0 has high relevance. Only suggestions with a score greater than or equal to the value of this field are included in the results. For a baseline model (the default), the recommended value is in the range [0.05, 0.1]. For a custom model, there is no recommended value. Tune this value by starting from a very low value and slowly increasing until you have desired results. If this field is not set, it defaults to 0.0, which means that all suggestions are returned. Supported features: ARTICLE_SUGGESTION, FAQ, SMART_REPLY, SMART_COMPOSE. "contextFilterSettings": { # Settings that determine how to filter recent conversation context when generating suggestions. # Determines how recent conversation context is filtered when generating suggestions. If unspecified, no messages will be dropped. "dropHandoffMessages": True or False, # If set to true, the last message from virtual agent (hand off message) and the message before it (trigger message of hand off) are dropped. "dropIvrMessages": True or False, # If set to true, all messages from ivr stage are dropped. @@ -351,7 +353,7 @@

Method Details

"organizationId": "A String", # Required. The organization ID of the Salesforce account. }, }, - "languageCode": "A String", # Language which represents the conversationProfile. If unspecified, the default language code en-us applies. Users need to create a ConversationProfile for each language they want to support. + "languageCode": "A String", # Language code for the conversation profile. If not specified, the language is en-US. Language at ConversationProfile should be set for all non en-US languages. This should be a [BCP-47](https://www.rfc-editor.org/rfc/bcp/bcp47.txt) language tag. Example: "en-US". "loggingConfig": { # Defines logging behavior for conversation lifecycle events. # Configuration for logging conversation lifecycle events. "enableStackdriverLogging": True or False, # Whether to log conversation events like CONVERSATION_STARTED to Stackdriver in the conversation project as JSON format ConversationEvent protos. }, @@ -364,9 +366,11 @@

Method Details

"messageFormat": "A String", # Format of message. "topic": "A String", # Name of the Pub/Sub topic to publish conversation events like CONVERSATION_STARTED as serialized ConversationEvent protos. Notification works for phone calls, if this topic either is in the same project as the conversation or you grant `service-@gcp-sa-dialogflow.iam.gserviceaccount.com` the `Dialogflow Service Agent` role in the topic project. Format: `projects//locations//topics/`. }, + "securitySettings": "A String", # Name of the CX SecuritySettings reference for the agent. Format: `projects//locations//securitySettings/`. "sttConfig": { # Configures speech transcription for ConversationProfile. # Settings for speech transcription. "speechModelVariant": "A String", # Optional. The speech model used in speech to text. `SPEECH_MODEL_VARIANT_UNSPECIFIED`, `USE_BEST_AVAILABLE` will be treated as `USE_ENHANCED`. It can be overridden in AnalyzeContentRequest and StreamingAnalyzeContentRequest request. }, + "timeZone": "A String", # The time zone of this conversational profile from the [time zone database](https://www.iana.org/time-zones), e.g., America/New_York, Europe/Paris. Defaults to America/New_York. "updateTime": "A String", # Output only. Update time of the conversation profile. } @@ -405,7 +409,7 @@

Method Details

{ # Defines the services to connect to incoming Dialogflow conversations. "automatedAgentConfig": { # Defines the Automated Agent to connect to a conversation. # Configuration for an automated agent to use with this profile. - "agent": "A String", # Required. ID of the Dialogflow agent environment to use. This project needs to either be the same project as the conversation or you need to grant `service-@gcp-sa-dialogflow.iam.gserviceaccount.com` the `Dialogflow API Service Agent` role in this project. Format: `projects//locations//agent/environments/`. If environment is not specified, the default `draft` environment is used. Refer to [DetectIntentRequest](/dialogflow/docs/reference/rpc/google.cloud.dialogflow.v2#google.cloud.dialogflow.v2.DetectIntentRequest) for more details. + "agent": "A String", # Required. ID of the Dialogflow agent environment to use. This project needs to either be the same project as the conversation or you need to grant `service-@gcp-sa-dialogflow.iam.gserviceaccount.com` the `Dialogflow API Service Agent` role in this project. - For ES agents, use format: `projects//locations//agent/environments/`. If environment is not specified, the default `draft` environment is used. Refer to [DetectIntentRequest](/dialogflow/docs/reference/rpc/google.cloud.dialogflow.v2#google.cloud.dialogflow.v2.DetectIntentRequest) for more details. - For CX agents, use format `projects//locations//agents//environments/`. If environment is not specified, the default `draft` environment is used. }, "createTime": "A String", # Output only. Create time of the conversation profile. "displayName": "A String", # Required. Human readable name for this profile. Max length 1024 bytes. @@ -418,7 +422,7 @@

Method Details

}, "enableEventBasedSuggestion": True or False, # Automatically iterates all participants and tries to compile suggestions. Supported features: ARTICLE_SUGGESTION, FAQ, DIALOGFLOW_ASSIST. "queryConfig": { # Config for suggestion query. # Configs of query. - "confidenceThreshold": 3.14, # Confidence threshold of query result. Agent Assist gives each suggestion a score in the range [0.0, 1.0], based on the relevance between the suggestion and the current conversation context. A score of 0.0 has no relevance, while a score of 1.0 has high relevance. Only suggestions with a score greater than or equal to the value of this field are included in the results. For a baseline model (the default), the recommended value is in the range [0.05, 0.1]. For a custom model, there is no recommended value. Tune this value by starting from a very low value and slowly increasing until you have desired results. If this field is not set, it defaults to 0.0, which means that all suggestions are returned. Supported features: ARTICLE_SUGGESTION. + "confidenceThreshold": 3.14, # Confidence threshold of query result. Agent Assist gives each suggestion a score in the range [0.0, 1.0], based on the relevance between the suggestion and the current conversation context. A score of 0.0 has no relevance, while a score of 1.0 has high relevance. Only suggestions with a score greater than or equal to the value of this field are included in the results. For a baseline model (the default), the recommended value is in the range [0.05, 0.1]. For a custom model, there is no recommended value. Tune this value by starting from a very low value and slowly increasing until you have desired results. If this field is not set, it defaults to 0.0, which means that all suggestions are returned. Supported features: ARTICLE_SUGGESTION, FAQ, SMART_REPLY, SMART_COMPOSE. "contextFilterSettings": { # Settings that determine how to filter recent conversation context when generating suggestions. # Determines how recent conversation context is filtered when generating suggestions. If unspecified, no messages will be dropped. "dropHandoffMessages": True or False, # If set to true, the last message from virtual agent (hand off message) and the message before it (trigger message of hand off) are dropped. "dropIvrMessages": True or False, # If set to true, all messages from ivr stage are dropped. @@ -458,7 +462,7 @@

Method Details

}, "enableEventBasedSuggestion": True or False, # Automatically iterates all participants and tries to compile suggestions. Supported features: ARTICLE_SUGGESTION, FAQ, DIALOGFLOW_ASSIST. "queryConfig": { # Config for suggestion query. # Configs of query. - "confidenceThreshold": 3.14, # Confidence threshold of query result. Agent Assist gives each suggestion a score in the range [0.0, 1.0], based on the relevance between the suggestion and the current conversation context. A score of 0.0 has no relevance, while a score of 1.0 has high relevance. Only suggestions with a score greater than or equal to the value of this field are included in the results. For a baseline model (the default), the recommended value is in the range [0.05, 0.1]. For a custom model, there is no recommended value. Tune this value by starting from a very low value and slowly increasing until you have desired results. If this field is not set, it defaults to 0.0, which means that all suggestions are returned. Supported features: ARTICLE_SUGGESTION. + "confidenceThreshold": 3.14, # Confidence threshold of query result. Agent Assist gives each suggestion a score in the range [0.0, 1.0], based on the relevance between the suggestion and the current conversation context. A score of 0.0 has no relevance, while a score of 1.0 has high relevance. Only suggestions with a score greater than or equal to the value of this field are included in the results. For a baseline model (the default), the recommended value is in the range [0.05, 0.1]. For a custom model, there is no recommended value. Tune this value by starting from a very low value and slowly increasing until you have desired results. If this field is not set, it defaults to 0.0, which means that all suggestions are returned. Supported features: ARTICLE_SUGGESTION, FAQ, SMART_REPLY, SMART_COMPOSE. "contextFilterSettings": { # Settings that determine how to filter recent conversation context when generating suggestions. # Determines how recent conversation context is filtered when generating suggestions. If unspecified, no messages will be dropped. "dropHandoffMessages": True or False, # If set to true, the last message from virtual agent (hand off message) and the message before it (trigger message of hand off) are dropped. "dropIvrMessages": True or False, # If set to true, all messages from ivr stage are dropped. @@ -510,7 +514,7 @@

Method Details

"organizationId": "A String", # Required. The organization ID of the Salesforce account. }, }, - "languageCode": "A String", # Language which represents the conversationProfile. If unspecified, the default language code en-us applies. Users need to create a ConversationProfile for each language they want to support. + "languageCode": "A String", # Language code for the conversation profile. If not specified, the language is en-US. Language at ConversationProfile should be set for all non en-US languages. This should be a [BCP-47](https://www.rfc-editor.org/rfc/bcp/bcp47.txt) language tag. Example: "en-US". "loggingConfig": { # Defines logging behavior for conversation lifecycle events. # Configuration for logging conversation lifecycle events. "enableStackdriverLogging": True or False, # Whether to log conversation events like CONVERSATION_STARTED to Stackdriver in the conversation project as JSON format ConversationEvent protos. }, @@ -523,9 +527,11 @@

Method Details

"messageFormat": "A String", # Format of message. "topic": "A String", # Name of the Pub/Sub topic to publish conversation events like CONVERSATION_STARTED as serialized ConversationEvent protos. Notification works for phone calls, if this topic either is in the same project as the conversation or you grant `service-@gcp-sa-dialogflow.iam.gserviceaccount.com` the `Dialogflow Service Agent` role in the topic project. Format: `projects//locations//topics/`. }, + "securitySettings": "A String", # Name of the CX SecuritySettings reference for the agent. Format: `projects//locations//securitySettings/`. "sttConfig": { # Configures speech transcription for ConversationProfile. # Settings for speech transcription. "speechModelVariant": "A String", # Optional. The speech model used in speech to text. `SPEECH_MODEL_VARIANT_UNSPECIFIED`, `USE_BEST_AVAILABLE` will be treated as `USE_ENHANCED`. It can be overridden in AnalyzeContentRequest and StreamingAnalyzeContentRequest request. }, + "timeZone": "A String", # The time zone of this conversational profile from the [time zone database](https://www.iana.org/time-zones), e.g., America/New_York, Europe/Paris. Defaults to America/New_York. "updateTime": "A String", # Output only. Update time of the conversation profile. } @@ -550,7 +556,7 @@

Method Details

"conversationProfiles": [ # The list of project conversation profiles. There is a maximum number of items returned based on the page_size field in the request. { # Defines the services to connect to incoming Dialogflow conversations. "automatedAgentConfig": { # Defines the Automated Agent to connect to a conversation. # Configuration for an automated agent to use with this profile. - "agent": "A String", # Required. ID of the Dialogflow agent environment to use. This project needs to either be the same project as the conversation or you need to grant `service-@gcp-sa-dialogflow.iam.gserviceaccount.com` the `Dialogflow API Service Agent` role in this project. Format: `projects//locations//agent/environments/`. If environment is not specified, the default `draft` environment is used. Refer to [DetectIntentRequest](/dialogflow/docs/reference/rpc/google.cloud.dialogflow.v2#google.cloud.dialogflow.v2.DetectIntentRequest) for more details. + "agent": "A String", # Required. ID of the Dialogflow agent environment to use. This project needs to either be the same project as the conversation or you need to grant `service-@gcp-sa-dialogflow.iam.gserviceaccount.com` the `Dialogflow API Service Agent` role in this project. - For ES agents, use format: `projects//locations//agent/environments/`. If environment is not specified, the default `draft` environment is used. Refer to [DetectIntentRequest](/dialogflow/docs/reference/rpc/google.cloud.dialogflow.v2#google.cloud.dialogflow.v2.DetectIntentRequest) for more details. - For CX agents, use format `projects//locations//agents//environments/`. If environment is not specified, the default `draft` environment is used. }, "createTime": "A String", # Output only. Create time of the conversation profile. "displayName": "A String", # Required. Human readable name for this profile. Max length 1024 bytes. @@ -563,7 +569,7 @@

Method Details

}, "enableEventBasedSuggestion": True or False, # Automatically iterates all participants and tries to compile suggestions. Supported features: ARTICLE_SUGGESTION, FAQ, DIALOGFLOW_ASSIST. "queryConfig": { # Config for suggestion query. # Configs of query. - "confidenceThreshold": 3.14, # Confidence threshold of query result. Agent Assist gives each suggestion a score in the range [0.0, 1.0], based on the relevance between the suggestion and the current conversation context. A score of 0.0 has no relevance, while a score of 1.0 has high relevance. Only suggestions with a score greater than or equal to the value of this field are included in the results. For a baseline model (the default), the recommended value is in the range [0.05, 0.1]. For a custom model, there is no recommended value. Tune this value by starting from a very low value and slowly increasing until you have desired results. If this field is not set, it defaults to 0.0, which means that all suggestions are returned. Supported features: ARTICLE_SUGGESTION. + "confidenceThreshold": 3.14, # Confidence threshold of query result. Agent Assist gives each suggestion a score in the range [0.0, 1.0], based on the relevance between the suggestion and the current conversation context. A score of 0.0 has no relevance, while a score of 1.0 has high relevance. Only suggestions with a score greater than or equal to the value of this field are included in the results. For a baseline model (the default), the recommended value is in the range [0.05, 0.1]. For a custom model, there is no recommended value. Tune this value by starting from a very low value and slowly increasing until you have desired results. If this field is not set, it defaults to 0.0, which means that all suggestions are returned. Supported features: ARTICLE_SUGGESTION, FAQ, SMART_REPLY, SMART_COMPOSE. "contextFilterSettings": { # Settings that determine how to filter recent conversation context when generating suggestions. # Determines how recent conversation context is filtered when generating suggestions. If unspecified, no messages will be dropped. "dropHandoffMessages": True or False, # If set to true, the last message from virtual agent (hand off message) and the message before it (trigger message of hand off) are dropped. "dropIvrMessages": True or False, # If set to true, all messages from ivr stage are dropped. @@ -603,7 +609,7 @@

Method Details

}, "enableEventBasedSuggestion": True or False, # Automatically iterates all participants and tries to compile suggestions. Supported features: ARTICLE_SUGGESTION, FAQ, DIALOGFLOW_ASSIST. "queryConfig": { # Config for suggestion query. # Configs of query. - "confidenceThreshold": 3.14, # Confidence threshold of query result. Agent Assist gives each suggestion a score in the range [0.0, 1.0], based on the relevance between the suggestion and the current conversation context. A score of 0.0 has no relevance, while a score of 1.0 has high relevance. Only suggestions with a score greater than or equal to the value of this field are included in the results. For a baseline model (the default), the recommended value is in the range [0.05, 0.1]. For a custom model, there is no recommended value. Tune this value by starting from a very low value and slowly increasing until you have desired results. If this field is not set, it defaults to 0.0, which means that all suggestions are returned. Supported features: ARTICLE_SUGGESTION. + "confidenceThreshold": 3.14, # Confidence threshold of query result. Agent Assist gives each suggestion a score in the range [0.0, 1.0], based on the relevance between the suggestion and the current conversation context. A score of 0.0 has no relevance, while a score of 1.0 has high relevance. Only suggestions with a score greater than or equal to the value of this field are included in the results. For a baseline model (the default), the recommended value is in the range [0.05, 0.1]. For a custom model, there is no recommended value. Tune this value by starting from a very low value and slowly increasing until you have desired results. If this field is not set, it defaults to 0.0, which means that all suggestions are returned. Supported features: ARTICLE_SUGGESTION, FAQ, SMART_REPLY, SMART_COMPOSE. "contextFilterSettings": { # Settings that determine how to filter recent conversation context when generating suggestions. # Determines how recent conversation context is filtered when generating suggestions. If unspecified, no messages will be dropped. "dropHandoffMessages": True or False, # If set to true, the last message from virtual agent (hand off message) and the message before it (trigger message of hand off) are dropped. "dropIvrMessages": True or False, # If set to true, all messages from ivr stage are dropped. @@ -655,7 +661,7 @@

Method Details

"organizationId": "A String", # Required. The organization ID of the Salesforce account. }, }, - "languageCode": "A String", # Language which represents the conversationProfile. If unspecified, the default language code en-us applies. Users need to create a ConversationProfile for each language they want to support. + "languageCode": "A String", # Language code for the conversation profile. If not specified, the language is en-US. Language at ConversationProfile should be set for all non en-US languages. This should be a [BCP-47](https://www.rfc-editor.org/rfc/bcp/bcp47.txt) language tag. Example: "en-US". "loggingConfig": { # Defines logging behavior for conversation lifecycle events. # Configuration for logging conversation lifecycle events. "enableStackdriverLogging": True or False, # Whether to log conversation events like CONVERSATION_STARTED to Stackdriver in the conversation project as JSON format ConversationEvent protos. }, @@ -668,9 +674,11 @@

Method Details

"messageFormat": "A String", # Format of message. "topic": "A String", # Name of the Pub/Sub topic to publish conversation events like CONVERSATION_STARTED as serialized ConversationEvent protos. Notification works for phone calls, if this topic either is in the same project as the conversation or you grant `service-@gcp-sa-dialogflow.iam.gserviceaccount.com` the `Dialogflow Service Agent` role in the topic project. Format: `projects//locations//topics/`. }, + "securitySettings": "A String", # Name of the CX SecuritySettings reference for the agent. Format: `projects//locations//securitySettings/`. "sttConfig": { # Configures speech transcription for ConversationProfile. # Settings for speech transcription. "speechModelVariant": "A String", # Optional. The speech model used in speech to text. `SPEECH_MODEL_VARIANT_UNSPECIFIED`, `USE_BEST_AVAILABLE` will be treated as `USE_ENHANCED`. It can be overridden in AnalyzeContentRequest and StreamingAnalyzeContentRequest request. }, + "timeZone": "A String", # The time zone of this conversational profile from the [time zone database](https://www.iana.org/time-zones), e.g., America/New_York, Europe/Paris. Defaults to America/New_York. "updateTime": "A String", # Output only. Update time of the conversation profile. }, ], @@ -703,7 +711,7 @@

Method Details

{ # Defines the services to connect to incoming Dialogflow conversations. "automatedAgentConfig": { # Defines the Automated Agent to connect to a conversation. # Configuration for an automated agent to use with this profile. - "agent": "A String", # Required. ID of the Dialogflow agent environment to use. This project needs to either be the same project as the conversation or you need to grant `service-@gcp-sa-dialogflow.iam.gserviceaccount.com` the `Dialogflow API Service Agent` role in this project. Format: `projects//locations//agent/environments/`. If environment is not specified, the default `draft` environment is used. Refer to [DetectIntentRequest](/dialogflow/docs/reference/rpc/google.cloud.dialogflow.v2#google.cloud.dialogflow.v2.DetectIntentRequest) for more details. + "agent": "A String", # Required. ID of the Dialogflow agent environment to use. This project needs to either be the same project as the conversation or you need to grant `service-@gcp-sa-dialogflow.iam.gserviceaccount.com` the `Dialogflow API Service Agent` role in this project. - For ES agents, use format: `projects//locations//agent/environments/`. If environment is not specified, the default `draft` environment is used. Refer to [DetectIntentRequest](/dialogflow/docs/reference/rpc/google.cloud.dialogflow.v2#google.cloud.dialogflow.v2.DetectIntentRequest) for more details. - For CX agents, use format `projects//locations//agents//environments/`. If environment is not specified, the default `draft` environment is used. }, "createTime": "A String", # Output only. Create time of the conversation profile. "displayName": "A String", # Required. Human readable name for this profile. Max length 1024 bytes. @@ -716,7 +724,7 @@

Method Details

}, "enableEventBasedSuggestion": True or False, # Automatically iterates all participants and tries to compile suggestions. Supported features: ARTICLE_SUGGESTION, FAQ, DIALOGFLOW_ASSIST. "queryConfig": { # Config for suggestion query. # Configs of query. - "confidenceThreshold": 3.14, # Confidence threshold of query result. Agent Assist gives each suggestion a score in the range [0.0, 1.0], based on the relevance between the suggestion and the current conversation context. A score of 0.0 has no relevance, while a score of 1.0 has high relevance. Only suggestions with a score greater than or equal to the value of this field are included in the results. For a baseline model (the default), the recommended value is in the range [0.05, 0.1]. For a custom model, there is no recommended value. Tune this value by starting from a very low value and slowly increasing until you have desired results. If this field is not set, it defaults to 0.0, which means that all suggestions are returned. Supported features: ARTICLE_SUGGESTION. + "confidenceThreshold": 3.14, # Confidence threshold of query result. Agent Assist gives each suggestion a score in the range [0.0, 1.0], based on the relevance between the suggestion and the current conversation context. A score of 0.0 has no relevance, while a score of 1.0 has high relevance. Only suggestions with a score greater than or equal to the value of this field are included in the results. For a baseline model (the default), the recommended value is in the range [0.05, 0.1]. For a custom model, there is no recommended value. Tune this value by starting from a very low value and slowly increasing until you have desired results. If this field is not set, it defaults to 0.0, which means that all suggestions are returned. Supported features: ARTICLE_SUGGESTION, FAQ, SMART_REPLY, SMART_COMPOSE. "contextFilterSettings": { # Settings that determine how to filter recent conversation context when generating suggestions. # Determines how recent conversation context is filtered when generating suggestions. If unspecified, no messages will be dropped. "dropHandoffMessages": True or False, # If set to true, the last message from virtual agent (hand off message) and the message before it (trigger message of hand off) are dropped. "dropIvrMessages": True or False, # If set to true, all messages from ivr stage are dropped. @@ -756,7 +764,7 @@

Method Details

}, "enableEventBasedSuggestion": True or False, # Automatically iterates all participants and tries to compile suggestions. Supported features: ARTICLE_SUGGESTION, FAQ, DIALOGFLOW_ASSIST. "queryConfig": { # Config for suggestion query. # Configs of query. - "confidenceThreshold": 3.14, # Confidence threshold of query result. Agent Assist gives each suggestion a score in the range [0.0, 1.0], based on the relevance between the suggestion and the current conversation context. A score of 0.0 has no relevance, while a score of 1.0 has high relevance. Only suggestions with a score greater than or equal to the value of this field are included in the results. For a baseline model (the default), the recommended value is in the range [0.05, 0.1]. For a custom model, there is no recommended value. Tune this value by starting from a very low value and slowly increasing until you have desired results. If this field is not set, it defaults to 0.0, which means that all suggestions are returned. Supported features: ARTICLE_SUGGESTION. + "confidenceThreshold": 3.14, # Confidence threshold of query result. Agent Assist gives each suggestion a score in the range [0.0, 1.0], based on the relevance between the suggestion and the current conversation context. A score of 0.0 has no relevance, while a score of 1.0 has high relevance. Only suggestions with a score greater than or equal to the value of this field are included in the results. For a baseline model (the default), the recommended value is in the range [0.05, 0.1]. For a custom model, there is no recommended value. Tune this value by starting from a very low value and slowly increasing until you have desired results. If this field is not set, it defaults to 0.0, which means that all suggestions are returned. Supported features: ARTICLE_SUGGESTION, FAQ, SMART_REPLY, SMART_COMPOSE. "contextFilterSettings": { # Settings that determine how to filter recent conversation context when generating suggestions. # Determines how recent conversation context is filtered when generating suggestions. If unspecified, no messages will be dropped. "dropHandoffMessages": True or False, # If set to true, the last message from virtual agent (hand off message) and the message before it (trigger message of hand off) are dropped. "dropIvrMessages": True or False, # If set to true, all messages from ivr stage are dropped. @@ -808,7 +816,7 @@

Method Details

"organizationId": "A String", # Required. The organization ID of the Salesforce account. }, }, - "languageCode": "A String", # Language which represents the conversationProfile. If unspecified, the default language code en-us applies. Users need to create a ConversationProfile for each language they want to support. + "languageCode": "A String", # Language code for the conversation profile. If not specified, the language is en-US. Language at ConversationProfile should be set for all non en-US languages. This should be a [BCP-47](https://www.rfc-editor.org/rfc/bcp/bcp47.txt) language tag. Example: "en-US". "loggingConfig": { # Defines logging behavior for conversation lifecycle events. # Configuration for logging conversation lifecycle events. "enableStackdriverLogging": True or False, # Whether to log conversation events like CONVERSATION_STARTED to Stackdriver in the conversation project as JSON format ConversationEvent protos. }, @@ -821,9 +829,11 @@

Method Details

"messageFormat": "A String", # Format of message. "topic": "A String", # Name of the Pub/Sub topic to publish conversation events like CONVERSATION_STARTED as serialized ConversationEvent protos. Notification works for phone calls, if this topic either is in the same project as the conversation or you grant `service-@gcp-sa-dialogflow.iam.gserviceaccount.com` the `Dialogflow Service Agent` role in the topic project. Format: `projects//locations//topics/`. }, + "securitySettings": "A String", # Name of the CX SecuritySettings reference for the agent. Format: `projects//locations//securitySettings/`. "sttConfig": { # Configures speech transcription for ConversationProfile. # Settings for speech transcription. "speechModelVariant": "A String", # Optional. The speech model used in speech to text. `SPEECH_MODEL_VARIANT_UNSPECIFIED`, `USE_BEST_AVAILABLE` will be treated as `USE_ENHANCED`. It can be overridden in AnalyzeContentRequest and StreamingAnalyzeContentRequest request. }, + "timeZone": "A String", # The time zone of this conversational profile from the [time zone database](https://www.iana.org/time-zones), e.g., America/New_York, Europe/Paris. Defaults to America/New_York. "updateTime": "A String", # Output only. Update time of the conversation profile. } @@ -838,7 +848,7 @@

Method Details

{ # Defines the services to connect to incoming Dialogflow conversations. "automatedAgentConfig": { # Defines the Automated Agent to connect to a conversation. # Configuration for an automated agent to use with this profile. - "agent": "A String", # Required. ID of the Dialogflow agent environment to use. This project needs to either be the same project as the conversation or you need to grant `service-@gcp-sa-dialogflow.iam.gserviceaccount.com` the `Dialogflow API Service Agent` role in this project. Format: `projects//locations//agent/environments/`. If environment is not specified, the default `draft` environment is used. Refer to [DetectIntentRequest](/dialogflow/docs/reference/rpc/google.cloud.dialogflow.v2#google.cloud.dialogflow.v2.DetectIntentRequest) for more details. + "agent": "A String", # Required. ID of the Dialogflow agent environment to use. This project needs to either be the same project as the conversation or you need to grant `service-@gcp-sa-dialogflow.iam.gserviceaccount.com` the `Dialogflow API Service Agent` role in this project. - For ES agents, use format: `projects//locations//agent/environments/`. If environment is not specified, the default `draft` environment is used. Refer to [DetectIntentRequest](/dialogflow/docs/reference/rpc/google.cloud.dialogflow.v2#google.cloud.dialogflow.v2.DetectIntentRequest) for more details. - For CX agents, use format `projects//locations//agents//environments/`. If environment is not specified, the default `draft` environment is used. }, "createTime": "A String", # Output only. Create time of the conversation profile. "displayName": "A String", # Required. Human readable name for this profile. Max length 1024 bytes. @@ -851,7 +861,7 @@

Method Details

}, "enableEventBasedSuggestion": True or False, # Automatically iterates all participants and tries to compile suggestions. Supported features: ARTICLE_SUGGESTION, FAQ, DIALOGFLOW_ASSIST. "queryConfig": { # Config for suggestion query. # Configs of query. - "confidenceThreshold": 3.14, # Confidence threshold of query result. Agent Assist gives each suggestion a score in the range [0.0, 1.0], based on the relevance between the suggestion and the current conversation context. A score of 0.0 has no relevance, while a score of 1.0 has high relevance. Only suggestions with a score greater than or equal to the value of this field are included in the results. For a baseline model (the default), the recommended value is in the range [0.05, 0.1]. For a custom model, there is no recommended value. Tune this value by starting from a very low value and slowly increasing until you have desired results. If this field is not set, it defaults to 0.0, which means that all suggestions are returned. Supported features: ARTICLE_SUGGESTION. + "confidenceThreshold": 3.14, # Confidence threshold of query result. Agent Assist gives each suggestion a score in the range [0.0, 1.0], based on the relevance between the suggestion and the current conversation context. A score of 0.0 has no relevance, while a score of 1.0 has high relevance. Only suggestions with a score greater than or equal to the value of this field are included in the results. For a baseline model (the default), the recommended value is in the range [0.05, 0.1]. For a custom model, there is no recommended value. Tune this value by starting from a very low value and slowly increasing until you have desired results. If this field is not set, it defaults to 0.0, which means that all suggestions are returned. Supported features: ARTICLE_SUGGESTION, FAQ, SMART_REPLY, SMART_COMPOSE. "contextFilterSettings": { # Settings that determine how to filter recent conversation context when generating suggestions. # Determines how recent conversation context is filtered when generating suggestions. If unspecified, no messages will be dropped. "dropHandoffMessages": True or False, # If set to true, the last message from virtual agent (hand off message) and the message before it (trigger message of hand off) are dropped. "dropIvrMessages": True or False, # If set to true, all messages from ivr stage are dropped. @@ -891,7 +901,7 @@

Method Details

}, "enableEventBasedSuggestion": True or False, # Automatically iterates all participants and tries to compile suggestions. Supported features: ARTICLE_SUGGESTION, FAQ, DIALOGFLOW_ASSIST. "queryConfig": { # Config for suggestion query. # Configs of query. - "confidenceThreshold": 3.14, # Confidence threshold of query result. Agent Assist gives each suggestion a score in the range [0.0, 1.0], based on the relevance between the suggestion and the current conversation context. A score of 0.0 has no relevance, while a score of 1.0 has high relevance. Only suggestions with a score greater than or equal to the value of this field are included in the results. For a baseline model (the default), the recommended value is in the range [0.05, 0.1]. For a custom model, there is no recommended value. Tune this value by starting from a very low value and slowly increasing until you have desired results. If this field is not set, it defaults to 0.0, which means that all suggestions are returned. Supported features: ARTICLE_SUGGESTION. + "confidenceThreshold": 3.14, # Confidence threshold of query result. Agent Assist gives each suggestion a score in the range [0.0, 1.0], based on the relevance between the suggestion and the current conversation context. A score of 0.0 has no relevance, while a score of 1.0 has high relevance. Only suggestions with a score greater than or equal to the value of this field are included in the results. For a baseline model (the default), the recommended value is in the range [0.05, 0.1]. For a custom model, there is no recommended value. Tune this value by starting from a very low value and slowly increasing until you have desired results. If this field is not set, it defaults to 0.0, which means that all suggestions are returned. Supported features: ARTICLE_SUGGESTION, FAQ, SMART_REPLY, SMART_COMPOSE. "contextFilterSettings": { # Settings that determine how to filter recent conversation context when generating suggestions. # Determines how recent conversation context is filtered when generating suggestions. If unspecified, no messages will be dropped. "dropHandoffMessages": True or False, # If set to true, the last message from virtual agent (hand off message) and the message before it (trigger message of hand off) are dropped. "dropIvrMessages": True or False, # If set to true, all messages from ivr stage are dropped. @@ -943,7 +953,7 @@

Method Details

"organizationId": "A String", # Required. The organization ID of the Salesforce account. }, }, - "languageCode": "A String", # Language which represents the conversationProfile. If unspecified, the default language code en-us applies. Users need to create a ConversationProfile for each language they want to support. + "languageCode": "A String", # Language code for the conversation profile. If not specified, the language is en-US. Language at ConversationProfile should be set for all non en-US languages. This should be a [BCP-47](https://www.rfc-editor.org/rfc/bcp/bcp47.txt) language tag. Example: "en-US". "loggingConfig": { # Defines logging behavior for conversation lifecycle events. # Configuration for logging conversation lifecycle events. "enableStackdriverLogging": True or False, # Whether to log conversation events like CONVERSATION_STARTED to Stackdriver in the conversation project as JSON format ConversationEvent protos. }, @@ -956,9 +966,11 @@

Method Details

"messageFormat": "A String", # Format of message. "topic": "A String", # Name of the Pub/Sub topic to publish conversation events like CONVERSATION_STARTED as serialized ConversationEvent protos. Notification works for phone calls, if this topic either is in the same project as the conversation or you grant `service-@gcp-sa-dialogflow.iam.gserviceaccount.com` the `Dialogflow Service Agent` role in the topic project. Format: `projects//locations//topics/`. }, + "securitySettings": "A String", # Name of the CX SecuritySettings reference for the agent. Format: `projects//locations//securitySettings/`. "sttConfig": { # Configures speech transcription for ConversationProfile. # Settings for speech transcription. "speechModelVariant": "A String", # Optional. The speech model used in speech to text. `SPEECH_MODEL_VARIANT_UNSPECIFIED`, `USE_BEST_AVAILABLE` will be treated as `USE_ENHANCED`. It can be overridden in AnalyzeContentRequest and StreamingAnalyzeContentRequest request. }, + "timeZone": "A String", # The time zone of this conversational profile from the [time zone database](https://www.iana.org/time-zones), e.g., America/New_York, Europe/Paris. Defaults to America/New_York. "updateTime": "A String", # Output only. Update time of the conversation profile. } diff --git a/docs/dyn/documentai_v1.projects.locations.processors.processorVersions.html b/docs/dyn/documentai_v1.projects.locations.processors.processorVersions.html index 5c4a3fdab03..d684be7a575 100644 --- a/docs/dyn/documentai_v1.projects.locations.processors.processorVersions.html +++ b/docs/dyn/documentai_v1.projects.locations.processors.processorVersions.html @@ -260,41 +260,7 @@

Method Details

{ # A processor version is an implementation of a processor. Each processor can have multiple versions, pre-trained by Google internally or up-trained by the customer. At a time, a processor can only have one default version version. So the processor's behavior (when processing documents) is defined by a default version. "createTime": "A String", # The time the processor version was created. "displayName": "A String", # The display name of the processor version. - "latestEvaluation": { # Gives a short summary of an evaluation, and links to the evaluation itself. # The most recently invoked evaluation for the processor version. - "aggregateMetrics": { # Evaluation metrics, either in aggregate or about a specific entity. # An aggregate of the statistics for the evaluation. - "f1Score": 3.14, # The calculated f1 score. - "falseNegativesCount": 42, # The amount of false negatives. - "falsePositivesCount": 42, # The amount of false positives. - "groundTruthOccurrencesCount": 42, # The amount of occurrences in ground truth documents. - "precision": 3.14, # The calculated precision. - "predictedOccurrencesCount": 42, # The amount of occurrences in predicted documents. - "recall": 3.14, # The calculated recall. - "totalDocumentsCount": 42, # The amount of documents that had an occurrence of this label. - "truePositivesCount": 42, # The amount of true positives. - }, - "evaluation": "A String", # The resource name of the evaluation. - "operation": "A String", # The resource name of the Long Running Operation for the evaluation. - }, "name": "A String", # The resource name of the processor version. Format: projects/{project}/locations/{location}/processors/{processor}/processorVersions/{processor_version} - "schema": { # The schema defines the output of the processed document by a processor. # The schema of the processor version. Describes the output. - "description": "A String", # Description of the schema. - "displayName": "A String", # Display name to show to users. - "entityTypes": [ # Entity types of the schema. - { # EntityType is the wrapper of a label of the corresponding model with detailed attributes and limitations for entity-based processors. Multiple types can also compose a dependency tree to represent nested types. - "baseType": "A String", # Type of the entity. It must be one of the following: `document` - the entity represents a classification of a logical document. `object` - if the entity has properties it is likely an object (or or a document.) `datetime` - the entity is a date or time value. `money` - the entity represents a money value amount. `number` - the entity is a number - integer or floating point. `string` - the entity is a string value. `boolean` - the entity is a boolean value. `address` - the entity is a location address. `duration` - the entity is a duration. - "description": "A String", # Description of the entity type. - "enumValues": [ # If specified, lists all the possible values for this entity. - "A String", - ], - "occurrenceType": "A String", # Occurrence type limits the number of times an entity type appears in the document. - "properties": [ # Describing the nested structure of an entity. An EntityType may consist of several other EntityTypes. For example, in a document there can be an EntityType 'ID', which consists of EntityType 'name' and 'address', with corresponding attributes, such as TEXT for both types and ONCE for occurrence types. - # Object with schema name: GoogleCloudDocumentaiV1SchemaEntityType - ], - "source": "A String", # Source of this entity type. - "type": "A String", # Name of the type. It must satisfy the following constraints: 1. Must be unique within the set of same level types (with case-insensitive match). 2. Maximum 50 characters. 3. Must start with a letter. 4. Allowed characters: ASCII letters [a-zA-Z], ASCII digits [0-9], or one of the following punctuation characters: * underscore '_' (recommended) * hyphen '-' (allowed, not recommended) * colon ':' (allowed, not recommended) NOTE: Whitespace characters are not allowed. 5. Cannot end with a punctuation character. 6. Cannot contain the following restricted strings: "google", "DocumentAI" (case-insensitive match). 7. A slash character '/' is reserved as a separator in flattened representations of nested entity types (e.g., "line_item/amount") in which case each part (e.g., "line_item", "amount") must comply with the rules defined above. We recommend using the snake case ("snake_case") in entity type names. - }, - ], - }, "state": "A String", # The state of the processor version. } @@ -321,41 +287,7 @@

Method Details

{ # A processor version is an implementation of a processor. Each processor can have multiple versions, pre-trained by Google internally or up-trained by the customer. At a time, a processor can only have one default version version. So the processor's behavior (when processing documents) is defined by a default version. "createTime": "A String", # The time the processor version was created. "displayName": "A String", # The display name of the processor version. - "latestEvaluation": { # Gives a short summary of an evaluation, and links to the evaluation itself. # The most recently invoked evaluation for the processor version. - "aggregateMetrics": { # Evaluation metrics, either in aggregate or about a specific entity. # An aggregate of the statistics for the evaluation. - "f1Score": 3.14, # The calculated f1 score. - "falseNegativesCount": 42, # The amount of false negatives. - "falsePositivesCount": 42, # The amount of false positives. - "groundTruthOccurrencesCount": 42, # The amount of occurrences in ground truth documents. - "precision": 3.14, # The calculated precision. - "predictedOccurrencesCount": 42, # The amount of occurrences in predicted documents. - "recall": 3.14, # The calculated recall. - "totalDocumentsCount": 42, # The amount of documents that had an occurrence of this label. - "truePositivesCount": 42, # The amount of true positives. - }, - "evaluation": "A String", # The resource name of the evaluation. - "operation": "A String", # The resource name of the Long Running Operation for the evaluation. - }, "name": "A String", # The resource name of the processor version. Format: projects/{project}/locations/{location}/processors/{processor}/processorVersions/{processor_version} - "schema": { # The schema defines the output of the processed document by a processor. # The schema of the processor version. Describes the output. - "description": "A String", # Description of the schema. - "displayName": "A String", # Display name to show to users. - "entityTypes": [ # Entity types of the schema. - { # EntityType is the wrapper of a label of the corresponding model with detailed attributes and limitations for entity-based processors. Multiple types can also compose a dependency tree to represent nested types. - "baseType": "A String", # Type of the entity. It must be one of the following: `document` - the entity represents a classification of a logical document. `object` - if the entity has properties it is likely an object (or or a document.) `datetime` - the entity is a date or time value. `money` - the entity represents a money value amount. `number` - the entity is a number - integer or floating point. `string` - the entity is a string value. `boolean` - the entity is a boolean value. `address` - the entity is a location address. `duration` - the entity is a duration. - "description": "A String", # Description of the entity type. - "enumValues": [ # If specified, lists all the possible values for this entity. - "A String", - ], - "occurrenceType": "A String", # Occurrence type limits the number of times an entity type appears in the document. - "properties": [ # Describing the nested structure of an entity. An EntityType may consist of several other EntityTypes. For example, in a document there can be an EntityType 'ID', which consists of EntityType 'name' and 'address', with corresponding attributes, such as TEXT for both types and ONCE for occurrence types. - # Object with schema name: GoogleCloudDocumentaiV1SchemaEntityType - ], - "source": "A String", # Source of this entity type. - "type": "A String", # Name of the type. It must satisfy the following constraints: 1. Must be unique within the set of same level types (with case-insensitive match). 2. Maximum 50 characters. 3. Must start with a letter. 4. Allowed characters: ASCII letters [a-zA-Z], ASCII digits [0-9], or one of the following punctuation characters: * underscore '_' (recommended) * hyphen '-' (allowed, not recommended) * colon ':' (allowed, not recommended) NOTE: Whitespace characters are not allowed. 5. Cannot end with a punctuation character. 6. Cannot contain the following restricted strings: "google", "DocumentAI" (case-insensitive match). 7. A slash character '/' is reserved as a separator in flattened representations of nested entity types (e.g., "line_item/amount") in which case each part (e.g., "line_item", "amount") must comply with the rules defined above. We recommend using the snake case ("snake_case") in entity type names. - }, - ], - }, "state": "A String", # The state of the processor version. }, ], diff --git a/docs/dyn/documentai_v1beta3.projects.locations.processors.processorVersions.html b/docs/dyn/documentai_v1beta3.projects.locations.processors.processorVersions.html index 56ded75d00b..0aa447d1862 100644 --- a/docs/dyn/documentai_v1beta3.projects.locations.processors.processorVersions.html +++ b/docs/dyn/documentai_v1beta3.projects.locations.processors.processorVersions.html @@ -269,41 +269,7 @@

Method Details

{ # A processor version is an implementation of a processor. Each processor can have multiple versions, pre-trained by Google internally or up-trained by the customer. At a time, a processor can only have one default version version. So the processor's behavior (when processing documents) is defined by a default version. "createTime": "A String", # The time the processor version was created. "displayName": "A String", # The display name of the processor version. - "latestEvaluation": { # Gives a short summary of an evaluation, and links to the evaluation itself. # The most recently invoked evaluation for the processor version. - "aggregateMetrics": { # Evaluation metrics, either in aggregate or about a specific entity. # An aggregate of the statistics for the evaluation. - "f1Score": 3.14, # The calculated f1 score. - "falseNegativesCount": 42, # The amount of false negatives. - "falsePositivesCount": 42, # The amount of false positives. - "groundTruthOccurrencesCount": 42, # The amount of occurrences in ground truth documents. - "precision": 3.14, # The calculated precision. - "predictedOccurrencesCount": 42, # The amount of occurrences in predicted documents. - "recall": 3.14, # The calculated recall. - "totalDocumentsCount": 42, # The amount of documents that had an occurrence of this label. - "truePositivesCount": 42, # The amount of true positives. - }, - "evaluation": "A String", # The resource name of the evaluation. - "operation": "A String", # The resource name of the Long Running Operation for the evaluation. - }, "name": "A String", # The resource name of the processor version. Format: projects/{project}/locations/{location}/processors/{processor}/processorVersions/{processor_version} - "schema": { # The schema defines the output of the processed document by a processor. # The schema of the processor version. Describes the output. - "description": "A String", # Description of the schema. - "displayName": "A String", # Display name to show to users. - "entityTypes": [ # Entity types of the schema. - { # EntityType is the wrapper of a label of the corresponding model with detailed attributes and limitations for entity-based processors. Multiple types can also compose a dependency tree to represent nested types. - "baseType": "A String", # Type of the entity. It must be one of the following: `document` - the entity represents a classification of a logical document. `object` - if the entity has properties it is likely an object (or or a document.) `datetime` - the entity is a date or time value. `money` - the entity represents a money value amount. `number` - the entity is a number - integer or floating point. `string` - the entity is a string value. `boolean` - the entity is a boolean value. `address` - the entity is a location address. `duration` - the entity is a duration. - "description": "A String", # Description of the entity type. - "enumValues": [ # If specified, lists all the possible values for this entity. - "A String", - ], - "occurrenceType": "A String", # Occurrence type limits the number of times an entity type appears in the document. - "properties": [ # Describing the nested structure of an entity. An EntityType may consist of several other EntityTypes. For example, in a document there can be an EntityType 'ID', which consists of EntityType 'name' and 'address', with corresponding attributes, such as TEXT for both types and ONCE for occurrence types. - # Object with schema name: GoogleCloudDocumentaiV1beta3SchemaEntityType - ], - "source": "A String", # Source of this entity type. - "type": "A String", # Name of the type. It must satisfy the following constraints: 1. Must be unique within the set of same level types (with case-insensitive match). 2. Maximum 50 characters. 3. Must start with a letter. 4. Allowed characters: ASCII letters [a-zA-Z], ASCII digits [0-9], or one of the following punctuation characters: * underscore '_' (recommended) * hyphen '-' (allowed, not recommended) * colon ':' (allowed, not recommended) NOTE: Whitespace characters are not allowed. 5. Cannot end with a punctuation character. 6. Cannot contain the following restricted strings: "google", "DocumentAI" (case-insensitive match). 7. A slash character '/' is reserved as a separator in flattened representations of nested entity types (e.g., "line_item/amount") in which case each part (e.g., "line_item", "amount") must comply with the rules defined above. We recommend using the snake case ("snake_case") in entity type names. - }, - ], - }, "state": "A String", # The state of the processor version. } @@ -330,41 +296,7 @@

Method Details

{ # A processor version is an implementation of a processor. Each processor can have multiple versions, pre-trained by Google internally or up-trained by the customer. At a time, a processor can only have one default version version. So the processor's behavior (when processing documents) is defined by a default version. "createTime": "A String", # The time the processor version was created. "displayName": "A String", # The display name of the processor version. - "latestEvaluation": { # Gives a short summary of an evaluation, and links to the evaluation itself. # The most recently invoked evaluation for the processor version. - "aggregateMetrics": { # Evaluation metrics, either in aggregate or about a specific entity. # An aggregate of the statistics for the evaluation. - "f1Score": 3.14, # The calculated f1 score. - "falseNegativesCount": 42, # The amount of false negatives. - "falsePositivesCount": 42, # The amount of false positives. - "groundTruthOccurrencesCount": 42, # The amount of occurrences in ground truth documents. - "precision": 3.14, # The calculated precision. - "predictedOccurrencesCount": 42, # The amount of occurrences in predicted documents. - "recall": 3.14, # The calculated recall. - "totalDocumentsCount": 42, # The amount of documents that had an occurrence of this label. - "truePositivesCount": 42, # The amount of true positives. - }, - "evaluation": "A String", # The resource name of the evaluation. - "operation": "A String", # The resource name of the Long Running Operation for the evaluation. - }, "name": "A String", # The resource name of the processor version. Format: projects/{project}/locations/{location}/processors/{processor}/processorVersions/{processor_version} - "schema": { # The schema defines the output of the processed document by a processor. # The schema of the processor version. Describes the output. - "description": "A String", # Description of the schema. - "displayName": "A String", # Display name to show to users. - "entityTypes": [ # Entity types of the schema. - { # EntityType is the wrapper of a label of the corresponding model with detailed attributes and limitations for entity-based processors. Multiple types can also compose a dependency tree to represent nested types. - "baseType": "A String", # Type of the entity. It must be one of the following: `document` - the entity represents a classification of a logical document. `object` - if the entity has properties it is likely an object (or or a document.) `datetime` - the entity is a date or time value. `money` - the entity represents a money value amount. `number` - the entity is a number - integer or floating point. `string` - the entity is a string value. `boolean` - the entity is a boolean value. `address` - the entity is a location address. `duration` - the entity is a duration. - "description": "A String", # Description of the entity type. - "enumValues": [ # If specified, lists all the possible values for this entity. - "A String", - ], - "occurrenceType": "A String", # Occurrence type limits the number of times an entity type appears in the document. - "properties": [ # Describing the nested structure of an entity. An EntityType may consist of several other EntityTypes. For example, in a document there can be an EntityType 'ID', which consists of EntityType 'name' and 'address', with corresponding attributes, such as TEXT for both types and ONCE for occurrence types. - # Object with schema name: GoogleCloudDocumentaiV1beta3SchemaEntityType - ], - "source": "A String", # Source of this entity type. - "type": "A String", # Name of the type. It must satisfy the following constraints: 1. Must be unique within the set of same level types (with case-insensitive match). 2. Maximum 50 characters. 3. Must start with a letter. 4. Allowed characters: ASCII letters [a-zA-Z], ASCII digits [0-9], or one of the following punctuation characters: * underscore '_' (recommended) * hyphen '-' (allowed, not recommended) * colon ':' (allowed, not recommended) NOTE: Whitespace characters are not allowed. 5. Cannot end with a punctuation character. 6. Cannot contain the following restricted strings: "google", "DocumentAI" (case-insensitive match). 7. A slash character '/' is reserved as a separator in flattened representations of nested entity types (e.g., "line_item/amount") in which case each part (e.g., "line_item", "amount") must comply with the rules defined above. We recommend using the snake case ("snake_case") in entity type names. - }, - ], - }, "state": "A String", # The state of the processor version. }, ], diff --git a/docs/dyn/domains_v1.projects.locations.registrations.html b/docs/dyn/domains_v1.projects.locations.registrations.html index e28b11088b1..8d3e28c0cea 100644 --- a/docs/dyn/domains_v1.projects.locations.registrations.html +++ b/docs/dyn/domains_v1.projects.locations.registrations.html @@ -88,10 +88,10 @@

Instance Methods

Updates a `Registration`'s management settings.

delete(name, x__xgafv=None)

-

Deletes a `Registration` resource. For `Registration` resources using usage billing, this method works if: * `state` is `EXPORTED` with `expire_time` in the past * `state` is `REGISTRATION_FAILED` * `state` is `TRANSFER_FAILED` This method works on any `Registration` resource using subscription billing, provided that the resource was created at least 1 day in the past. When an active domain is successfully deleted, you can continue to use the domain in [Google Domains](https://domains.google/) until it expires. The calling user becomes the domain's sole owner in Google Domains, and permissions for the domain are subsequently managed there. The domain will not renew automatically unless the new owner sets up billing in Google Domains.

+

Deletes a `Registration` resource. This method works on any `Registration` resource using [Subscription or Commitment billing](/domains/pricing#billing-models), provided that the resource was created at least 1 day in the past. For `Registration` resources using [Monthly billing](/domains/pricing#billing-models), this method works if: * `state` is `EXPORTED` with `expire_time` in the past * `state` is `REGISTRATION_FAILED` * `state` is `TRANSFER_FAILED` When an active registration is successfully deleted, you can continue to use the domain in [Google Domains](https://domains.google/) until it expires. The calling user becomes the domain's sole owner in Google Domains, and permissions for the domain are subsequently managed there. The domain does not renew automatically unless the new owner sets up billing in Google Domains.

export(name, body=None, x__xgafv=None)

-

Exports a `Registration` resource, such that it is no longer managed by Cloud Domains. When an active domain is successfully exported, you can continue to use the domain in [Google Domains](https://domains.google/) until it expires. The calling user becomes the domain's sole owner in Google Domains, and permissions for the domain are subsequently managed there. The domain will not renew automatically unless the new owner sets up billing in Google Domains.

+

Exports a `Registration` resource, such that it is no longer managed by Cloud Domains. When an active domain is successfully exported, you can continue to use the domain in [Google Domains](https://domains.google/) until it expires. The calling user becomes the domain's sole owner in Google Domains, and permissions for the domain are subsequently managed there. The domain does not renew automatically unless the new owner sets up billing in Google Domains.

get(name, x__xgafv=None)

Gets the details of a `Registration` resource.

@@ -121,7 +121,7 @@

Instance Methods

Gets parameters needed to register a new domain name, including price and up-to-date availability. Use the returned values to call `RegisterDomain`.

retrieveTransferParameters(location, domainName=None, x__xgafv=None)

-

Gets parameters needed to transfer a domain name from another registrar to Cloud Domains. For domains managed by Google Domains, transferring to Cloud Domains is not yet supported. Use the returned values to call `TransferDomain`.

+

Gets parameters needed to transfer a domain name from another registrar to Cloud Domains. For domains managed by Google Domains, transferring to Cloud Domains is not supported. Use the returned values to call `TransferDomain`.

searchDomains(location, query=None, x__xgafv=None)

Searches for available domain names similar to the provided query. Availability results from this method are approximate; call `RetrieveRegisterParameters` on a domain before registering to confirm availability.

@@ -133,7 +133,7 @@

Instance Methods

Returns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a `NOT_FOUND` error. Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may "fail open" without warning.

transfer(parent, body=None, x__xgafv=None)

-

Transfers a domain name from another registrar to Cloud Domains. For domains managed by Google Domains, transferring to Cloud Domains is not yet supported. Before calling this method, go to the domain's current registrar to unlock the domain for transfer and retrieve the domain's transfer authorization code. Then call `RetrieveTransferParameters` to confirm that the domain is unlocked and to get values needed to build a call to this method. A successful call creates a `Registration` resource in state `TRANSFER_PENDING`. It can take several days to complete the transfer process. The registrant can often speed up this process by approving the transfer through the current registrar, either by clicking a link in an email from the registrar or by visiting the registrar's website. A few minutes after transfer approval, the resource transitions to state `ACTIVE`, indicating that the transfer was successful. If the transfer is rejected or the request expires without being approved, the resource can end up in state `TRANSFER_FAILED`. If transfer fails, you can safely delete the resource and retry the transfer.

+

Transfers a domain name from another registrar to Cloud Domains. For domains managed by Google Domains, transferring to Cloud Domains is not supported. Before calling this method, go to the domain's current registrar to unlock the domain for transfer and retrieve the domain's transfer authorization code. Then call `RetrieveTransferParameters` to confirm that the domain is unlocked and to get values needed to build a call to this method. A successful call creates a `Registration` resource in state `TRANSFER_PENDING`. It can take several days to complete the transfer process. The registrant can often speed up this process by approving the transfer through the current registrar, either by clicking a link in an email from the registrar or by visiting the registrar's website. A few minutes after transfer approval, the resource transitions to state `ACTIVE`, indicating that the transfer was successful. If the transfer is rejected or the request expires without being approved, the resource can end up in state `TRANSFER_FAILED`. If transfer fails, you can safely delete the resource and retry the transfer.

Method Details

close() @@ -177,7 +177,7 @@

Method Details

}, }, "privacy": "A String", # Required. Privacy setting for the contacts associated with the `Registration`. - "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant will receive an email confirmation that they must complete within 15 days to avoid domain suspension.* + "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant receives an email confirmation that they must complete within 15 days to avoid domain suspension.* "email": "A String", # Required. Email address of the contact. "faxNumber": "A String", # Fax number of the contact in international format. For example, `"+1-800-555-0123"`. "phoneNumber": "A String", # Required. Phone number of the contact in international format. For example, `"+1-800-555-0123"`. @@ -222,7 +222,7 @@

Method Details

}, }, }, - "updateMask": "A String", # Required. The field mask describing which fields to update as a comma-separated list. For example, if only the registrant contact is being updated, the `update_mask` would be `"registrant_contact"`. + "updateMask": "A String", # Required. The field mask describing which fields to update as a comma-separated list. For example, if only the registrant contact is being updated, the `update_mask` is `"registrant_contact"`. "validateOnly": True or False, # Validate the request without actually updating the contact settings. } @@ -305,7 +305,7 @@

Method Details

], }, }, - "updateMask": "A String", # Required. The field mask describing which fields to update as a comma-separated list. For example, if only the name servers are being updated for an existing Custom DNS configuration, the `update_mask` would be `"custom_dns.name_servers"`. When changing the DNS provider from one type to another, pass the new provider's field name as part of the field mask. For example, when changing from a Google Domains DNS configuration to a Custom DNS configuration, the `update_mask` would be `"custom_dns"`. // + "updateMask": "A String", # Required. The field mask describing which fields to update as a comma-separated list. For example, if only the name servers are being updated for an existing Custom DNS configuration, the `update_mask` is `"custom_dns.name_servers"`. When changing the DNS provider from one type to another, pass the new provider's field name as part of the field mask. For example, when changing from a Google Domains DNS configuration to a Custom DNS configuration, the `update_mask` is `"custom_dns"`. // "validateOnly": True or False, # Validate the request without actually updating the DNS settings. } @@ -352,7 +352,7 @@

Method Details

"renewalMethod": "A String", # Output only. The renewal method for this `Registration`. "transferLockState": "A String", # Controls whether the domain can be transferred to another registrar. }, - "updateMask": "A String", # Required. The field mask describing which fields to update as a comma-separated list. For example, if only the transfer lock is being updated, the `update_mask` would be `"transfer_lock_state"`. + "updateMask": "A String", # Required. The field mask describing which fields to update as a comma-separated list. For example, if only the transfer lock is being updated, the `update_mask` is `"transfer_lock_state"`. } x__xgafv: string, V1 error format. @@ -386,7 +386,7 @@

Method Details

delete(name, x__xgafv=None) - 
Deletes a `Registration` resource. For `Registration` resources using usage billing, this method works if: * `state` is `EXPORTED` with `expire_time` in the past * `state` is `REGISTRATION_FAILED` * `state` is `TRANSFER_FAILED` This method works on any `Registration` resource using subscription billing, provided that the resource was created at least 1 day in the past. When an active domain is successfully deleted, you can continue to use the domain in [Google Domains](https://domains.google/) until it expires. The calling user becomes the domain's sole owner in Google Domains, and permissions for the domain are subsequently managed there. The domain will not renew automatically unless the new owner sets up billing in Google Domains.
+  
Deletes a `Registration` resource. This method works on any `Registration` resource using [Subscription or Commitment billing](/domains/pricing#billing-models), provided that the resource was created at least 1 day in the past. For `Registration` resources using [Monthly billing](/domains/pricing#billing-models), this method works if: * `state` is `EXPORTED` with `expire_time` in the past * `state` is `REGISTRATION_FAILED` * `state` is `TRANSFER_FAILED` When an active registration is successfully deleted, you can continue to use the domain in [Google Domains](https://domains.google/) until it expires. The calling user becomes the domain's sole owner in Google Domains, and permissions for the domain are subsequently managed there. The domain does not renew automatically unless the new owner sets up billing in Google Domains.
 
 Args:
   name: string, Required. The name of the `Registration` to delete, in the format `projects/*/locations/*/registrations/*`. (required)
@@ -421,7 +421,7 @@ 
Method Details

 
 

     export(name, body=None, x__xgafv=None)
-  
Exports a `Registration` resource, such that it is no longer managed by Cloud Domains. When an active domain is successfully exported, you can continue to use the domain in [Google Domains](https://domains.google/) until it expires. The calling user becomes the domain's sole owner in Google Domains, and permissions for the domain are subsequently managed there. The domain will not renew automatically unless the new owner sets up billing in Google Domains.
+  
Exports a `Registration` resource, such that it is no longer managed by Cloud Domains. When an active domain is successfully exported, you can continue to use the domain in [Google Domains](https://domains.google/) until it expires. The calling user becomes the domain's sole owner in Google Domains, and permissions for the domain are subsequently managed there. The domain does not renew automatically unless the new owner sets up billing in Google Domains.
 
 Args:
   name: string, Required. The name of the `Registration` to export, in the format `projects/*/locations/*/registrations/*`. (required)
@@ -499,7 +499,7 @@ 
Method Details

       },
     },
     "privacy": "A String", # Required. Privacy setting for the contacts associated with the `Registration`.
-    "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant will receive an email confirmation that they must complete within 15 days to avoid domain suspension.*
+    "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant receives an email confirmation that they must complete within 15 days to avoid domain suspension.*
       "email": "A String", # Required. Email address of the contact.
       "faxNumber": "A String", # Fax number of the contact in international format. For example, `"+1-800-555-0123"`.
       "phoneNumber": "A String", # Required. Phone number of the contact in international format. For example, `"+1-800-555-0123"`.
@@ -598,7 +598,7 @@ 
Method Details

     "transferLockState": "A String", # Controls whether the domain can be transferred to another registrar.
   },
   "name": "A String", # Output only. Name of the `Registration` resource, in the format `projects/*/locations/*/registrations/`.
-  "pendingContactSettings": { # Defines the contact information associated with a `Registration`. [ICANN](https://icann.org/) requires all domain names to have associated contact information. The `registrant_contact` is considered the domain's legal owner, and often the other contacts are identical. # Output only. Pending contact settings for the `Registration`. Updates to the `contact_settings` field that change its `registrant_contact` or `privacy` fields require email confirmation by the `registrant_contact` before taking effect. This field is set only if there are pending updates to the `contact_settings` that have not yet been confirmed. To confirm the changes, the `registrant_contact` must follow the instructions in the email they receive.
+  "pendingContactSettings": { # Defines the contact information associated with a `Registration`. [ICANN](https://icann.org/) requires all domain names to have associated contact information. The `registrant_contact` is considered the domain's legal owner, and often the other contacts are identical. # Output only. Pending contact settings for the `Registration`. Updates to the `contact_settings` field that change its `registrant_contact` or `privacy` fields require email confirmation by the `registrant_contact` before taking effect. This field is set only if there are pending updates to the `contact_settings` that have not been confirmed. To confirm the changes, the `registrant_contact` must follow the instructions in the email they receive.
     "adminContact": { # Details required for a contact associated with a `Registration`. # Required. The administrative contact for the `Registration`.
       "email": "A String", # Required. Email address of the contact.
       "faxNumber": "A String", # Fax number of the contact in international format. For example, `"+1-800-555-0123"`.
@@ -622,7 +622,7 @@ 
Method Details

       },
     },
     "privacy": "A String", # Required. Privacy setting for the contacts associated with the `Registration`.
-    "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant will receive an email confirmation that they must complete within 15 days to avoid domain suspension.*
+    "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant receives an email confirmation that they must complete within 15 days to avoid domain suspension.*
       "email": "A String", # Required. Email address of the contact.
       "faxNumber": "A String", # Fax number of the contact in international format. For example, `"+1-800-555-0123"`.
       "phoneNumber": "A String", # Required. Phone number of the contact in international format. For example, `"+1-800-555-0123"`.
@@ -680,7 +680,7 @@ 
Method Details

 
 Args:
   resource: string, REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. (required)
-  options_requestedPolicyVersion: integer, Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  options_requestedPolicyVersion: integer, Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
@@ -767,7 +767,7 @@ 
Method Details

           },
         },
         "privacy": "A String", # Required. Privacy setting for the contacts associated with the `Registration`.
-        "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant will receive an email confirmation that they must complete within 15 days to avoid domain suspension.*
+        "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant receives an email confirmation that they must complete within 15 days to avoid domain suspension.*
           "email": "A String", # Required. Email address of the contact.
           "faxNumber": "A String", # Fax number of the contact in international format. For example, `"+1-800-555-0123"`.
           "phoneNumber": "A String", # Required. Phone number of the contact in international format. For example, `"+1-800-555-0123"`.
@@ -866,7 +866,7 @@ 
Method Details

         "transferLockState": "A String", # Controls whether the domain can be transferred to another registrar.
       },
       "name": "A String", # Output only. Name of the `Registration` resource, in the format `projects/*/locations/*/registrations/`.
-      "pendingContactSettings": { # Defines the contact information associated with a `Registration`. [ICANN](https://icann.org/) requires all domain names to have associated contact information. The `registrant_contact` is considered the domain's legal owner, and often the other contacts are identical. # Output only. Pending contact settings for the `Registration`. Updates to the `contact_settings` field that change its `registrant_contact` or `privacy` fields require email confirmation by the `registrant_contact` before taking effect. This field is set only if there are pending updates to the `contact_settings` that have not yet been confirmed. To confirm the changes, the `registrant_contact` must follow the instructions in the email they receive.
+      "pendingContactSettings": { # Defines the contact information associated with a `Registration`. [ICANN](https://icann.org/) requires all domain names to have associated contact information. The `registrant_contact` is considered the domain's legal owner, and often the other contacts are identical. # Output only. Pending contact settings for the `Registration`. Updates to the `contact_settings` field that change its `registrant_contact` or `privacy` fields require email confirmation by the `registrant_contact` before taking effect. This field is set only if there are pending updates to the `contact_settings` that have not been confirmed. To confirm the changes, the `registrant_contact` must follow the instructions in the email they receive.
         "adminContact": { # Details required for a contact associated with a `Registration`. # Required. The administrative contact for the `Registration`.
           "email": "A String", # Required. Email address of the contact.
           "faxNumber": "A String", # Fax number of the contact in international format. For example, `"+1-800-555-0123"`.
@@ -890,7 +890,7 @@ 
Method Details

           },
         },
         "privacy": "A String", # Required. Privacy setting for the contacts associated with the `Registration`.
-        "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant will receive an email confirmation that they must complete within 15 days to avoid domain suspension.*
+        "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant receives an email confirmation that they must complete within 15 days to avoid domain suspension.*
           "email": "A String", # Required. Email address of the contact.
           "faxNumber": "A String", # Fax number of the contact in international format. For example, `"+1-800-555-0123"`.
           "phoneNumber": "A String", # Required. Phone number of the contact in international format. For example, `"+1-800-555-0123"`.
@@ -992,7 +992,7 @@ 
Method Details

       },
     },
     "privacy": "A String", # Required. Privacy setting for the contacts associated with the `Registration`.
-    "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant will receive an email confirmation that they must complete within 15 days to avoid domain suspension.*
+    "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant receives an email confirmation that they must complete within 15 days to avoid domain suspension.*
       "email": "A String", # Required. Email address of the contact.
       "faxNumber": "A String", # Fax number of the contact in international format. For example, `"+1-800-555-0123"`.
       "phoneNumber": "A String", # Required. Phone number of the contact in international format. For example, `"+1-800-555-0123"`.
@@ -1091,7 +1091,7 @@ 
Method Details

     "transferLockState": "A String", # Controls whether the domain can be transferred to another registrar.
   },
   "name": "A String", # Output only. Name of the `Registration` resource, in the format `projects/*/locations/*/registrations/`.
-  "pendingContactSettings": { # Defines the contact information associated with a `Registration`. [ICANN](https://icann.org/) requires all domain names to have associated contact information. The `registrant_contact` is considered the domain's legal owner, and often the other contacts are identical. # Output only. Pending contact settings for the `Registration`. Updates to the `contact_settings` field that change its `registrant_contact` or `privacy` fields require email confirmation by the `registrant_contact` before taking effect. This field is set only if there are pending updates to the `contact_settings` that have not yet been confirmed. To confirm the changes, the `registrant_contact` must follow the instructions in the email they receive.
+  "pendingContactSettings": { # Defines the contact information associated with a `Registration`. [ICANN](https://icann.org/) requires all domain names to have associated contact information. The `registrant_contact` is considered the domain's legal owner, and often the other contacts are identical. # Output only. Pending contact settings for the `Registration`. Updates to the `contact_settings` field that change its `registrant_contact` or `privacy` fields require email confirmation by the `registrant_contact` before taking effect. This field is set only if there are pending updates to the `contact_settings` that have not been confirmed. To confirm the changes, the `registrant_contact` must follow the instructions in the email they receive.
     "adminContact": { # Details required for a contact associated with a `Registration`. # Required. The administrative contact for the `Registration`.
       "email": "A String", # Required. Email address of the contact.
       "faxNumber": "A String", # Fax number of the contact in international format. For example, `"+1-800-555-0123"`.
@@ -1115,7 +1115,7 @@ 
Method Details

       },
     },
     "privacy": "A String", # Required. Privacy setting for the contacts associated with the `Registration`.
-    "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant will receive an email confirmation that they must complete within 15 days to avoid domain suspension.*
+    "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant receives an email confirmation that they must complete within 15 days to avoid domain suspension.*
       "email": "A String", # Required. Email address of the contact.
       "faxNumber": "A String", # Fax number of the contact in international format. For example, `"+1-800-555-0123"`.
       "phoneNumber": "A String", # Required. Phone number of the contact in international format. For example, `"+1-800-555-0123"`.
@@ -1166,7 +1166,7 @@ 
Method Details

   ],
 }
 
-  updateMask: string, Required. The field mask describing which fields to update as a comma-separated list. For example, if only the labels are being updated, the `update_mask` would be `"labels"`.
+  updateMask: string, Required. The field mask describing which fields to update as a comma-separated list. For example, if only the labels are being updated, the `update_mask` is `"labels"`.
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
@@ -1237,7 +1237,7 @@ 
Method Details

         },
       },
       "privacy": "A String", # Required. Privacy setting for the contacts associated with the `Registration`.
-      "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant will receive an email confirmation that they must complete within 15 days to avoid domain suspension.*
+      "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant receives an email confirmation that they must complete within 15 days to avoid domain suspension.*
         "email": "A String", # Required. Email address of the contact.
         "faxNumber": "A String", # Fax number of the contact in international format. For example, `"+1-800-555-0123"`.
         "phoneNumber": "A String", # Required. Phone number of the contact in international format. For example, `"+1-800-555-0123"`.
@@ -1336,7 +1336,7 @@ 
Method Details

       "transferLockState": "A String", # Controls whether the domain can be transferred to another registrar.
     },
     "name": "A String", # Output only. Name of the `Registration` resource, in the format `projects/*/locations/*/registrations/`.
-    "pendingContactSettings": { # Defines the contact information associated with a `Registration`. [ICANN](https://icann.org/) requires all domain names to have associated contact information. The `registrant_contact` is considered the domain's legal owner, and often the other contacts are identical. # Output only. Pending contact settings for the `Registration`. Updates to the `contact_settings` field that change its `registrant_contact` or `privacy` fields require email confirmation by the `registrant_contact` before taking effect. This field is set only if there are pending updates to the `contact_settings` that have not yet been confirmed. To confirm the changes, the `registrant_contact` must follow the instructions in the email they receive.
+    "pendingContactSettings": { # Defines the contact information associated with a `Registration`. [ICANN](https://icann.org/) requires all domain names to have associated contact information. The `registrant_contact` is considered the domain's legal owner, and often the other contacts are identical. # Output only. Pending contact settings for the `Registration`. Updates to the `contact_settings` field that change its `registrant_contact` or `privacy` fields require email confirmation by the `registrant_contact` before taking effect. This field is set only if there are pending updates to the `contact_settings` that have not been confirmed. To confirm the changes, the `registrant_contact` must follow the instructions in the email they receive.
       "adminContact": { # Details required for a contact associated with a `Registration`. # Required. The administrative contact for the `Registration`.
         "email": "A String", # Required. Email address of the contact.
         "faxNumber": "A String", # Fax number of the contact in international format. For example, `"+1-800-555-0123"`.
@@ -1360,7 +1360,7 @@ 
Method Details

         },
       },
       "privacy": "A String", # Required. Privacy setting for the contacts associated with the `Registration`.
-      "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant will receive an email confirmation that they must complete within 15 days to avoid domain suspension.*
+      "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant receives an email confirmation that they must complete within 15 days to avoid domain suspension.*
         "email": "A String", # Required. Email address of the contact.
         "faxNumber": "A String", # Fax number of the contact in international format. For example, `"+1-800-555-0123"`.
         "phoneNumber": "A String", # Required. Phone number of the contact in international format. For example, `"+1-800-555-0123"`.
@@ -1410,7 +1410,7 @@ 
Method Details

       "A String",
     ],
   },
-  "validateOnly": True or False, # When true, only validation will be performed, without actually registering the domain. Follows: https://cloud.google.com/apis/design/design_patterns#request_validation
+  "validateOnly": True or False, # When true, only validation is performed, without actually registering the domain. Follows: https://cloud.google.com/apis/design/design_patterns#request_validation
   "yearlyPrice": { # Represents an amount of money with its currency type. # Required. Yearly price to register or renew the domain. The value that should be put here can be obtained from RetrieveRegisterParameters or SearchDomains calls.
     "currencyCode": "A String", # The three-letter currency code defined in ISO 4217.
     "nanos": 42, # Number of nano (10^-9) units of the amount. The value must be between -999,999,999 and +999,999,999 inclusive. If `units` is positive, `nanos` must be positive or zero. If `units` is zero, `nanos` can be positive, zero, or negative. If `units` is negative, `nanos` must be negative or zero. For example $-1.75 is represented as `units`=-1 and `nanos`=-750,000,000.
@@ -1527,7 +1527,7 @@ 
Method Details

 
 

     retrieveTransferParameters(location, domainName=None, x__xgafv=None)
-  
Gets parameters needed to transfer a domain name from another registrar to Cloud Domains. For domains managed by Google Domains, transferring to Cloud Domains is not yet supported. Use the returned values to call `TransferDomain`.
+  
Gets parameters needed to transfer a domain name from another registrar to Cloud Domains. For domains managed by Google Domains, transferring to Cloud Domains is not supported. Use the returned values to call `TransferDomain`.
 
 Args:
   location: string, Required. The location. Must be in the format `projects/*/locations/*`. (required)
@@ -1713,7 +1713,7 @@ 
Method Details

 
 

     transfer(parent, body=None, x__xgafv=None)
-  
Transfers a domain name from another registrar to Cloud Domains. For domains managed by Google Domains, transferring to Cloud Domains is not yet supported. Before calling this method, go to the domain's current registrar to unlock the domain for transfer and retrieve the domain's transfer authorization code. Then call `RetrieveTransferParameters` to confirm that the domain is unlocked and to get values needed to build a call to this method. A successful call creates a `Registration` resource in state `TRANSFER_PENDING`. It can take several days to complete the transfer process. The registrant can often speed up this process by approving the transfer through the current registrar, either by clicking a link in an email from the registrar or by visiting the registrar's website. A few minutes after transfer approval, the resource transitions to state `ACTIVE`, indicating that the transfer was successful. If the transfer is rejected or the request expires without being approved, the resource can end up in state `TRANSFER_FAILED`. If transfer fails, you can safely delete the resource and retry the transfer.
+  
Transfers a domain name from another registrar to Cloud Domains. For domains managed by Google Domains, transferring to Cloud Domains is not supported. Before calling this method, go to the domain's current registrar to unlock the domain for transfer and retrieve the domain's transfer authorization code. Then call `RetrieveTransferParameters` to confirm that the domain is unlocked and to get values needed to build a call to this method. A successful call creates a `Registration` resource in state `TRANSFER_PENDING`. It can take several days to complete the transfer process. The registrant can often speed up this process by approving the transfer through the current registrar, either by clicking a link in an email from the registrar or by visiting the registrar's website. A few minutes after transfer approval, the resource transitions to state `ACTIVE`, indicating that the transfer was successful. If the transfer is rejected or the request expires without being approved, the resource can end up in state `TRANSFER_FAILED`. If transfer fails, you can safely delete the resource and retry the transfer.
 
 Args:
   parent: string, Required. The parent resource of the `Registration`. Must be in the format `projects/*/locations/*`. (required)
@@ -1727,7 +1727,7 @@ 
Method Details

   "contactNotices": [ # The list of contact notices that you acknowledge. The notices needed here depend on the values specified in `registration.contact_settings`.
     "A String",
   ],
-  "registration": { # The `Registration` resource facilitates managing and configuring domain name registrations. There are several ways to create a new `Registration` resource: To create a new `Registration` resource, find a suitable domain name by calling the `SearchDomains` method with a query to see available domain name options. After choosing a name, call `RetrieveRegisterParameters` to ensure availability and obtain information like pricing, which is needed to build a call to `RegisterDomain`. Another way to create a new `Registration` is to transfer an existing domain from another registrar. First, go to the current registrar to unlock the domain for transfer and retrieve the domain's transfer authorization code. Then call `RetrieveTransferParameters` to confirm that the domain is unlocked and to get values needed to build a call to `TransferDomain`. # Required. The complete `Registration` resource to be created. You can leave `registration.dns_settings` unset to import the domain's current DNS configuration from its current registrar. Use this option only if you are sure that the domain's current DNS service will not cease upon transfer, as is often the case for DNS services provided for free by the registrar.
+  "registration": { # The `Registration` resource facilitates managing and configuring domain name registrations. There are several ways to create a new `Registration` resource: To create a new `Registration` resource, find a suitable domain name by calling the `SearchDomains` method with a query to see available domain name options. After choosing a name, call `RetrieveRegisterParameters` to ensure availability and obtain information like pricing, which is needed to build a call to `RegisterDomain`. Another way to create a new `Registration` is to transfer an existing domain from another registrar. First, go to the current registrar to unlock the domain for transfer and retrieve the domain's transfer authorization code. Then call `RetrieveTransferParameters` to confirm that the domain is unlocked and to get values needed to build a call to `TransferDomain`. # Required. The complete `Registration` resource to be created. You can leave `registration.dns_settings` unset to import the domain's current DNS configuration from its current registrar. Use this option only if you are sure that the domain's current DNS service does not cease upon transfer, as is often the case for DNS services provided for free by the registrar.
     "contactSettings": { # Defines the contact information associated with a `Registration`. [ICANN](https://icann.org/) requires all domain names to have associated contact information. The `registrant_contact` is considered the domain's legal owner, and often the other contacts are identical. # Required. Settings for contact information linked to the `Registration`. You cannot update these with the `UpdateRegistration` method. To update these settings, use the `ConfigureContactSettings` method.
       "adminContact": { # Details required for a contact associated with a `Registration`. # Required. The administrative contact for the `Registration`.
         "email": "A String", # Required. Email address of the contact.
@@ -1752,7 +1752,7 @@ 
Method Details

         },
       },
       "privacy": "A String", # Required. Privacy setting for the contacts associated with the `Registration`.
-      "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant will receive an email confirmation that they must complete within 15 days to avoid domain suspension.*
+      "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant receives an email confirmation that they must complete within 15 days to avoid domain suspension.*
         "email": "A String", # Required. Email address of the contact.
         "faxNumber": "A String", # Fax number of the contact in international format. For example, `"+1-800-555-0123"`.
         "phoneNumber": "A String", # Required. Phone number of the contact in international format. For example, `"+1-800-555-0123"`.
@@ -1851,7 +1851,7 @@ 
Method Details

       "transferLockState": "A String", # Controls whether the domain can be transferred to another registrar.
     },
     "name": "A String", # Output only. Name of the `Registration` resource, in the format `projects/*/locations/*/registrations/`.
-    "pendingContactSettings": { # Defines the contact information associated with a `Registration`. [ICANN](https://icann.org/) requires all domain names to have associated contact information. The `registrant_contact` is considered the domain's legal owner, and often the other contacts are identical. # Output only. Pending contact settings for the `Registration`. Updates to the `contact_settings` field that change its `registrant_contact` or `privacy` fields require email confirmation by the `registrant_contact` before taking effect. This field is set only if there are pending updates to the `contact_settings` that have not yet been confirmed. To confirm the changes, the `registrant_contact` must follow the instructions in the email they receive.
+    "pendingContactSettings": { # Defines the contact information associated with a `Registration`. [ICANN](https://icann.org/) requires all domain names to have associated contact information. The `registrant_contact` is considered the domain's legal owner, and often the other contacts are identical. # Output only. Pending contact settings for the `Registration`. Updates to the `contact_settings` field that change its `registrant_contact` or `privacy` fields require email confirmation by the `registrant_contact` before taking effect. This field is set only if there are pending updates to the `contact_settings` that have not been confirmed. To confirm the changes, the `registrant_contact` must follow the instructions in the email they receive.
       "adminContact": { # Details required for a contact associated with a `Registration`. # Required. The administrative contact for the `Registration`.
         "email": "A String", # Required. Email address of the contact.
         "faxNumber": "A String", # Fax number of the contact in international format. For example, `"+1-800-555-0123"`.
@@ -1875,7 +1875,7 @@ 
Method Details

         },
       },
       "privacy": "A String", # Required. Privacy setting for the contacts associated with the `Registration`.
-      "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant will receive an email confirmation that they must complete within 15 days to avoid domain suspension.*
+      "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant receives an email confirmation that they must complete within 15 days to avoid domain suspension.*
         "email": "A String", # Required. Email address of the contact.
         "faxNumber": "A String", # Fax number of the contact in international format. For example, `"+1-800-555-0123"`.
         "phoneNumber": "A String", # Required. Phone number of the contact in international format. For example, `"+1-800-555-0123"`.
diff --git a/docs/dyn/domains_v1alpha2.projects.locations.registrations.html b/docs/dyn/domains_v1alpha2.projects.locations.registrations.html
index ed9cba95441..d80d71d21f3 100644
--- a/docs/dyn/domains_v1alpha2.projects.locations.registrations.html
+++ b/docs/dyn/domains_v1alpha2.projects.locations.registrations.html
@@ -88,10 +88,10 @@ 
Instance Methods

 
Updates a `Registration`'s management settings.

 

   delete(name, x__xgafv=None)

-
Deletes a `Registration` resource. For `Registration` resources using usage billing, this method works if: * `state` is `EXPORTED` with `expire_time` in the past * `state` is `REGISTRATION_FAILED` * `state` is `TRANSFER_FAILED` This method works on any `Registration` resource using subscription billing, provided that the resource was created at least 1 day in the past. When an active domain is successfully deleted, you can continue to use the domain in [Google Domains](https://domains.google/) until it expires. The calling user becomes the domain's sole owner in Google Domains, and permissions for the domain are subsequently managed there. The domain will not renew automatically unless the new owner sets up billing in Google Domains.

+
Deletes a `Registration` resource. This method works on any `Registration` resource using [Subscription or Commitment billing](/domains/pricing#billing-models), provided that the resource was created at least 1 day in the past. For `Registration` resources using [Monthly billing](/domains/pricing#billing-models), this method works if: * `state` is `EXPORTED` with `expire_time` in the past * `state` is `REGISTRATION_FAILED` * `state` is `TRANSFER_FAILED` When an active registration is successfully deleted, you can continue to use the domain in [Google Domains](https://domains.google/) until it expires. The calling user becomes the domain's sole owner in Google Domains, and permissions for the domain are subsequently managed there. The domain does not renew automatically unless the new owner sets up billing in Google Domains.

 

   export(name, body=None, x__xgafv=None)

-
Exports a `Registration` resource, such that it is no longer managed by Cloud Domains. When an active domain is successfully exported, you can continue to use the domain in [Google Domains](https://domains.google/) until it expires. The calling user becomes the domain's sole owner in Google Domains, and permissions for the domain are subsequently managed there. The domain will not renew automatically unless the new owner sets up billing in Google Domains.

+
Exports a `Registration` resource, such that it is no longer managed by Cloud Domains. When an active domain is successfully exported, you can continue to use the domain in [Google Domains](https://domains.google/) until it expires. The calling user becomes the domain's sole owner in Google Domains, and permissions for the domain are subsequently managed there. The domain does not renew automatically unless the new owner sets up billing in Google Domains.

 

   get(name, x__xgafv=None)

 
Gets the details of a `Registration` resource.

@@ -121,7 +121,7 @@ 
Instance Methods

 
Gets parameters needed to register a new domain name, including price and up-to-date availability. Use the returned values to call `RegisterDomain`.

 

   retrieveTransferParameters(location, domainName=None, x__xgafv=None)

-
Gets parameters needed to transfer a domain name from another registrar to Cloud Domains. For domains managed by Google Domains, transferring to Cloud Domains is not yet supported. Use the returned values to call `TransferDomain`.

+
Gets parameters needed to transfer a domain name from another registrar to Cloud Domains. For domains managed by Google Domains, transferring to Cloud Domains is not supported. Use the returned values to call `TransferDomain`.

 

   searchDomains(location, query=None, x__xgafv=None)

 
Searches for available domain names similar to the provided query. Availability results from this method are approximate; call `RetrieveRegisterParameters` on a domain before registering to confirm availability.

@@ -133,7 +133,7 @@ 
Instance Methods

 
Returns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a `NOT_FOUND` error. Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may "fail open" without warning.

 

   transfer(parent, body=None, x__xgafv=None)

-
Transfers a domain name from another registrar to Cloud Domains. For domains managed by Google Domains, transferring to Cloud Domains is not yet supported. Before calling this method, go to the domain's current registrar to unlock the domain for transfer and retrieve the domain's transfer authorization code. Then call `RetrieveTransferParameters` to confirm that the domain is unlocked and to get values needed to build a call to this method. A successful call creates a `Registration` resource in state `TRANSFER_PENDING`. It can take several days to complete the transfer process. The registrant can often speed up this process by approving the transfer through the current registrar, either by clicking a link in an email from the registrar or by visiting the registrar's website. A few minutes after transfer approval, the resource transitions to state `ACTIVE`, indicating that the transfer was successful. If the transfer is rejected or the request expires without being approved, the resource can end up in state `TRANSFER_FAILED`. If transfer fails, you can safely delete the resource and retry the transfer.

+
Transfers a domain name from another registrar to Cloud Domains. For domains managed by Google Domains, transferring to Cloud Domains is not supported. Before calling this method, go to the domain's current registrar to unlock the domain for transfer and retrieve the domain's transfer authorization code. Then call `RetrieveTransferParameters` to confirm that the domain is unlocked and to get values needed to build a call to this method. A successful call creates a `Registration` resource in state `TRANSFER_PENDING`. It can take several days to complete the transfer process. The registrant can often speed up this process by approving the transfer through the current registrar, either by clicking a link in an email from the registrar or by visiting the registrar's website. A few minutes after transfer approval, the resource transitions to state `ACTIVE`, indicating that the transfer was successful. If the transfer is rejected or the request expires without being approved, the resource can end up in state `TRANSFER_FAILED`. If transfer fails, you can safely delete the resource and retry the transfer.

 
Method Details

 

     close()
@@ -177,7 +177,7 @@ 
Method Details

       },
     },
     "privacy": "A String", # Required. Privacy setting for the contacts associated with the `Registration`.
-    "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant will receive an email confirmation that they must complete within 15 days to avoid domain suspension.*
+    "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant receives an email confirmation that they must complete within 15 days to avoid domain suspension.*
       "email": "A String", # Required. Email address of the contact.
       "faxNumber": "A String", # Fax number of the contact in international format. For example, `"+1-800-555-0123"`.
       "phoneNumber": "A String", # Required. Phone number of the contact in international format. For example, `"+1-800-555-0123"`.
@@ -222,7 +222,7 @@ 
Method Details

       },
     },
   },
-  "updateMask": "A String", # Required. The field mask describing which fields to update as a comma-separated list. For example, if only the registrant contact is being updated, the `update_mask` would be `"registrant_contact"`.
+  "updateMask": "A String", # Required. The field mask describing which fields to update as a comma-separated list. For example, if only the registrant contact is being updated, the `update_mask` is `"registrant_contact"`.
   "validateOnly": True or False, # Validate the request without actually updating the contact settings.
 }
 
@@ -305,7 +305,7 @@ 
Method Details

       ],
     },
   },
-  "updateMask": "A String", # Required. The field mask describing which fields to update as a comma-separated list. For example, if only the name servers are being updated for an existing Custom DNS configuration, the `update_mask` would be `"custom_dns.name_servers"`. When changing the DNS provider from one type to another, pass the new provider's field name as part of the field mask. For example, when changing from a Google Domains DNS configuration to a Custom DNS configuration, the `update_mask` would be `"custom_dns"`. //
+  "updateMask": "A String", # Required. The field mask describing which fields to update as a comma-separated list. For example, if only the name servers are being updated for an existing Custom DNS configuration, the `update_mask` is `"custom_dns.name_servers"`. When changing the DNS provider from one type to another, pass the new provider's field name as part of the field mask. For example, when changing from a Google Domains DNS configuration to a Custom DNS configuration, the `update_mask` is `"custom_dns"`. //
   "validateOnly": True or False, # Validate the request without actually updating the DNS settings.
 }
 
@@ -352,7 +352,7 @@ 
Method Details

     "renewalMethod": "A String", # Output only. The renewal method for this `Registration`.
     "transferLockState": "A String", # Controls whether the domain can be transferred to another registrar.
   },
-  "updateMask": "A String", # Required. The field mask describing which fields to update as a comma-separated list. For example, if only the transfer lock is being updated, the `update_mask` would be `"transfer_lock_state"`.
+  "updateMask": "A String", # Required. The field mask describing which fields to update as a comma-separated list. For example, if only the transfer lock is being updated, the `update_mask` is `"transfer_lock_state"`.
 }
 
   x__xgafv: string, V1 error format.
@@ -386,7 +386,7 @@ 
Method Details

 
 

     delete(name, x__xgafv=None)
-  
Deletes a `Registration` resource. For `Registration` resources using usage billing, this method works if: * `state` is `EXPORTED` with `expire_time` in the past * `state` is `REGISTRATION_FAILED` * `state` is `TRANSFER_FAILED` This method works on any `Registration` resource using subscription billing, provided that the resource was created at least 1 day in the past. When an active domain is successfully deleted, you can continue to use the domain in [Google Domains](https://domains.google/) until it expires. The calling user becomes the domain's sole owner in Google Domains, and permissions for the domain are subsequently managed there. The domain will not renew automatically unless the new owner sets up billing in Google Domains.
+  
Deletes a `Registration` resource. This method works on any `Registration` resource using [Subscription or Commitment billing](/domains/pricing#billing-models), provided that the resource was created at least 1 day in the past. For `Registration` resources using [Monthly billing](/domains/pricing#billing-models), this method works if: * `state` is `EXPORTED` with `expire_time` in the past * `state` is `REGISTRATION_FAILED` * `state` is `TRANSFER_FAILED` When an active registration is successfully deleted, you can continue to use the domain in [Google Domains](https://domains.google/) until it expires. The calling user becomes the domain's sole owner in Google Domains, and permissions for the domain are subsequently managed there. The domain does not renew automatically unless the new owner sets up billing in Google Domains.
 
 Args:
   name: string, Required. The name of the `Registration` to delete, in the format `projects/*/locations/*/registrations/*`. (required)
@@ -421,7 +421,7 @@ 
Method Details

 
 

     export(name, body=None, x__xgafv=None)
-  
Exports a `Registration` resource, such that it is no longer managed by Cloud Domains. When an active domain is successfully exported, you can continue to use the domain in [Google Domains](https://domains.google/) until it expires. The calling user becomes the domain's sole owner in Google Domains, and permissions for the domain are subsequently managed there. The domain will not renew automatically unless the new owner sets up billing in Google Domains.
+  
Exports a `Registration` resource, such that it is no longer managed by Cloud Domains. When an active domain is successfully exported, you can continue to use the domain in [Google Domains](https://domains.google/) until it expires. The calling user becomes the domain's sole owner in Google Domains, and permissions for the domain are subsequently managed there. The domain does not renew automatically unless the new owner sets up billing in Google Domains.
 
 Args:
   name: string, Required. The name of the `Registration` to export, in the format `projects/*/locations/*/registrations/*`. (required)
@@ -499,7 +499,7 @@ 
Method Details

       },
     },
     "privacy": "A String", # Required. Privacy setting for the contacts associated with the `Registration`.
-    "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant will receive an email confirmation that they must complete within 15 days to avoid domain suspension.*
+    "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant receives an email confirmation that they must complete within 15 days to avoid domain suspension.*
       "email": "A String", # Required. Email address of the contact.
       "faxNumber": "A String", # Fax number of the contact in international format. For example, `"+1-800-555-0123"`.
       "phoneNumber": "A String", # Required. Phone number of the contact in international format. For example, `"+1-800-555-0123"`.
@@ -598,7 +598,7 @@ 
Method Details

     "transferLockState": "A String", # Controls whether the domain can be transferred to another registrar.
   },
   "name": "A String", # Output only. Name of the `Registration` resource, in the format `projects/*/locations/*/registrations/`.
-  "pendingContactSettings": { # Defines the contact information associated with a `Registration`. [ICANN](https://icann.org/) requires all domain names to have associated contact information. The `registrant_contact` is considered the domain's legal owner, and often the other contacts are identical. # Output only. Pending contact settings for the `Registration`. Updates to the `contact_settings` field that change its `registrant_contact` or `privacy` fields require email confirmation by the `registrant_contact` before taking effect. This field is set only if there are pending updates to the `contact_settings` that have not yet been confirmed. To confirm the changes, the `registrant_contact` must follow the instructions in the email they receive.
+  "pendingContactSettings": { # Defines the contact information associated with a `Registration`. [ICANN](https://icann.org/) requires all domain names to have associated contact information. The `registrant_contact` is considered the domain's legal owner, and often the other contacts are identical. # Output only. Pending contact settings for the `Registration`. Updates to the `contact_settings` field that change its `registrant_contact` or `privacy` fields require email confirmation by the `registrant_contact` before taking effect. This field is set only if there are pending updates to the `contact_settings` that have not been confirmed. To confirm the changes, the `registrant_contact` must follow the instructions in the email they receive.
     "adminContact": { # Details required for a contact associated with a `Registration`. # Required. The administrative contact for the `Registration`.
       "email": "A String", # Required. Email address of the contact.
       "faxNumber": "A String", # Fax number of the contact in international format. For example, `"+1-800-555-0123"`.
@@ -622,7 +622,7 @@ 
Method Details

       },
     },
     "privacy": "A String", # Required. Privacy setting for the contacts associated with the `Registration`.
-    "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant will receive an email confirmation that they must complete within 15 days to avoid domain suspension.*
+    "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant receives an email confirmation that they must complete within 15 days to avoid domain suspension.*
       "email": "A String", # Required. Email address of the contact.
       "faxNumber": "A String", # Fax number of the contact in international format. For example, `"+1-800-555-0123"`.
       "phoneNumber": "A String", # Required. Phone number of the contact in international format. For example, `"+1-800-555-0123"`.
@@ -680,7 +680,7 @@ 
Method Details

 
 Args:
   resource: string, REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. (required)
-  options_requestedPolicyVersion: integer, Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  options_requestedPolicyVersion: integer, Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
@@ -767,7 +767,7 @@ 
Method Details

           },
         },
         "privacy": "A String", # Required. Privacy setting for the contacts associated with the `Registration`.
-        "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant will receive an email confirmation that they must complete within 15 days to avoid domain suspension.*
+        "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant receives an email confirmation that they must complete within 15 days to avoid domain suspension.*
           "email": "A String", # Required. Email address of the contact.
           "faxNumber": "A String", # Fax number of the contact in international format. For example, `"+1-800-555-0123"`.
           "phoneNumber": "A String", # Required. Phone number of the contact in international format. For example, `"+1-800-555-0123"`.
@@ -866,7 +866,7 @@ 
Method Details

         "transferLockState": "A String", # Controls whether the domain can be transferred to another registrar.
       },
       "name": "A String", # Output only. Name of the `Registration` resource, in the format `projects/*/locations/*/registrations/`.
-      "pendingContactSettings": { # Defines the contact information associated with a `Registration`. [ICANN](https://icann.org/) requires all domain names to have associated contact information. The `registrant_contact` is considered the domain's legal owner, and often the other contacts are identical. # Output only. Pending contact settings for the `Registration`. Updates to the `contact_settings` field that change its `registrant_contact` or `privacy` fields require email confirmation by the `registrant_contact` before taking effect. This field is set only if there are pending updates to the `contact_settings` that have not yet been confirmed. To confirm the changes, the `registrant_contact` must follow the instructions in the email they receive.
+      "pendingContactSettings": { # Defines the contact information associated with a `Registration`. [ICANN](https://icann.org/) requires all domain names to have associated contact information. The `registrant_contact` is considered the domain's legal owner, and often the other contacts are identical. # Output only. Pending contact settings for the `Registration`. Updates to the `contact_settings` field that change its `registrant_contact` or `privacy` fields require email confirmation by the `registrant_contact` before taking effect. This field is set only if there are pending updates to the `contact_settings` that have not been confirmed. To confirm the changes, the `registrant_contact` must follow the instructions in the email they receive.
         "adminContact": { # Details required for a contact associated with a `Registration`. # Required. The administrative contact for the `Registration`.
           "email": "A String", # Required. Email address of the contact.
           "faxNumber": "A String", # Fax number of the contact in international format. For example, `"+1-800-555-0123"`.
@@ -890,7 +890,7 @@ 
Method Details

           },
         },
         "privacy": "A String", # Required. Privacy setting for the contacts associated with the `Registration`.
-        "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant will receive an email confirmation that they must complete within 15 days to avoid domain suspension.*
+        "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant receives an email confirmation that they must complete within 15 days to avoid domain suspension.*
           "email": "A String", # Required. Email address of the contact.
           "faxNumber": "A String", # Fax number of the contact in international format. For example, `"+1-800-555-0123"`.
           "phoneNumber": "A String", # Required. Phone number of the contact in international format. For example, `"+1-800-555-0123"`.
@@ -992,7 +992,7 @@ 
Method Details

       },
     },
     "privacy": "A String", # Required. Privacy setting for the contacts associated with the `Registration`.
-    "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant will receive an email confirmation that they must complete within 15 days to avoid domain suspension.*
+    "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant receives an email confirmation that they must complete within 15 days to avoid domain suspension.*
       "email": "A String", # Required. Email address of the contact.
       "faxNumber": "A String", # Fax number of the contact in international format. For example, `"+1-800-555-0123"`.
       "phoneNumber": "A String", # Required. Phone number of the contact in international format. For example, `"+1-800-555-0123"`.
@@ -1091,7 +1091,7 @@ 
Method Details

     "transferLockState": "A String", # Controls whether the domain can be transferred to another registrar.
   },
   "name": "A String", # Output only. Name of the `Registration` resource, in the format `projects/*/locations/*/registrations/`.
-  "pendingContactSettings": { # Defines the contact information associated with a `Registration`. [ICANN](https://icann.org/) requires all domain names to have associated contact information. The `registrant_contact` is considered the domain's legal owner, and often the other contacts are identical. # Output only. Pending contact settings for the `Registration`. Updates to the `contact_settings` field that change its `registrant_contact` or `privacy` fields require email confirmation by the `registrant_contact` before taking effect. This field is set only if there are pending updates to the `contact_settings` that have not yet been confirmed. To confirm the changes, the `registrant_contact` must follow the instructions in the email they receive.
+  "pendingContactSettings": { # Defines the contact information associated with a `Registration`. [ICANN](https://icann.org/) requires all domain names to have associated contact information. The `registrant_contact` is considered the domain's legal owner, and often the other contacts are identical. # Output only. Pending contact settings for the `Registration`. Updates to the `contact_settings` field that change its `registrant_contact` or `privacy` fields require email confirmation by the `registrant_contact` before taking effect. This field is set only if there are pending updates to the `contact_settings` that have not been confirmed. To confirm the changes, the `registrant_contact` must follow the instructions in the email they receive.
     "adminContact": { # Details required for a contact associated with a `Registration`. # Required. The administrative contact for the `Registration`.
       "email": "A String", # Required. Email address of the contact.
       "faxNumber": "A String", # Fax number of the contact in international format. For example, `"+1-800-555-0123"`.
@@ -1115,7 +1115,7 @@ 
Method Details

       },
     },
     "privacy": "A String", # Required. Privacy setting for the contacts associated with the `Registration`.
-    "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant will receive an email confirmation that they must complete within 15 days to avoid domain suspension.*
+    "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant receives an email confirmation that they must complete within 15 days to avoid domain suspension.*
       "email": "A String", # Required. Email address of the contact.
       "faxNumber": "A String", # Fax number of the contact in international format. For example, `"+1-800-555-0123"`.
       "phoneNumber": "A String", # Required. Phone number of the contact in international format. For example, `"+1-800-555-0123"`.
@@ -1166,7 +1166,7 @@ 
Method Details

   ],
 }
 
-  updateMask: string, Required. The field mask describing which fields to update as a comma-separated list. For example, if only the labels are being updated, the `update_mask` would be `"labels"`.
+  updateMask: string, Required. The field mask describing which fields to update as a comma-separated list. For example, if only the labels are being updated, the `update_mask` is `"labels"`.
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
@@ -1237,7 +1237,7 @@ 
Method Details

         },
       },
       "privacy": "A String", # Required. Privacy setting for the contacts associated with the `Registration`.
-      "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant will receive an email confirmation that they must complete within 15 days to avoid domain suspension.*
+      "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant receives an email confirmation that they must complete within 15 days to avoid domain suspension.*
         "email": "A String", # Required. Email address of the contact.
         "faxNumber": "A String", # Fax number of the contact in international format. For example, `"+1-800-555-0123"`.
         "phoneNumber": "A String", # Required. Phone number of the contact in international format. For example, `"+1-800-555-0123"`.
@@ -1336,7 +1336,7 @@ 
Method Details

       "transferLockState": "A String", # Controls whether the domain can be transferred to another registrar.
     },
     "name": "A String", # Output only. Name of the `Registration` resource, in the format `projects/*/locations/*/registrations/`.
-    "pendingContactSettings": { # Defines the contact information associated with a `Registration`. [ICANN](https://icann.org/) requires all domain names to have associated contact information. The `registrant_contact` is considered the domain's legal owner, and often the other contacts are identical. # Output only. Pending contact settings for the `Registration`. Updates to the `contact_settings` field that change its `registrant_contact` or `privacy` fields require email confirmation by the `registrant_contact` before taking effect. This field is set only if there are pending updates to the `contact_settings` that have not yet been confirmed. To confirm the changes, the `registrant_contact` must follow the instructions in the email they receive.
+    "pendingContactSettings": { # Defines the contact information associated with a `Registration`. [ICANN](https://icann.org/) requires all domain names to have associated contact information. The `registrant_contact` is considered the domain's legal owner, and often the other contacts are identical. # Output only. Pending contact settings for the `Registration`. Updates to the `contact_settings` field that change its `registrant_contact` or `privacy` fields require email confirmation by the `registrant_contact` before taking effect. This field is set only if there are pending updates to the `contact_settings` that have not been confirmed. To confirm the changes, the `registrant_contact` must follow the instructions in the email they receive.
       "adminContact": { # Details required for a contact associated with a `Registration`. # Required. The administrative contact for the `Registration`.
         "email": "A String", # Required. Email address of the contact.
         "faxNumber": "A String", # Fax number of the contact in international format. For example, `"+1-800-555-0123"`.
@@ -1360,7 +1360,7 @@ 
Method Details

         },
       },
       "privacy": "A String", # Required. Privacy setting for the contacts associated with the `Registration`.
-      "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant will receive an email confirmation that they must complete within 15 days to avoid domain suspension.*
+      "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant receives an email confirmation that they must complete within 15 days to avoid domain suspension.*
         "email": "A String", # Required. Email address of the contact.
         "faxNumber": "A String", # Fax number of the contact in international format. For example, `"+1-800-555-0123"`.
         "phoneNumber": "A String", # Required. Phone number of the contact in international format. For example, `"+1-800-555-0123"`.
@@ -1410,7 +1410,7 @@ 
Method Details

       "A String",
     ],
   },
-  "validateOnly": True or False, # When true, only validation will be performed, without actually registering the domain. Follows: https://cloud.google.com/apis/design/design_patterns#request_validation
+  "validateOnly": True or False, # When true, only validation is performed, without actually registering the domain. Follows: https://cloud.google.com/apis/design/design_patterns#request_validation
   "yearlyPrice": { # Represents an amount of money with its currency type. # Required. Yearly price to register or renew the domain. The value that should be put here can be obtained from RetrieveRegisterParameters or SearchDomains calls.
     "currencyCode": "A String", # The three-letter currency code defined in ISO 4217.
     "nanos": 42, # Number of nano (10^-9) units of the amount. The value must be between -999,999,999 and +999,999,999 inclusive. If `units` is positive, `nanos` must be positive or zero. If `units` is zero, `nanos` can be positive, zero, or negative. If `units` is negative, `nanos` must be negative or zero. For example $-1.75 is represented as `units`=-1 and `nanos`=-750,000,000.
@@ -1527,7 +1527,7 @@ 
Method Details

 
 

     retrieveTransferParameters(location, domainName=None, x__xgafv=None)
-  
Gets parameters needed to transfer a domain name from another registrar to Cloud Domains. For domains managed by Google Domains, transferring to Cloud Domains is not yet supported. Use the returned values to call `TransferDomain`.
+  
Gets parameters needed to transfer a domain name from another registrar to Cloud Domains. For domains managed by Google Domains, transferring to Cloud Domains is not supported. Use the returned values to call `TransferDomain`.
 
 Args:
   location: string, Required. The location. Must be in the format `projects/*/locations/*`. (required)
@@ -1713,7 +1713,7 @@ 
Method Details

 
 

     transfer(parent, body=None, x__xgafv=None)
-  
Transfers a domain name from another registrar to Cloud Domains. For domains managed by Google Domains, transferring to Cloud Domains is not yet supported. Before calling this method, go to the domain's current registrar to unlock the domain for transfer and retrieve the domain's transfer authorization code. Then call `RetrieveTransferParameters` to confirm that the domain is unlocked and to get values needed to build a call to this method. A successful call creates a `Registration` resource in state `TRANSFER_PENDING`. It can take several days to complete the transfer process. The registrant can often speed up this process by approving the transfer through the current registrar, either by clicking a link in an email from the registrar or by visiting the registrar's website. A few minutes after transfer approval, the resource transitions to state `ACTIVE`, indicating that the transfer was successful. If the transfer is rejected or the request expires without being approved, the resource can end up in state `TRANSFER_FAILED`. If transfer fails, you can safely delete the resource and retry the transfer.
+  
Transfers a domain name from another registrar to Cloud Domains. For domains managed by Google Domains, transferring to Cloud Domains is not supported. Before calling this method, go to the domain's current registrar to unlock the domain for transfer and retrieve the domain's transfer authorization code. Then call `RetrieveTransferParameters` to confirm that the domain is unlocked and to get values needed to build a call to this method. A successful call creates a `Registration` resource in state `TRANSFER_PENDING`. It can take several days to complete the transfer process. The registrant can often speed up this process by approving the transfer through the current registrar, either by clicking a link in an email from the registrar or by visiting the registrar's website. A few minutes after transfer approval, the resource transitions to state `ACTIVE`, indicating that the transfer was successful. If the transfer is rejected or the request expires without being approved, the resource can end up in state `TRANSFER_FAILED`. If transfer fails, you can safely delete the resource and retry the transfer.
 
 Args:
   parent: string, Required. The parent resource of the `Registration`. Must be in the format `projects/*/locations/*`. (required)
@@ -1727,7 +1727,7 @@ 
Method Details

   "contactNotices": [ # The list of contact notices that you acknowledge. The notices needed here depend on the values specified in `registration.contact_settings`.
     "A String",
   ],
-  "registration": { # The `Registration` resource facilitates managing and configuring domain name registrations. There are several ways to create a new `Registration` resource: To create a new `Registration` resource, find a suitable domain name by calling the `SearchDomains` method with a query to see available domain name options. After choosing a name, call `RetrieveRegisterParameters` to ensure availability and obtain information like pricing, which is needed to build a call to `RegisterDomain`. Another way to create a new `Registration` is to transfer an existing domain from another registrar. First, go to the current registrar to unlock the domain for transfer and retrieve the domain's transfer authorization code. Then call `RetrieveTransferParameters` to confirm that the domain is unlocked and to get values needed to build a call to `TransferDomain`. # Required. The complete `Registration` resource to be created. You can leave `registration.dns_settings` unset to import the domain's current DNS configuration from its current registrar. Use this option only if you are sure that the domain's current DNS service will not cease upon transfer, as is often the case for DNS services provided for free by the registrar.
+  "registration": { # The `Registration` resource facilitates managing and configuring domain name registrations. There are several ways to create a new `Registration` resource: To create a new `Registration` resource, find a suitable domain name by calling the `SearchDomains` method with a query to see available domain name options. After choosing a name, call `RetrieveRegisterParameters` to ensure availability and obtain information like pricing, which is needed to build a call to `RegisterDomain`. Another way to create a new `Registration` is to transfer an existing domain from another registrar. First, go to the current registrar to unlock the domain for transfer and retrieve the domain's transfer authorization code. Then call `RetrieveTransferParameters` to confirm that the domain is unlocked and to get values needed to build a call to `TransferDomain`. # Required. The complete `Registration` resource to be created. You can leave `registration.dns_settings` unset to import the domain's current DNS configuration from its current registrar. Use this option only if you are sure that the domain's current DNS service does not cease upon transfer, as is often the case for DNS services provided for free by the registrar.
     "contactSettings": { # Defines the contact information associated with a `Registration`. [ICANN](https://icann.org/) requires all domain names to have associated contact information. The `registrant_contact` is considered the domain's legal owner, and often the other contacts are identical. # Required. Settings for contact information linked to the `Registration`. You cannot update these with the `UpdateRegistration` method. To update these settings, use the `ConfigureContactSettings` method.
       "adminContact": { # Details required for a contact associated with a `Registration`. # Required. The administrative contact for the `Registration`.
         "email": "A String", # Required. Email address of the contact.
@@ -1752,7 +1752,7 @@ 
Method Details

         },
       },
       "privacy": "A String", # Required. Privacy setting for the contacts associated with the `Registration`.
-      "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant will receive an email confirmation that they must complete within 15 days to avoid domain suspension.*
+      "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant receives an email confirmation that they must complete within 15 days to avoid domain suspension.*
         "email": "A String", # Required. Email address of the contact.
         "faxNumber": "A String", # Fax number of the contact in international format. For example, `"+1-800-555-0123"`.
         "phoneNumber": "A String", # Required. Phone number of the contact in international format. For example, `"+1-800-555-0123"`.
@@ -1851,7 +1851,7 @@ 
Method Details

       "transferLockState": "A String", # Controls whether the domain can be transferred to another registrar.
     },
     "name": "A String", # Output only. Name of the `Registration` resource, in the format `projects/*/locations/*/registrations/`.
-    "pendingContactSettings": { # Defines the contact information associated with a `Registration`. [ICANN](https://icann.org/) requires all domain names to have associated contact information. The `registrant_contact` is considered the domain's legal owner, and often the other contacts are identical. # Output only. Pending contact settings for the `Registration`. Updates to the `contact_settings` field that change its `registrant_contact` or `privacy` fields require email confirmation by the `registrant_contact` before taking effect. This field is set only if there are pending updates to the `contact_settings` that have not yet been confirmed. To confirm the changes, the `registrant_contact` must follow the instructions in the email they receive.
+    "pendingContactSettings": { # Defines the contact information associated with a `Registration`. [ICANN](https://icann.org/) requires all domain names to have associated contact information. The `registrant_contact` is considered the domain's legal owner, and often the other contacts are identical. # Output only. Pending contact settings for the `Registration`. Updates to the `contact_settings` field that change its `registrant_contact` or `privacy` fields require email confirmation by the `registrant_contact` before taking effect. This field is set only if there are pending updates to the `contact_settings` that have not been confirmed. To confirm the changes, the `registrant_contact` must follow the instructions in the email they receive.
       "adminContact": { # Details required for a contact associated with a `Registration`. # Required. The administrative contact for the `Registration`.
         "email": "A String", # Required. Email address of the contact.
         "faxNumber": "A String", # Fax number of the contact in international format. For example, `"+1-800-555-0123"`.
@@ -1875,7 +1875,7 @@ 
Method Details

         },
       },
       "privacy": "A String", # Required. Privacy setting for the contacts associated with the `Registration`.
-      "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant will receive an email confirmation that they must complete within 15 days to avoid domain suspension.*
+      "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant receives an email confirmation that they must complete within 15 days to avoid domain suspension.*
         "email": "A String", # Required. Email address of the contact.
         "faxNumber": "A String", # Fax number of the contact in international format. For example, `"+1-800-555-0123"`.
         "phoneNumber": "A String", # Required. Phone number of the contact in international format. For example, `"+1-800-555-0123"`.
diff --git a/docs/dyn/domains_v1beta1.projects.locations.registrations.html b/docs/dyn/domains_v1beta1.projects.locations.registrations.html
index f4b456c1ed7..18306fac943 100644
--- a/docs/dyn/domains_v1beta1.projects.locations.registrations.html
+++ b/docs/dyn/domains_v1beta1.projects.locations.registrations.html
@@ -88,10 +88,10 @@ 
Instance Methods

 
Updates a `Registration`'s management settings.

 

   delete(name, x__xgafv=None)

-
Deletes a `Registration` resource. For `Registration` resources using usage billing, this method works if: * `state` is `EXPORTED` with `expire_time` in the past * `state` is `REGISTRATION_FAILED` * `state` is `TRANSFER_FAILED` This method works on any `Registration` resource using subscription billing, provided that the resource was created at least 1 day in the past. When an active domain is successfully deleted, you can continue to use the domain in [Google Domains](https://domains.google/) until it expires. The calling user becomes the domain's sole owner in Google Domains, and permissions for the domain are subsequently managed there. The domain will not renew automatically unless the new owner sets up billing in Google Domains.

+
Deletes a `Registration` resource. This method works on any `Registration` resource using [Subscription or Commitment billing](/domains/pricing#billing-models), provided that the resource was created at least 1 day in the past. For `Registration` resources using [Monthly billing](/domains/pricing#billing-models), this method works if: * `state` is `EXPORTED` with `expire_time` in the past * `state` is `REGISTRATION_FAILED` * `state` is `TRANSFER_FAILED` When an active registration is successfully deleted, you can continue to use the domain in [Google Domains](https://domains.google/) until it expires. The calling user becomes the domain's sole owner in Google Domains, and permissions for the domain are subsequently managed there. The domain does not renew automatically unless the new owner sets up billing in Google Domains.

 

   export(name, body=None, x__xgafv=None)

-
Exports a `Registration` resource, such that it is no longer managed by Cloud Domains. When an active domain is successfully exported, you can continue to use the domain in [Google Domains](https://domains.google/) until it expires. The calling user becomes the domain's sole owner in Google Domains, and permissions for the domain are subsequently managed there. The domain will not renew automatically unless the new owner sets up billing in Google Domains.

+
Exports a `Registration` resource, such that it is no longer managed by Cloud Domains. When an active domain is successfully exported, you can continue to use the domain in [Google Domains](https://domains.google/) until it expires. The calling user becomes the domain's sole owner in Google Domains, and permissions for the domain are subsequently managed there. The domain does not renew automatically unless the new owner sets up billing in Google Domains.

 

   get(name, x__xgafv=None)

 
Gets the details of a `Registration` resource.

@@ -121,7 +121,7 @@ 
Instance Methods

 
Gets parameters needed to register a new domain name, including price and up-to-date availability. Use the returned values to call `RegisterDomain`.

 

   retrieveTransferParameters(location, domainName=None, x__xgafv=None)

-
Gets parameters needed to transfer a domain name from another registrar to Cloud Domains. For domains managed by Google Domains, transferring to Cloud Domains is not yet supported. Use the returned values to call `TransferDomain`.

+
Gets parameters needed to transfer a domain name from another registrar to Cloud Domains. For domains managed by Google Domains, transferring to Cloud Domains is not supported. Use the returned values to call `TransferDomain`.

 

   searchDomains(location, query=None, x__xgafv=None)

 
Searches for available domain names similar to the provided query. Availability results from this method are approximate; call `RetrieveRegisterParameters` on a domain before registering to confirm availability.

@@ -133,7 +133,7 @@ 
Instance Methods

 
Returns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a `NOT_FOUND` error. Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may "fail open" without warning.

 

   transfer(parent, body=None, x__xgafv=None)

-
Transfers a domain name from another registrar to Cloud Domains. For domains managed by Google Domains, transferring to Cloud Domains is not yet supported. Before calling this method, go to the domain's current registrar to unlock the domain for transfer and retrieve the domain's transfer authorization code. Then call `RetrieveTransferParameters` to confirm that the domain is unlocked and to get values needed to build a call to this method. A successful call creates a `Registration` resource in state `TRANSFER_PENDING`. It can take several days to complete the transfer process. The registrant can often speed up this process by approving the transfer through the current registrar, either by clicking a link in an email from the registrar or by visiting the registrar's website. A few minutes after transfer approval, the resource transitions to state `ACTIVE`, indicating that the transfer was successful. If the transfer is rejected or the request expires without being approved, the resource can end up in state `TRANSFER_FAILED`. If transfer fails, you can safely delete the resource and retry the transfer.

+
Transfers a domain name from another registrar to Cloud Domains. For domains managed by Google Domains, transferring to Cloud Domains is not supported. Before calling this method, go to the domain's current registrar to unlock the domain for transfer and retrieve the domain's transfer authorization code. Then call `RetrieveTransferParameters` to confirm that the domain is unlocked and to get values needed to build a call to this method. A successful call creates a `Registration` resource in state `TRANSFER_PENDING`. It can take several days to complete the transfer process. The registrant can often speed up this process by approving the transfer through the current registrar, either by clicking a link in an email from the registrar or by visiting the registrar's website. A few minutes after transfer approval, the resource transitions to state `ACTIVE`, indicating that the transfer was successful. If the transfer is rejected or the request expires without being approved, the resource can end up in state `TRANSFER_FAILED`. If transfer fails, you can safely delete the resource and retry the transfer.

 
Method Details

 

     close()
@@ -177,7 +177,7 @@ 
Method Details

       },
     },
     "privacy": "A String", # Required. Privacy setting for the contacts associated with the `Registration`.
-    "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant will receive an email confirmation that they must complete within 15 days to avoid domain suspension.*
+    "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant receives an email confirmation that they must complete within 15 days to avoid domain suspension.*
       "email": "A String", # Required. Email address of the contact.
       "faxNumber": "A String", # Fax number of the contact in international format. For example, `"+1-800-555-0123"`.
       "phoneNumber": "A String", # Required. Phone number of the contact in international format. For example, `"+1-800-555-0123"`.
@@ -222,7 +222,7 @@ 
Method Details

       },
     },
   },
-  "updateMask": "A String", # Required. The field mask describing which fields to update as a comma-separated list. For example, if only the registrant contact is being updated, the `update_mask` would be `"registrant_contact"`.
+  "updateMask": "A String", # Required. The field mask describing which fields to update as a comma-separated list. For example, if only the registrant contact is being updated, the `update_mask` is `"registrant_contact"`.
   "validateOnly": True or False, # Validate the request without actually updating the contact settings.
 }
 
@@ -305,7 +305,7 @@ 
Method Details

       ],
     },
   },
-  "updateMask": "A String", # Required. The field mask describing which fields to update as a comma-separated list. For example, if only the name servers are being updated for an existing Custom DNS configuration, the `update_mask` would be `"custom_dns.name_servers"`. When changing the DNS provider from one type to another, pass the new provider's field name as part of the field mask. For example, when changing from a Google Domains DNS configuration to a Custom DNS configuration, the `update_mask` would be `"custom_dns"`. //
+  "updateMask": "A String", # Required. The field mask describing which fields to update as a comma-separated list. For example, if only the name servers are being updated for an existing Custom DNS configuration, the `update_mask` is `"custom_dns.name_servers"`. When changing the DNS provider from one type to another, pass the new provider's field name as part of the field mask. For example, when changing from a Google Domains DNS configuration to a Custom DNS configuration, the `update_mask` is `"custom_dns"`. //
   "validateOnly": True or False, # Validate the request without actually updating the DNS settings.
 }
 
@@ -352,7 +352,7 @@ 
Method Details

     "renewalMethod": "A String", # Output only. The renewal method for this `Registration`.
     "transferLockState": "A String", # Controls whether the domain can be transferred to another registrar.
   },
-  "updateMask": "A String", # Required. The field mask describing which fields to update as a comma-separated list. For example, if only the transfer lock is being updated, the `update_mask` would be `"transfer_lock_state"`.
+  "updateMask": "A String", # Required. The field mask describing which fields to update as a comma-separated list. For example, if only the transfer lock is being updated, the `update_mask` is `"transfer_lock_state"`.
 }
 
   x__xgafv: string, V1 error format.
@@ -386,7 +386,7 @@ 
Method Details

 
 

     delete(name, x__xgafv=None)
-  
Deletes a `Registration` resource. For `Registration` resources using usage billing, this method works if: * `state` is `EXPORTED` with `expire_time` in the past * `state` is `REGISTRATION_FAILED` * `state` is `TRANSFER_FAILED` This method works on any `Registration` resource using subscription billing, provided that the resource was created at least 1 day in the past. When an active domain is successfully deleted, you can continue to use the domain in [Google Domains](https://domains.google/) until it expires. The calling user becomes the domain's sole owner in Google Domains, and permissions for the domain are subsequently managed there. The domain will not renew automatically unless the new owner sets up billing in Google Domains.
+  
Deletes a `Registration` resource. This method works on any `Registration` resource using [Subscription or Commitment billing](/domains/pricing#billing-models), provided that the resource was created at least 1 day in the past. For `Registration` resources using [Monthly billing](/domains/pricing#billing-models), this method works if: * `state` is `EXPORTED` with `expire_time` in the past * `state` is `REGISTRATION_FAILED` * `state` is `TRANSFER_FAILED` When an active registration is successfully deleted, you can continue to use the domain in [Google Domains](https://domains.google/) until it expires. The calling user becomes the domain's sole owner in Google Domains, and permissions for the domain are subsequently managed there. The domain does not renew automatically unless the new owner sets up billing in Google Domains.
 
 Args:
   name: string, Required. The name of the `Registration` to delete, in the format `projects/*/locations/*/registrations/*`. (required)
@@ -421,7 +421,7 @@ 
Method Details

 
 

     export(name, body=None, x__xgafv=None)
-  
Exports a `Registration` resource, such that it is no longer managed by Cloud Domains. When an active domain is successfully exported, you can continue to use the domain in [Google Domains](https://domains.google/) until it expires. The calling user becomes the domain's sole owner in Google Domains, and permissions for the domain are subsequently managed there. The domain will not renew automatically unless the new owner sets up billing in Google Domains.
+  
Exports a `Registration` resource, such that it is no longer managed by Cloud Domains. When an active domain is successfully exported, you can continue to use the domain in [Google Domains](https://domains.google/) until it expires. The calling user becomes the domain's sole owner in Google Domains, and permissions for the domain are subsequently managed there. The domain does not renew automatically unless the new owner sets up billing in Google Domains.
 
 Args:
   name: string, Required. The name of the `Registration` to export, in the format `projects/*/locations/*/registrations/*`. (required)
@@ -499,7 +499,7 @@ 
Method Details

       },
     },
     "privacy": "A String", # Required. Privacy setting for the contacts associated with the `Registration`.
-    "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant will receive an email confirmation that they must complete within 15 days to avoid domain suspension.*
+    "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant receives an email confirmation that they must complete within 15 days to avoid domain suspension.*
       "email": "A String", # Required. Email address of the contact.
       "faxNumber": "A String", # Fax number of the contact in international format. For example, `"+1-800-555-0123"`.
       "phoneNumber": "A String", # Required. Phone number of the contact in international format. For example, `"+1-800-555-0123"`.
@@ -598,7 +598,7 @@ 
Method Details

     "transferLockState": "A String", # Controls whether the domain can be transferred to another registrar.
   },
   "name": "A String", # Output only. Name of the `Registration` resource, in the format `projects/*/locations/*/registrations/`.
-  "pendingContactSettings": { # Defines the contact information associated with a `Registration`. [ICANN](https://icann.org/) requires all domain names to have associated contact information. The `registrant_contact` is considered the domain's legal owner, and often the other contacts are identical. # Output only. Pending contact settings for the `Registration`. Updates to the `contact_settings` field that change its `registrant_contact` or `privacy` fields require email confirmation by the `registrant_contact` before taking effect. This field is set only if there are pending updates to the `contact_settings` that have not yet been confirmed. To confirm the changes, the `registrant_contact` must follow the instructions in the email they receive.
+  "pendingContactSettings": { # Defines the contact information associated with a `Registration`. [ICANN](https://icann.org/) requires all domain names to have associated contact information. The `registrant_contact` is considered the domain's legal owner, and often the other contacts are identical. # Output only. Pending contact settings for the `Registration`. Updates to the `contact_settings` field that change its `registrant_contact` or `privacy` fields require email confirmation by the `registrant_contact` before taking effect. This field is set only if there are pending updates to the `contact_settings` that have not been confirmed. To confirm the changes, the `registrant_contact` must follow the instructions in the email they receive.
     "adminContact": { # Details required for a contact associated with a `Registration`. # Required. The administrative contact for the `Registration`.
       "email": "A String", # Required. Email address of the contact.
       "faxNumber": "A String", # Fax number of the contact in international format. For example, `"+1-800-555-0123"`.
@@ -622,7 +622,7 @@ 
Method Details

       },
     },
     "privacy": "A String", # Required. Privacy setting for the contacts associated with the `Registration`.
-    "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant will receive an email confirmation that they must complete within 15 days to avoid domain suspension.*
+    "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant receives an email confirmation that they must complete within 15 days to avoid domain suspension.*
       "email": "A String", # Required. Email address of the contact.
       "faxNumber": "A String", # Fax number of the contact in international format. For example, `"+1-800-555-0123"`.
       "phoneNumber": "A String", # Required. Phone number of the contact in international format. For example, `"+1-800-555-0123"`.
@@ -680,7 +680,7 @@ 
Method Details

 
 Args:
   resource: string, REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. (required)
-  options_requestedPolicyVersion: integer, Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  options_requestedPolicyVersion: integer, Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
@@ -767,7 +767,7 @@ 
Method Details

           },
         },
         "privacy": "A String", # Required. Privacy setting for the contacts associated with the `Registration`.
-        "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant will receive an email confirmation that they must complete within 15 days to avoid domain suspension.*
+        "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant receives an email confirmation that they must complete within 15 days to avoid domain suspension.*
           "email": "A String", # Required. Email address of the contact.
           "faxNumber": "A String", # Fax number of the contact in international format. For example, `"+1-800-555-0123"`.
           "phoneNumber": "A String", # Required. Phone number of the contact in international format. For example, `"+1-800-555-0123"`.
@@ -866,7 +866,7 @@ 
Method Details

         "transferLockState": "A String", # Controls whether the domain can be transferred to another registrar.
       },
       "name": "A String", # Output only. Name of the `Registration` resource, in the format `projects/*/locations/*/registrations/`.
-      "pendingContactSettings": { # Defines the contact information associated with a `Registration`. [ICANN](https://icann.org/) requires all domain names to have associated contact information. The `registrant_contact` is considered the domain's legal owner, and often the other contacts are identical. # Output only. Pending contact settings for the `Registration`. Updates to the `contact_settings` field that change its `registrant_contact` or `privacy` fields require email confirmation by the `registrant_contact` before taking effect. This field is set only if there are pending updates to the `contact_settings` that have not yet been confirmed. To confirm the changes, the `registrant_contact` must follow the instructions in the email they receive.
+      "pendingContactSettings": { # Defines the contact information associated with a `Registration`. [ICANN](https://icann.org/) requires all domain names to have associated contact information. The `registrant_contact` is considered the domain's legal owner, and often the other contacts are identical. # Output only. Pending contact settings for the `Registration`. Updates to the `contact_settings` field that change its `registrant_contact` or `privacy` fields require email confirmation by the `registrant_contact` before taking effect. This field is set only if there are pending updates to the `contact_settings` that have not been confirmed. To confirm the changes, the `registrant_contact` must follow the instructions in the email they receive.
         "adminContact": { # Details required for a contact associated with a `Registration`. # Required. The administrative contact for the `Registration`.
           "email": "A String", # Required. Email address of the contact.
           "faxNumber": "A String", # Fax number of the contact in international format. For example, `"+1-800-555-0123"`.
@@ -890,7 +890,7 @@ 
Method Details

           },
         },
         "privacy": "A String", # Required. Privacy setting for the contacts associated with the `Registration`.
-        "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant will receive an email confirmation that they must complete within 15 days to avoid domain suspension.*
+        "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant receives an email confirmation that they must complete within 15 days to avoid domain suspension.*
           "email": "A String", # Required. Email address of the contact.
           "faxNumber": "A String", # Fax number of the contact in international format. For example, `"+1-800-555-0123"`.
           "phoneNumber": "A String", # Required. Phone number of the contact in international format. For example, `"+1-800-555-0123"`.
@@ -992,7 +992,7 @@ 
Method Details

       },
     },
     "privacy": "A String", # Required. Privacy setting for the contacts associated with the `Registration`.
-    "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant will receive an email confirmation that they must complete within 15 days to avoid domain suspension.*
+    "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant receives an email confirmation that they must complete within 15 days to avoid domain suspension.*
       "email": "A String", # Required. Email address of the contact.
       "faxNumber": "A String", # Fax number of the contact in international format. For example, `"+1-800-555-0123"`.
       "phoneNumber": "A String", # Required. Phone number of the contact in international format. For example, `"+1-800-555-0123"`.
@@ -1091,7 +1091,7 @@ 
Method Details

     "transferLockState": "A String", # Controls whether the domain can be transferred to another registrar.
   },
   "name": "A String", # Output only. Name of the `Registration` resource, in the format `projects/*/locations/*/registrations/`.
-  "pendingContactSettings": { # Defines the contact information associated with a `Registration`. [ICANN](https://icann.org/) requires all domain names to have associated contact information. The `registrant_contact` is considered the domain's legal owner, and often the other contacts are identical. # Output only. Pending contact settings for the `Registration`. Updates to the `contact_settings` field that change its `registrant_contact` or `privacy` fields require email confirmation by the `registrant_contact` before taking effect. This field is set only if there are pending updates to the `contact_settings` that have not yet been confirmed. To confirm the changes, the `registrant_contact` must follow the instructions in the email they receive.
+  "pendingContactSettings": { # Defines the contact information associated with a `Registration`. [ICANN](https://icann.org/) requires all domain names to have associated contact information. The `registrant_contact` is considered the domain's legal owner, and often the other contacts are identical. # Output only. Pending contact settings for the `Registration`. Updates to the `contact_settings` field that change its `registrant_contact` or `privacy` fields require email confirmation by the `registrant_contact` before taking effect. This field is set only if there are pending updates to the `contact_settings` that have not been confirmed. To confirm the changes, the `registrant_contact` must follow the instructions in the email they receive.
     "adminContact": { # Details required for a contact associated with a `Registration`. # Required. The administrative contact for the `Registration`.
       "email": "A String", # Required. Email address of the contact.
       "faxNumber": "A String", # Fax number of the contact in international format. For example, `"+1-800-555-0123"`.
@@ -1115,7 +1115,7 @@ 
Method Details

       },
     },
     "privacy": "A String", # Required. Privacy setting for the contacts associated with the `Registration`.
-    "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant will receive an email confirmation that they must complete within 15 days to avoid domain suspension.*
+    "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant receives an email confirmation that they must complete within 15 days to avoid domain suspension.*
       "email": "A String", # Required. Email address of the contact.
       "faxNumber": "A String", # Fax number of the contact in international format. For example, `"+1-800-555-0123"`.
       "phoneNumber": "A String", # Required. Phone number of the contact in international format. For example, `"+1-800-555-0123"`.
@@ -1166,7 +1166,7 @@ 
Method Details

   ],
 }
 
-  updateMask: string, Required. The field mask describing which fields to update as a comma-separated list. For example, if only the labels are being updated, the `update_mask` would be `"labels"`.
+  updateMask: string, Required. The field mask describing which fields to update as a comma-separated list. For example, if only the labels are being updated, the `update_mask` is `"labels"`.
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
@@ -1237,7 +1237,7 @@ 
Method Details

         },
       },
       "privacy": "A String", # Required. Privacy setting for the contacts associated with the `Registration`.
-      "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant will receive an email confirmation that they must complete within 15 days to avoid domain suspension.*
+      "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant receives an email confirmation that they must complete within 15 days to avoid domain suspension.*
         "email": "A String", # Required. Email address of the contact.
         "faxNumber": "A String", # Fax number of the contact in international format. For example, `"+1-800-555-0123"`.
         "phoneNumber": "A String", # Required. Phone number of the contact in international format. For example, `"+1-800-555-0123"`.
@@ -1336,7 +1336,7 @@ 
Method Details

       "transferLockState": "A String", # Controls whether the domain can be transferred to another registrar.
     },
     "name": "A String", # Output only. Name of the `Registration` resource, in the format `projects/*/locations/*/registrations/`.
-    "pendingContactSettings": { # Defines the contact information associated with a `Registration`. [ICANN](https://icann.org/) requires all domain names to have associated contact information. The `registrant_contact` is considered the domain's legal owner, and often the other contacts are identical. # Output only. Pending contact settings for the `Registration`. Updates to the `contact_settings` field that change its `registrant_contact` or `privacy` fields require email confirmation by the `registrant_contact` before taking effect. This field is set only if there are pending updates to the `contact_settings` that have not yet been confirmed. To confirm the changes, the `registrant_contact` must follow the instructions in the email they receive.
+    "pendingContactSettings": { # Defines the contact information associated with a `Registration`. [ICANN](https://icann.org/) requires all domain names to have associated contact information. The `registrant_contact` is considered the domain's legal owner, and often the other contacts are identical. # Output only. Pending contact settings for the `Registration`. Updates to the `contact_settings` field that change its `registrant_contact` or `privacy` fields require email confirmation by the `registrant_contact` before taking effect. This field is set only if there are pending updates to the `contact_settings` that have not been confirmed. To confirm the changes, the `registrant_contact` must follow the instructions in the email they receive.
       "adminContact": { # Details required for a contact associated with a `Registration`. # Required. The administrative contact for the `Registration`.
         "email": "A String", # Required. Email address of the contact.
         "faxNumber": "A String", # Fax number of the contact in international format. For example, `"+1-800-555-0123"`.
@@ -1360,7 +1360,7 @@ 
Method Details

         },
       },
       "privacy": "A String", # Required. Privacy setting for the contacts associated with the `Registration`.
-      "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant will receive an email confirmation that they must complete within 15 days to avoid domain suspension.*
+      "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant receives an email confirmation that they must complete within 15 days to avoid domain suspension.*
         "email": "A String", # Required. Email address of the contact.
         "faxNumber": "A String", # Fax number of the contact in international format. For example, `"+1-800-555-0123"`.
         "phoneNumber": "A String", # Required. Phone number of the contact in international format. For example, `"+1-800-555-0123"`.
@@ -1410,7 +1410,7 @@ 
Method Details

       "A String",
     ],
   },
-  "validateOnly": True or False, # When true, only validation will be performed, without actually registering the domain. Follows: https://cloud.google.com/apis/design/design_patterns#request_validation
+  "validateOnly": True or False, # When true, only validation is performed, without actually registering the domain. Follows: https://cloud.google.com/apis/design/design_patterns#request_validation
   "yearlyPrice": { # Represents an amount of money with its currency type. # Required. Yearly price to register or renew the domain. The value that should be put here can be obtained from RetrieveRegisterParameters or SearchDomains calls.
     "currencyCode": "A String", # The three-letter currency code defined in ISO 4217.
     "nanos": 42, # Number of nano (10^-9) units of the amount. The value must be between -999,999,999 and +999,999,999 inclusive. If `units` is positive, `nanos` must be positive or zero. If `units` is zero, `nanos` can be positive, zero, or negative. If `units` is negative, `nanos` must be negative or zero. For example $-1.75 is represented as `units`=-1 and `nanos`=-750,000,000.
@@ -1527,7 +1527,7 @@ 
Method Details

 
 

     retrieveTransferParameters(location, domainName=None, x__xgafv=None)
-  
Gets parameters needed to transfer a domain name from another registrar to Cloud Domains. For domains managed by Google Domains, transferring to Cloud Domains is not yet supported. Use the returned values to call `TransferDomain`.
+  
Gets parameters needed to transfer a domain name from another registrar to Cloud Domains. For domains managed by Google Domains, transferring to Cloud Domains is not supported. Use the returned values to call `TransferDomain`.
 
 Args:
   location: string, Required. The location. Must be in the format `projects/*/locations/*`. (required)
@@ -1713,7 +1713,7 @@ 
Method Details

 
 

     transfer(parent, body=None, x__xgafv=None)
-  
Transfers a domain name from another registrar to Cloud Domains. For domains managed by Google Domains, transferring to Cloud Domains is not yet supported. Before calling this method, go to the domain's current registrar to unlock the domain for transfer and retrieve the domain's transfer authorization code. Then call `RetrieveTransferParameters` to confirm that the domain is unlocked and to get values needed to build a call to this method. A successful call creates a `Registration` resource in state `TRANSFER_PENDING`. It can take several days to complete the transfer process. The registrant can often speed up this process by approving the transfer through the current registrar, either by clicking a link in an email from the registrar or by visiting the registrar's website. A few minutes after transfer approval, the resource transitions to state `ACTIVE`, indicating that the transfer was successful. If the transfer is rejected or the request expires without being approved, the resource can end up in state `TRANSFER_FAILED`. If transfer fails, you can safely delete the resource and retry the transfer.
+  
Transfers a domain name from another registrar to Cloud Domains. For domains managed by Google Domains, transferring to Cloud Domains is not supported. Before calling this method, go to the domain's current registrar to unlock the domain for transfer and retrieve the domain's transfer authorization code. Then call `RetrieveTransferParameters` to confirm that the domain is unlocked and to get values needed to build a call to this method. A successful call creates a `Registration` resource in state `TRANSFER_PENDING`. It can take several days to complete the transfer process. The registrant can often speed up this process by approving the transfer through the current registrar, either by clicking a link in an email from the registrar or by visiting the registrar's website. A few minutes after transfer approval, the resource transitions to state `ACTIVE`, indicating that the transfer was successful. If the transfer is rejected or the request expires without being approved, the resource can end up in state `TRANSFER_FAILED`. If transfer fails, you can safely delete the resource and retry the transfer.
 
 Args:
   parent: string, Required. The parent resource of the `Registration`. Must be in the format `projects/*/locations/*`. (required)
@@ -1727,7 +1727,7 @@ 
Method Details

   "contactNotices": [ # The list of contact notices that you acknowledge. The notices needed here depend on the values specified in `registration.contact_settings`.
     "A String",
   ],
-  "registration": { # The `Registration` resource facilitates managing and configuring domain name registrations. There are several ways to create a new `Registration` resource: To create a new `Registration` resource, find a suitable domain name by calling the `SearchDomains` method with a query to see available domain name options. After choosing a name, call `RetrieveRegisterParameters` to ensure availability and obtain information like pricing, which is needed to build a call to `RegisterDomain`. Another way to create a new `Registration` is to transfer an existing domain from another registrar. First, go to the current registrar to unlock the domain for transfer and retrieve the domain's transfer authorization code. Then call `RetrieveTransferParameters` to confirm that the domain is unlocked and to get values needed to build a call to `TransferDomain`. # Required. The complete `Registration` resource to be created. You can leave `registration.dns_settings` unset to import the domain's current DNS configuration from its current registrar. Use this option only if you are sure that the domain's current DNS service will not cease upon transfer, as is often the case for DNS services provided for free by the registrar.
+  "registration": { # The `Registration` resource facilitates managing and configuring domain name registrations. There are several ways to create a new `Registration` resource: To create a new `Registration` resource, find a suitable domain name by calling the `SearchDomains` method with a query to see available domain name options. After choosing a name, call `RetrieveRegisterParameters` to ensure availability and obtain information like pricing, which is needed to build a call to `RegisterDomain`. Another way to create a new `Registration` is to transfer an existing domain from another registrar. First, go to the current registrar to unlock the domain for transfer and retrieve the domain's transfer authorization code. Then call `RetrieveTransferParameters` to confirm that the domain is unlocked and to get values needed to build a call to `TransferDomain`. # Required. The complete `Registration` resource to be created. You can leave `registration.dns_settings` unset to import the domain's current DNS configuration from its current registrar. Use this option only if you are sure that the domain's current DNS service does not cease upon transfer, as is often the case for DNS services provided for free by the registrar.
     "contactSettings": { # Defines the contact information associated with a `Registration`. [ICANN](https://icann.org/) requires all domain names to have associated contact information. The `registrant_contact` is considered the domain's legal owner, and often the other contacts are identical. # Required. Settings for contact information linked to the `Registration`. You cannot update these with the `UpdateRegistration` method. To update these settings, use the `ConfigureContactSettings` method.
       "adminContact": { # Details required for a contact associated with a `Registration`. # Required. The administrative contact for the `Registration`.
         "email": "A String", # Required. Email address of the contact.
@@ -1752,7 +1752,7 @@ 
Method Details

         },
       },
       "privacy": "A String", # Required. Privacy setting for the contacts associated with the `Registration`.
-      "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant will receive an email confirmation that they must complete within 15 days to avoid domain suspension.*
+      "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant receives an email confirmation that they must complete within 15 days to avoid domain suspension.*
         "email": "A String", # Required. Email address of the contact.
         "faxNumber": "A String", # Fax number of the contact in international format. For example, `"+1-800-555-0123"`.
         "phoneNumber": "A String", # Required. Phone number of the contact in international format. For example, `"+1-800-555-0123"`.
@@ -1851,7 +1851,7 @@ 
Method Details

       "transferLockState": "A String", # Controls whether the domain can be transferred to another registrar.
     },
     "name": "A String", # Output only. Name of the `Registration` resource, in the format `projects/*/locations/*/registrations/`.
-    "pendingContactSettings": { # Defines the contact information associated with a `Registration`. [ICANN](https://icann.org/) requires all domain names to have associated contact information. The `registrant_contact` is considered the domain's legal owner, and often the other contacts are identical. # Output only. Pending contact settings for the `Registration`. Updates to the `contact_settings` field that change its `registrant_contact` or `privacy` fields require email confirmation by the `registrant_contact` before taking effect. This field is set only if there are pending updates to the `contact_settings` that have not yet been confirmed. To confirm the changes, the `registrant_contact` must follow the instructions in the email they receive.
+    "pendingContactSettings": { # Defines the contact information associated with a `Registration`. [ICANN](https://icann.org/) requires all domain names to have associated contact information. The `registrant_contact` is considered the domain's legal owner, and often the other contacts are identical. # Output only. Pending contact settings for the `Registration`. Updates to the `contact_settings` field that change its `registrant_contact` or `privacy` fields require email confirmation by the `registrant_contact` before taking effect. This field is set only if there are pending updates to the `contact_settings` that have not been confirmed. To confirm the changes, the `registrant_contact` must follow the instructions in the email they receive.
       "adminContact": { # Details required for a contact associated with a `Registration`. # Required. The administrative contact for the `Registration`.
         "email": "A String", # Required. Email address of the contact.
         "faxNumber": "A String", # Fax number of the contact in international format. For example, `"+1-800-555-0123"`.
@@ -1875,7 +1875,7 @@ 
Method Details

         },
       },
       "privacy": "A String", # Required. Privacy setting for the contacts associated with the `Registration`.
-      "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant will receive an email confirmation that they must complete within 15 days to avoid domain suspension.*
+      "registrantContact": { # Details required for a contact associated with a `Registration`. # Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant receives an email confirmation that they must complete within 15 days to avoid domain suspension.*
         "email": "A String", # Required. Email address of the contact.
         "faxNumber": "A String", # Fax number of the contact in international format. For example, `"+1-800-555-0123"`.
         "phoneNumber": "A String", # Required. Phone number of the contact in international format. For example, `"+1-800-555-0123"`.
diff --git a/docs/dyn/drive_v2.changes.html b/docs/dyn/drive_v2.changes.html
index ac8e160a3c5..d9c1f11253d 100644
--- a/docs/dyn/drive_v2.changes.html
+++ b/docs/dyn/drive_v2.changes.html
@@ -164,6 +164,7 @@ 
Method Details

     "canComment": True or False, # Deprecated: use capabilities/canComment.
     "canReadRevisions": True or False, # Deprecated: use capabilities/canReadRevisions.
     "capabilities": { # Capabilities the current user has on this file. Each capability corresponds to a fine-grained action that a user may take.
+      "canAcceptOwnership": True or False, # Whether the current user is the pending owner of the file. Not populated for shared drive files.
       "canAddChildren": True or False, # Whether the current user can add children to this folder. This is always false when the item is not a folder.
       "canAddFolderFromAnotherDrive": True or False, # Whether the current user can add a folder from another drive (different shared drive or My Drive) to this folder. This is false when the item is not a folder. Only populated for items in shared drives.
       "canAddMyDriveParent": True or False, # Whether the current user can add a parent for the item without removing an existing parent in the same request. Not populated for shared drive files.
@@ -354,6 +355,7 @@ 
Method Details

         "id": "A String", # The ID of the user this permission refers to, and identical to the permissionId in the About and Files resources. When making a drive.permissions.insert request, exactly one of the id or value fields must be specified unless the permission type is anyone, in which case both id and value are ignored.
         "kind": "drive#permission", # This is always drive#permission.
         "name": "A String", # The name for this permission.
+        "pendingOwner": True or False, # Whether the account associated with this permission is a pending owner. Only populated for user type permissions for files that are not in a shared drive.
         "permissionDetails": [ # Details of whether the permissions on this shared drive item are inherited or directly on this item. This is an output-only field which is present only for shared drive items.
           {
             "additionalRoles": [ # Additional roles for this user. Only commenter is currently possible, though more may be supported in the future.
@@ -476,6 +478,7 @@ 
Method Details

       "id": "A String", # The ID of the user this permission refers to, and identical to the permissionId in the About and Files resources. When making a drive.permissions.insert request, exactly one of the id or value fields must be specified unless the permission type is anyone, in which case both id and value are ignored.
       "kind": "drive#permission", # This is always drive#permission.
       "name": "A String", # The name for this permission.
+      "pendingOwner": True or False, # Whether the account associated with this permission is a pending owner. Only populated for user type permissions for files that are not in a shared drive.
       "permissionDetails": [ # Details of whether the permissions on this shared drive item are inherited or directly on this item. This is an output-only field which is present only for shared drive items.
         {
           "additionalRoles": [ # Additional roles for this user. Only commenter is currently possible, though more may be supported in the future.
@@ -680,6 +683,7 @@ 
Method Details

         "canComment": True or False, # Deprecated: use capabilities/canComment.
         "canReadRevisions": True or False, # Deprecated: use capabilities/canReadRevisions.
         "capabilities": { # Capabilities the current user has on this file. Each capability corresponds to a fine-grained action that a user may take.
+          "canAcceptOwnership": True or False, # Whether the current user is the pending owner of the file. Not populated for shared drive files.
           "canAddChildren": True or False, # Whether the current user can add children to this folder. This is always false when the item is not a folder.
           "canAddFolderFromAnotherDrive": True or False, # Whether the current user can add a folder from another drive (different shared drive or My Drive) to this folder. This is false when the item is not a folder. Only populated for items in shared drives.
           "canAddMyDriveParent": True or False, # Whether the current user can add a parent for the item without removing an existing parent in the same request. Not populated for shared drive files.
@@ -870,6 +874,7 @@ 
Method Details

             "id": "A String", # The ID of the user this permission refers to, and identical to the permissionId in the About and Files resources. When making a drive.permissions.insert request, exactly one of the id or value fields must be specified unless the permission type is anyone, in which case both id and value are ignored.
             "kind": "drive#permission", # This is always drive#permission.
             "name": "A String", # The name for this permission.
+            "pendingOwner": True or False, # Whether the account associated with this permission is a pending owner. Only populated for user type permissions for files that are not in a shared drive.
             "permissionDetails": [ # Details of whether the permissions on this shared drive item are inherited or directly on this item. This is an output-only field which is present only for shared drive items.
               {
                 "additionalRoles": [ # Additional roles for this user. Only commenter is currently possible, though more may be supported in the future.
@@ -992,6 +997,7 @@ 
Method Details

           "id": "A String", # The ID of the user this permission refers to, and identical to the permissionId in the About and Files resources. When making a drive.permissions.insert request, exactly one of the id or value fields must be specified unless the permission type is anyone, in which case both id and value are ignored.
           "kind": "drive#permission", # This is always drive#permission.
           "name": "A String", # The name for this permission.
+          "pendingOwner": True or False, # Whether the account associated with this permission is a pending owner. Only populated for user type permissions for files that are not in a shared drive.
           "permissionDetails": [ # Details of whether the permissions on this shared drive item are inherited or directly on this item. This is an output-only field which is present only for shared drive items.
             {
               "additionalRoles": [ # Additional roles for this user. Only commenter is currently possible, though more may be supported in the future.
diff --git a/docs/dyn/drive_v2.files.html b/docs/dyn/drive_v2.files.html
index 144e51de080..9746623607b 100644
--- a/docs/dyn/drive_v2.files.html
+++ b/docs/dyn/drive_v2.files.html
@@ -152,6 +152,7 @@ 
Method Details

   "canComment": True or False, # Deprecated: use capabilities/canComment.
   "canReadRevisions": True or False, # Deprecated: use capabilities/canReadRevisions.
   "capabilities": { # Capabilities the current user has on this file. Each capability corresponds to a fine-grained action that a user may take.
+    "canAcceptOwnership": True or False, # Whether the current user is the pending owner of the file. Not populated for shared drive files.
     "canAddChildren": True or False, # Whether the current user can add children to this folder. This is always false when the item is not a folder.
     "canAddFolderFromAnotherDrive": True or False, # Whether the current user can add a folder from another drive (different shared drive or My Drive) to this folder. This is false when the item is not a folder. Only populated for items in shared drives.
     "canAddMyDriveParent": True or False, # Whether the current user can add a parent for the item without removing an existing parent in the same request. Not populated for shared drive files.
@@ -342,6 +343,7 @@ 
Method Details

       "id": "A String", # The ID of the user this permission refers to, and identical to the permissionId in the About and Files resources. When making a drive.permissions.insert request, exactly one of the id or value fields must be specified unless the permission type is anyone, in which case both id and value are ignored.
       "kind": "drive#permission", # This is always drive#permission.
       "name": "A String", # The name for this permission.
+      "pendingOwner": True or False, # Whether the account associated with this permission is a pending owner. Only populated for user type permissions for files that are not in a shared drive.
       "permissionDetails": [ # Details of whether the permissions on this shared drive item are inherited or directly on this item. This is an output-only field which is present only for shared drive items.
         {
           "additionalRoles": [ # Additional roles for this user. Only commenter is currently possible, though more may be supported in the future.
@@ -464,6 +466,7 @@ 
Method Details

     "id": "A String", # The ID of the user this permission refers to, and identical to the permissionId in the About and Files resources. When making a drive.permissions.insert request, exactly one of the id or value fields must be specified unless the permission type is anyone, in which case both id and value are ignored.
     "kind": "drive#permission", # This is always drive#permission.
     "name": "A String", # The name for this permission.
+    "pendingOwner": True or False, # Whether the account associated with this permission is a pending owner. Only populated for user type permissions for files that are not in a shared drive.
     "permissionDetails": [ # Details of whether the permissions on this shared drive item are inherited or directly on this item. This is an output-only field which is present only for shared drive items.
       {
         "additionalRoles": [ # Additional roles for this user. Only commenter is currently possible, though more may be supported in the future.
@@ -544,6 +547,7 @@ 
Method Details

   "canComment": True or False, # Deprecated: use capabilities/canComment.
   "canReadRevisions": True or False, # Deprecated: use capabilities/canReadRevisions.
   "capabilities": { # Capabilities the current user has on this file. Each capability corresponds to a fine-grained action that a user may take.
+    "canAcceptOwnership": True or False, # Whether the current user is the pending owner of the file. Not populated for shared drive files.
     "canAddChildren": True or False, # Whether the current user can add children to this folder. This is always false when the item is not a folder.
     "canAddFolderFromAnotherDrive": True or False, # Whether the current user can add a folder from another drive (different shared drive or My Drive) to this folder. This is false when the item is not a folder. Only populated for items in shared drives.
     "canAddMyDriveParent": True or False, # Whether the current user can add a parent for the item without removing an existing parent in the same request. Not populated for shared drive files.
@@ -734,6 +738,7 @@ 
Method Details

       "id": "A String", # The ID of the user this permission refers to, and identical to the permissionId in the About and Files resources. When making a drive.permissions.insert request, exactly one of the id or value fields must be specified unless the permission type is anyone, in which case both id and value are ignored.
       "kind": "drive#permission", # This is always drive#permission.
       "name": "A String", # The name for this permission.
+      "pendingOwner": True or False, # Whether the account associated with this permission is a pending owner. Only populated for user type permissions for files that are not in a shared drive.
       "permissionDetails": [ # Details of whether the permissions on this shared drive item are inherited or directly on this item. This is an output-only field which is present only for shared drive items.
         {
           "additionalRoles": [ # Additional roles for this user. Only commenter is currently possible, though more may be supported in the future.
@@ -856,6 +861,7 @@ 
Method Details

     "id": "A String", # The ID of the user this permission refers to, and identical to the permissionId in the About and Files resources. When making a drive.permissions.insert request, exactly one of the id or value fields must be specified unless the permission type is anyone, in which case both id and value are ignored.
     "kind": "drive#permission", # This is always drive#permission.
     "name": "A String", # The name for this permission.
+    "pendingOwner": True or False, # Whether the account associated with this permission is a pending owner. Only populated for user type permissions for files that are not in a shared drive.
     "permissionDetails": [ # Details of whether the permissions on this shared drive item are inherited or directly on this item. This is an output-only field which is present only for shared drive items.
       {
         "additionalRoles": [ # Additional roles for this user. Only commenter is currently possible, though more may be supported in the future.
@@ -1001,6 +1007,7 @@ 
Method Details

   "canComment": True or False, # Deprecated: use capabilities/canComment.
   "canReadRevisions": True or False, # Deprecated: use capabilities/canReadRevisions.
   "capabilities": { # Capabilities the current user has on this file. Each capability corresponds to a fine-grained action that a user may take.
+    "canAcceptOwnership": True or False, # Whether the current user is the pending owner of the file. Not populated for shared drive files.
     "canAddChildren": True or False, # Whether the current user can add children to this folder. This is always false when the item is not a folder.
     "canAddFolderFromAnotherDrive": True or False, # Whether the current user can add a folder from another drive (different shared drive or My Drive) to this folder. This is false when the item is not a folder. Only populated for items in shared drives.
     "canAddMyDriveParent": True or False, # Whether the current user can add a parent for the item without removing an existing parent in the same request. Not populated for shared drive files.
@@ -1191,6 +1198,7 @@ 
Method Details

       "id": "A String", # The ID of the user this permission refers to, and identical to the permissionId in the About and Files resources. When making a drive.permissions.insert request, exactly one of the id or value fields must be specified unless the permission type is anyone, in which case both id and value are ignored.
       "kind": "drive#permission", # This is always drive#permission.
       "name": "A String", # The name for this permission.
+      "pendingOwner": True or False, # Whether the account associated with this permission is a pending owner. Only populated for user type permissions for files that are not in a shared drive.
       "permissionDetails": [ # Details of whether the permissions on this shared drive item are inherited or directly on this item. This is an output-only field which is present only for shared drive items.
         {
           "additionalRoles": [ # Additional roles for this user. Only commenter is currently possible, though more may be supported in the future.
@@ -1313,6 +1321,7 @@ 
Method Details

     "id": "A String", # The ID of the user this permission refers to, and identical to the permissionId in the About and Files resources. When making a drive.permissions.insert request, exactly one of the id or value fields must be specified unless the permission type is anyone, in which case both id and value are ignored.
     "kind": "drive#permission", # This is always drive#permission.
     "name": "A String", # The name for this permission.
+    "pendingOwner": True or False, # Whether the account associated with this permission is a pending owner. Only populated for user type permissions for files that are not in a shared drive.
     "permissionDetails": [ # Details of whether the permissions on this shared drive item are inherited or directly on this item. This is an output-only field which is present only for shared drive items.
       {
         "additionalRoles": [ # Additional roles for this user. Only commenter is currently possible, though more may be supported in the future.
@@ -1407,6 +1416,7 @@ 
Method Details

   "canComment": True or False, # Deprecated: use capabilities/canComment.
   "canReadRevisions": True or False, # Deprecated: use capabilities/canReadRevisions.
   "capabilities": { # Capabilities the current user has on this file. Each capability corresponds to a fine-grained action that a user may take.
+    "canAcceptOwnership": True or False, # Whether the current user is the pending owner of the file. Not populated for shared drive files.
     "canAddChildren": True or False, # Whether the current user can add children to this folder. This is always false when the item is not a folder.
     "canAddFolderFromAnotherDrive": True or False, # Whether the current user can add a folder from another drive (different shared drive or My Drive) to this folder. This is false when the item is not a folder. Only populated for items in shared drives.
     "canAddMyDriveParent": True or False, # Whether the current user can add a parent for the item without removing an existing parent in the same request. Not populated for shared drive files.
@@ -1597,6 +1607,7 @@ 
Method Details

       "id": "A String", # The ID of the user this permission refers to, and identical to the permissionId in the About and Files resources. When making a drive.permissions.insert request, exactly one of the id or value fields must be specified unless the permission type is anyone, in which case both id and value are ignored.
       "kind": "drive#permission", # This is always drive#permission.
       "name": "A String", # The name for this permission.
+      "pendingOwner": True or False, # Whether the account associated with this permission is a pending owner. Only populated for user type permissions for files that are not in a shared drive.
       "permissionDetails": [ # Details of whether the permissions on this shared drive item are inherited or directly on this item. This is an output-only field which is present only for shared drive items.
         {
           "additionalRoles": [ # Additional roles for this user. Only commenter is currently possible, though more may be supported in the future.
@@ -1719,6 +1730,7 @@ 
Method Details

     "id": "A String", # The ID of the user this permission refers to, and identical to the permissionId in the About and Files resources. When making a drive.permissions.insert request, exactly one of the id or value fields must be specified unless the permission type is anyone, in which case both id and value are ignored.
     "kind": "drive#permission", # This is always drive#permission.
     "name": "A String", # The name for this permission.
+    "pendingOwner": True or False, # Whether the account associated with this permission is a pending owner. Only populated for user type permissions for files that are not in a shared drive.
     "permissionDetails": [ # Details of whether the permissions on this shared drive item are inherited or directly on this item. This is an output-only field which is present only for shared drive items.
       {
         "additionalRoles": [ # Additional roles for this user. Only commenter is currently possible, though more may be supported in the future.
@@ -1802,6 +1814,7 @@ 
Method Details

   "canComment": True or False, # Deprecated: use capabilities/canComment.
   "canReadRevisions": True or False, # Deprecated: use capabilities/canReadRevisions.
   "capabilities": { # Capabilities the current user has on this file. Each capability corresponds to a fine-grained action that a user may take.
+    "canAcceptOwnership": True or False, # Whether the current user is the pending owner of the file. Not populated for shared drive files.
     "canAddChildren": True or False, # Whether the current user can add children to this folder. This is always false when the item is not a folder.
     "canAddFolderFromAnotherDrive": True or False, # Whether the current user can add a folder from another drive (different shared drive or My Drive) to this folder. This is false when the item is not a folder. Only populated for items in shared drives.
     "canAddMyDriveParent": True or False, # Whether the current user can add a parent for the item without removing an existing parent in the same request. Not populated for shared drive files.
@@ -1992,6 +2005,7 @@ 
Method Details

       "id": "A String", # The ID of the user this permission refers to, and identical to the permissionId in the About and Files resources. When making a drive.permissions.insert request, exactly one of the id or value fields must be specified unless the permission type is anyone, in which case both id and value are ignored.
       "kind": "drive#permission", # This is always drive#permission.
       "name": "A String", # The name for this permission.
+      "pendingOwner": True or False, # Whether the account associated with this permission is a pending owner. Only populated for user type permissions for files that are not in a shared drive.
       "permissionDetails": [ # Details of whether the permissions on this shared drive item are inherited or directly on this item. This is an output-only field which is present only for shared drive items.
         {
           "additionalRoles": [ # Additional roles for this user. Only commenter is currently possible, though more may be supported in the future.
@@ -2114,6 +2128,7 @@ 
Method Details

     "id": "A String", # The ID of the user this permission refers to, and identical to the permissionId in the About and Files resources. When making a drive.permissions.insert request, exactly one of the id or value fields must be specified unless the permission type is anyone, in which case both id and value are ignored.
     "kind": "drive#permission", # This is always drive#permission.
     "name": "A String", # The name for this permission.
+    "pendingOwner": True or False, # Whether the account associated with this permission is a pending owner. Only populated for user type permissions for files that are not in a shared drive.
     "permissionDetails": [ # Details of whether the permissions on this shared drive item are inherited or directly on this item. This is an output-only field which is present only for shared drive items.
       {
         "additionalRoles": [ # Additional roles for this user. Only commenter is currently possible, though more may be supported in the future.
@@ -2211,6 +2226,7 @@ 
Method Details

       "canComment": True or False, # Deprecated: use capabilities/canComment.
       "canReadRevisions": True or False, # Deprecated: use capabilities/canReadRevisions.
       "capabilities": { # Capabilities the current user has on this file. Each capability corresponds to a fine-grained action that a user may take.
+        "canAcceptOwnership": True or False, # Whether the current user is the pending owner of the file. Not populated for shared drive files.
         "canAddChildren": True or False, # Whether the current user can add children to this folder. This is always false when the item is not a folder.
         "canAddFolderFromAnotherDrive": True or False, # Whether the current user can add a folder from another drive (different shared drive or My Drive) to this folder. This is false when the item is not a folder. Only populated for items in shared drives.
         "canAddMyDriveParent": True or False, # Whether the current user can add a parent for the item without removing an existing parent in the same request. Not populated for shared drive files.
@@ -2401,6 +2417,7 @@ 
Method Details

           "id": "A String", # The ID of the user this permission refers to, and identical to the permissionId in the About and Files resources. When making a drive.permissions.insert request, exactly one of the id or value fields must be specified unless the permission type is anyone, in which case both id and value are ignored.
           "kind": "drive#permission", # This is always drive#permission.
           "name": "A String", # The name for this permission.
+          "pendingOwner": True or False, # Whether the account associated with this permission is a pending owner. Only populated for user type permissions for files that are not in a shared drive.
           "permissionDetails": [ # Details of whether the permissions on this shared drive item are inherited or directly on this item. This is an output-only field which is present only for shared drive items.
             {
               "additionalRoles": [ # Additional roles for this user. Only commenter is currently possible, though more may be supported in the future.
@@ -2523,6 +2540,7 @@ 
Method Details

         "id": "A String", # The ID of the user this permission refers to, and identical to the permissionId in the About and Files resources. When making a drive.permissions.insert request, exactly one of the id or value fields must be specified unless the permission type is anyone, in which case both id and value are ignored.
         "kind": "drive#permission", # This is always drive#permission.
         "name": "A String", # The name for this permission.
+        "pendingOwner": True or False, # Whether the account associated with this permission is a pending owner. Only populated for user type permissions for files that are not in a shared drive.
         "permissionDetails": [ # Details of whether the permissions on this shared drive item are inherited or directly on this item. This is an output-only field which is present only for shared drive items.
           {
             "additionalRoles": [ # Additional roles for this user. Only commenter is currently possible, though more may be supported in the future.
@@ -2615,6 +2633,7 @@ 
Method Details

   "canComment": True or False, # Deprecated: use capabilities/canComment.
   "canReadRevisions": True or False, # Deprecated: use capabilities/canReadRevisions.
   "capabilities": { # Capabilities the current user has on this file. Each capability corresponds to a fine-grained action that a user may take.
+    "canAcceptOwnership": True or False, # Whether the current user is the pending owner of the file. Not populated for shared drive files.
     "canAddChildren": True or False, # Whether the current user can add children to this folder. This is always false when the item is not a folder.
     "canAddFolderFromAnotherDrive": True or False, # Whether the current user can add a folder from another drive (different shared drive or My Drive) to this folder. This is false when the item is not a folder. Only populated for items in shared drives.
     "canAddMyDriveParent": True or False, # Whether the current user can add a parent for the item without removing an existing parent in the same request. Not populated for shared drive files.
@@ -2805,6 +2824,7 @@ 
Method Details

       "id": "A String", # The ID of the user this permission refers to, and identical to the permissionId in the About and Files resources. When making a drive.permissions.insert request, exactly one of the id or value fields must be specified unless the permission type is anyone, in which case both id and value are ignored.
       "kind": "drive#permission", # This is always drive#permission.
       "name": "A String", # The name for this permission.
+      "pendingOwner": True or False, # Whether the account associated with this permission is a pending owner. Only populated for user type permissions for files that are not in a shared drive.
       "permissionDetails": [ # Details of whether the permissions on this shared drive item are inherited or directly on this item. This is an output-only field which is present only for shared drive items.
         {
           "additionalRoles": [ # Additional roles for this user. Only commenter is currently possible, though more may be supported in the future.
@@ -2927,6 +2947,7 @@ 
Method Details

     "id": "A String", # The ID of the user this permission refers to, and identical to the permissionId in the About and Files resources. When making a drive.permissions.insert request, exactly one of the id or value fields must be specified unless the permission type is anyone, in which case both id and value are ignored.
     "kind": "drive#permission", # This is always drive#permission.
     "name": "A String", # The name for this permission.
+    "pendingOwner": True or False, # Whether the account associated with this permission is a pending owner. Only populated for user type permissions for files that are not in a shared drive.
     "permissionDetails": [ # Details of whether the permissions on this shared drive item are inherited or directly on this item. This is an output-only field which is present only for shared drive items.
       {
         "additionalRoles": [ # Additional roles for this user. Only commenter is currently possible, though more may be supported in the future.
@@ -3017,6 +3038,7 @@ 
Method Details

   "canComment": True or False, # Deprecated: use capabilities/canComment.
   "canReadRevisions": True or False, # Deprecated: use capabilities/canReadRevisions.
   "capabilities": { # Capabilities the current user has on this file. Each capability corresponds to a fine-grained action that a user may take.
+    "canAcceptOwnership": True or False, # Whether the current user is the pending owner of the file. Not populated for shared drive files.
     "canAddChildren": True or False, # Whether the current user can add children to this folder. This is always false when the item is not a folder.
     "canAddFolderFromAnotherDrive": True or False, # Whether the current user can add a folder from another drive (different shared drive or My Drive) to this folder. This is false when the item is not a folder. Only populated for items in shared drives.
     "canAddMyDriveParent": True or False, # Whether the current user can add a parent for the item without removing an existing parent in the same request. Not populated for shared drive files.
@@ -3207,6 +3229,7 @@ 
Method Details

       "id": "A String", # The ID of the user this permission refers to, and identical to the permissionId in the About and Files resources. When making a drive.permissions.insert request, exactly one of the id or value fields must be specified unless the permission type is anyone, in which case both id and value are ignored.
       "kind": "drive#permission", # This is always drive#permission.
       "name": "A String", # The name for this permission.
+      "pendingOwner": True or False, # Whether the account associated with this permission is a pending owner. Only populated for user type permissions for files that are not in a shared drive.
       "permissionDetails": [ # Details of whether the permissions on this shared drive item are inherited or directly on this item. This is an output-only field which is present only for shared drive items.
         {
           "additionalRoles": [ # Additional roles for this user. Only commenter is currently possible, though more may be supported in the future.
@@ -3329,6 +3352,7 @@ 
Method Details

     "id": "A String", # The ID of the user this permission refers to, and identical to the permissionId in the About and Files resources. When making a drive.permissions.insert request, exactly one of the id or value fields must be specified unless the permission type is anyone, in which case both id and value are ignored.
     "kind": "drive#permission", # This is always drive#permission.
     "name": "A String", # The name for this permission.
+    "pendingOwner": True or False, # Whether the account associated with this permission is a pending owner. Only populated for user type permissions for files that are not in a shared drive.
     "permissionDetails": [ # Details of whether the permissions on this shared drive item are inherited or directly on this item. This is an output-only field which is present only for shared drive items.
       {
         "additionalRoles": [ # Additional roles for this user. Only commenter is currently possible, though more may be supported in the future.
@@ -3405,6 +3429,7 @@ 
Method Details

   "canComment": True or False, # Deprecated: use capabilities/canComment.
   "canReadRevisions": True or False, # Deprecated: use capabilities/canReadRevisions.
   "capabilities": { # Capabilities the current user has on this file. Each capability corresponds to a fine-grained action that a user may take.
+    "canAcceptOwnership": True or False, # Whether the current user is the pending owner of the file. Not populated for shared drive files.
     "canAddChildren": True or False, # Whether the current user can add children to this folder. This is always false when the item is not a folder.
     "canAddFolderFromAnotherDrive": True or False, # Whether the current user can add a folder from another drive (different shared drive or My Drive) to this folder. This is false when the item is not a folder. Only populated for items in shared drives.
     "canAddMyDriveParent": True or False, # Whether the current user can add a parent for the item without removing an existing parent in the same request. Not populated for shared drive files.
@@ -3595,6 +3620,7 @@ 
Method Details

       "id": "A String", # The ID of the user this permission refers to, and identical to the permissionId in the About and Files resources. When making a drive.permissions.insert request, exactly one of the id or value fields must be specified unless the permission type is anyone, in which case both id and value are ignored.
       "kind": "drive#permission", # This is always drive#permission.
       "name": "A String", # The name for this permission.
+      "pendingOwner": True or False, # Whether the account associated with this permission is a pending owner. Only populated for user type permissions for files that are not in a shared drive.
       "permissionDetails": [ # Details of whether the permissions on this shared drive item are inherited or directly on this item. This is an output-only field which is present only for shared drive items.
         {
           "additionalRoles": [ # Additional roles for this user. Only commenter is currently possible, though more may be supported in the future.
@@ -3717,6 +3743,7 @@ 
Method Details

     "id": "A String", # The ID of the user this permission refers to, and identical to the permissionId in the About and Files resources. When making a drive.permissions.insert request, exactly one of the id or value fields must be specified unless the permission type is anyone, in which case both id and value are ignored.
     "kind": "drive#permission", # This is always drive#permission.
     "name": "A String", # The name for this permission.
+    "pendingOwner": True or False, # Whether the account associated with this permission is a pending owner. Only populated for user type permissions for files that are not in a shared drive.
     "permissionDetails": [ # Details of whether the permissions on this shared drive item are inherited or directly on this item. This is an output-only field which is present only for shared drive items.
       {
         "additionalRoles": [ # Additional roles for this user. Only commenter is currently possible, though more may be supported in the future.
@@ -3793,6 +3820,7 @@ 
Method Details

   "canComment": True or False, # Deprecated: use capabilities/canComment.
   "canReadRevisions": True or False, # Deprecated: use capabilities/canReadRevisions.
   "capabilities": { # Capabilities the current user has on this file. Each capability corresponds to a fine-grained action that a user may take.
+    "canAcceptOwnership": True or False, # Whether the current user is the pending owner of the file. Not populated for shared drive files.
     "canAddChildren": True or False, # Whether the current user can add children to this folder. This is always false when the item is not a folder.
     "canAddFolderFromAnotherDrive": True or False, # Whether the current user can add a folder from another drive (different shared drive or My Drive) to this folder. This is false when the item is not a folder. Only populated for items in shared drives.
     "canAddMyDriveParent": True or False, # Whether the current user can add a parent for the item without removing an existing parent in the same request. Not populated for shared drive files.
@@ -3983,6 +4011,7 @@ 
Method Details

       "id": "A String", # The ID of the user this permission refers to, and identical to the permissionId in the About and Files resources. When making a drive.permissions.insert request, exactly one of the id or value fields must be specified unless the permission type is anyone, in which case both id and value are ignored.
       "kind": "drive#permission", # This is always drive#permission.
       "name": "A String", # The name for this permission.
+      "pendingOwner": True or False, # Whether the account associated with this permission is a pending owner. Only populated for user type permissions for files that are not in a shared drive.
       "permissionDetails": [ # Details of whether the permissions on this shared drive item are inherited or directly on this item. This is an output-only field which is present only for shared drive items.
         {
           "additionalRoles": [ # Additional roles for this user. Only commenter is currently possible, though more may be supported in the future.
@@ -4105,6 +4134,7 @@ 
Method Details

     "id": "A String", # The ID of the user this permission refers to, and identical to the permissionId in the About and Files resources. When making a drive.permissions.insert request, exactly one of the id or value fields must be specified unless the permission type is anyone, in which case both id and value are ignored.
     "kind": "drive#permission", # This is always drive#permission.
     "name": "A String", # The name for this permission.
+    "pendingOwner": True or False, # Whether the account associated with this permission is a pending owner. Only populated for user type permissions for files that are not in a shared drive.
     "permissionDetails": [ # Details of whether the permissions on this shared drive item are inherited or directly on this item. This is an output-only field which is present only for shared drive items.
       {
         "additionalRoles": [ # Additional roles for this user. Only commenter is currently possible, though more may be supported in the future.
@@ -4181,6 +4211,7 @@ 
Method Details

   "canComment": True or False, # Deprecated: use capabilities/canComment.
   "canReadRevisions": True or False, # Deprecated: use capabilities/canReadRevisions.
   "capabilities": { # Capabilities the current user has on this file. Each capability corresponds to a fine-grained action that a user may take.
+    "canAcceptOwnership": True or False, # Whether the current user is the pending owner of the file. Not populated for shared drive files.
     "canAddChildren": True or False, # Whether the current user can add children to this folder. This is always false when the item is not a folder.
     "canAddFolderFromAnotherDrive": True or False, # Whether the current user can add a folder from another drive (different shared drive or My Drive) to this folder. This is false when the item is not a folder. Only populated for items in shared drives.
     "canAddMyDriveParent": True or False, # Whether the current user can add a parent for the item without removing an existing parent in the same request. Not populated for shared drive files.
@@ -4371,6 +4402,7 @@ 
Method Details

       "id": "A String", # The ID of the user this permission refers to, and identical to the permissionId in the About and Files resources. When making a drive.permissions.insert request, exactly one of the id or value fields must be specified unless the permission type is anyone, in which case both id and value are ignored.
       "kind": "drive#permission", # This is always drive#permission.
       "name": "A String", # The name for this permission.
+      "pendingOwner": True or False, # Whether the account associated with this permission is a pending owner. Only populated for user type permissions for files that are not in a shared drive.
       "permissionDetails": [ # Details of whether the permissions on this shared drive item are inherited or directly on this item. This is an output-only field which is present only for shared drive items.
         {
           "additionalRoles": [ # Additional roles for this user. Only commenter is currently possible, though more may be supported in the future.
@@ -4493,6 +4525,7 @@ 
Method Details

     "id": "A String", # The ID of the user this permission refers to, and identical to the permissionId in the About and Files resources. When making a drive.permissions.insert request, exactly one of the id or value fields must be specified unless the permission type is anyone, in which case both id and value are ignored.
     "kind": "drive#permission", # This is always drive#permission.
     "name": "A String", # The name for this permission.
+    "pendingOwner": True or False, # Whether the account associated with this permission is a pending owner. Only populated for user type permissions for files that are not in a shared drive.
     "permissionDetails": [ # Details of whether the permissions on this shared drive item are inherited or directly on this item. This is an output-only field which is present only for shared drive items.
       {
         "additionalRoles": [ # Additional roles for this user. Only commenter is currently possible, though more may be supported in the future.
@@ -4565,6 +4598,7 @@ 
Method Details

   "canComment": True or False, # Deprecated: use capabilities/canComment.
   "canReadRevisions": True or False, # Deprecated: use capabilities/canReadRevisions.
   "capabilities": { # Capabilities the current user has on this file. Each capability corresponds to a fine-grained action that a user may take.
+    "canAcceptOwnership": True or False, # Whether the current user is the pending owner of the file. Not populated for shared drive files.
     "canAddChildren": True or False, # Whether the current user can add children to this folder. This is always false when the item is not a folder.
     "canAddFolderFromAnotherDrive": True or False, # Whether the current user can add a folder from another drive (different shared drive or My Drive) to this folder. This is false when the item is not a folder. Only populated for items in shared drives.
     "canAddMyDriveParent": True or False, # Whether the current user can add a parent for the item without removing an existing parent in the same request. Not populated for shared drive files.
@@ -4755,6 +4789,7 @@ 
Method Details

       "id": "A String", # The ID of the user this permission refers to, and identical to the permissionId in the About and Files resources. When making a drive.permissions.insert request, exactly one of the id or value fields must be specified unless the permission type is anyone, in which case both id and value are ignored.
       "kind": "drive#permission", # This is always drive#permission.
       "name": "A String", # The name for this permission.
+      "pendingOwner": True or False, # Whether the account associated with this permission is a pending owner. Only populated for user type permissions for files that are not in a shared drive.
       "permissionDetails": [ # Details of whether the permissions on this shared drive item are inherited or directly on this item. This is an output-only field which is present only for shared drive items.
         {
           "additionalRoles": [ # Additional roles for this user. Only commenter is currently possible, though more may be supported in the future.
@@ -4877,6 +4912,7 @@ 
Method Details

     "id": "A String", # The ID of the user this permission refers to, and identical to the permissionId in the About and Files resources. When making a drive.permissions.insert request, exactly one of the id or value fields must be specified unless the permission type is anyone, in which case both id and value are ignored.
     "kind": "drive#permission", # This is always drive#permission.
     "name": "A String", # The name for this permission.
+    "pendingOwner": True or False, # Whether the account associated with this permission is a pending owner. Only populated for user type permissions for files that are not in a shared drive.
     "permissionDetails": [ # Details of whether the permissions on this shared drive item are inherited or directly on this item. This is an output-only field which is present only for shared drive items.
       {
         "additionalRoles": [ # Additional roles for this user. Only commenter is currently possible, though more may be supported in the future.
@@ -4969,6 +5005,7 @@ 
Method Details

   "canComment": True or False, # Deprecated: use capabilities/canComment.
   "canReadRevisions": True or False, # Deprecated: use capabilities/canReadRevisions.
   "capabilities": { # Capabilities the current user has on this file. Each capability corresponds to a fine-grained action that a user may take.
+    "canAcceptOwnership": True or False, # Whether the current user is the pending owner of the file. Not populated for shared drive files.
     "canAddChildren": True or False, # Whether the current user can add children to this folder. This is always false when the item is not a folder.
     "canAddFolderFromAnotherDrive": True or False, # Whether the current user can add a folder from another drive (different shared drive or My Drive) to this folder. This is false when the item is not a folder. Only populated for items in shared drives.
     "canAddMyDriveParent": True or False, # Whether the current user can add a parent for the item without removing an existing parent in the same request. Not populated for shared drive files.
@@ -5159,6 +5196,7 @@ 
Method Details

       "id": "A String", # The ID of the user this permission refers to, and identical to the permissionId in the About and Files resources. When making a drive.permissions.insert request, exactly one of the id or value fields must be specified unless the permission type is anyone, in which case both id and value are ignored.
       "kind": "drive#permission", # This is always drive#permission.
       "name": "A String", # The name for this permission.
+      "pendingOwner": True or False, # Whether the account associated with this permission is a pending owner. Only populated for user type permissions for files that are not in a shared drive.
       "permissionDetails": [ # Details of whether the permissions on this shared drive item are inherited or directly on this item. This is an output-only field which is present only for shared drive items.
         {
           "additionalRoles": [ # Additional roles for this user. Only commenter is currently possible, though more may be supported in the future.
@@ -5281,6 +5319,7 @@ 
Method Details

     "id": "A String", # The ID of the user this permission refers to, and identical to the permissionId in the About and Files resources. When making a drive.permissions.insert request, exactly one of the id or value fields must be specified unless the permission type is anyone, in which case both id and value are ignored.
     "kind": "drive#permission", # This is always drive#permission.
     "name": "A String", # The name for this permission.
+    "pendingOwner": True or False, # Whether the account associated with this permission is a pending owner. Only populated for user type permissions for files that are not in a shared drive.
     "permissionDetails": [ # Details of whether the permissions on this shared drive item are inherited or directly on this item. This is an output-only field which is present only for shared drive items.
       {
         "additionalRoles": [ # Additional roles for this user. Only commenter is currently possible, though more may be supported in the future.
diff --git a/docs/dyn/drive_v2.permissions.html b/docs/dyn/drive_v2.permissions.html
index 24f4acb8f3c..e0235824377 100644
--- a/docs/dyn/drive_v2.permissions.html
+++ b/docs/dyn/drive_v2.permissions.html
@@ -152,6 +152,7 @@ 
Method Details

   "id": "A String", # The ID of the user this permission refers to, and identical to the permissionId in the About and Files resources. When making a drive.permissions.insert request, exactly one of the id or value fields must be specified unless the permission type is anyone, in which case both id and value are ignored.
   "kind": "drive#permission", # This is always drive#permission.
   "name": "A String", # The name for this permission.
+  "pendingOwner": True or False, # Whether the account associated with this permission is a pending owner. Only populated for user type permissions for files that are not in a shared drive.
   "permissionDetails": [ # Details of whether the permissions on this shared drive item are inherited or directly on this item. This is an output-only field which is present only for shared drive items.
     {
       "additionalRoles": [ # Additional roles for this user. Only commenter is currently possible, though more may be supported in the future.
@@ -242,6 +243,7 @@ 
Method Details

   "id": "A String", # The ID of the user this permission refers to, and identical to the permissionId in the About and Files resources. When making a drive.permissions.insert request, exactly one of the id or value fields must be specified unless the permission type is anyone, in which case both id and value are ignored.
   "kind": "drive#permission", # This is always drive#permission.
   "name": "A String", # The name for this permission.
+  "pendingOwner": True or False, # Whether the account associated with this permission is a pending owner. Only populated for user type permissions for files that are not in a shared drive.
   "permissionDetails": [ # Details of whether the permissions on this shared drive item are inherited or directly on this item. This is an output-only field which is present only for shared drive items.
     {
       "additionalRoles": [ # Additional roles for this user. Only commenter is currently possible, though more may be supported in the future.
@@ -317,6 +319,7 @@ 
Method Details

   "id": "A String", # The ID of the user this permission refers to, and identical to the permissionId in the About and Files resources. When making a drive.permissions.insert request, exactly one of the id or value fields must be specified unless the permission type is anyone, in which case both id and value are ignored.
   "kind": "drive#permission", # This is always drive#permission.
   "name": "A String", # The name for this permission.
+  "pendingOwner": True or False, # Whether the account associated with this permission is a pending owner. Only populated for user type permissions for files that are not in a shared drive.
   "permissionDetails": [ # Details of whether the permissions on this shared drive item are inherited or directly on this item. This is an output-only field which is present only for shared drive items.
     {
       "additionalRoles": [ # Additional roles for this user. Only commenter is currently possible, though more may be supported in the future.
@@ -401,6 +404,7 @@ 
Method Details

       "id": "A String", # The ID of the user this permission refers to, and identical to the permissionId in the About and Files resources. When making a drive.permissions.insert request, exactly one of the id or value fields must be specified unless the permission type is anyone, in which case both id and value are ignored.
       "kind": "drive#permission", # This is always drive#permission.
       "name": "A String", # The name for this permission.
+      "pendingOwner": True or False, # Whether the account associated with this permission is a pending owner. Only populated for user type permissions for files that are not in a shared drive.
       "permissionDetails": [ # Details of whether the permissions on this shared drive item are inherited or directly on this item. This is an output-only field which is present only for shared drive items.
         {
           "additionalRoles": [ # Additional roles for this user. Only commenter is currently possible, though more may be supported in the future.
@@ -495,6 +499,7 @@ 
Method Details

   "id": "A String", # The ID of the user this permission refers to, and identical to the permissionId in the About and Files resources. When making a drive.permissions.insert request, exactly one of the id or value fields must be specified unless the permission type is anyone, in which case both id and value are ignored.
   "kind": "drive#permission", # This is always drive#permission.
   "name": "A String", # The name for this permission.
+  "pendingOwner": True or False, # Whether the account associated with this permission is a pending owner. Only populated for user type permissions for files that are not in a shared drive.
   "permissionDetails": [ # Details of whether the permissions on this shared drive item are inherited or directly on this item. This is an output-only field which is present only for shared drive items.
     {
       "additionalRoles": [ # Additional roles for this user. Only commenter is currently possible, though more may be supported in the future.
@@ -568,6 +573,7 @@ 
Method Details

   "id": "A String", # The ID of the user this permission refers to, and identical to the permissionId in the About and Files resources. When making a drive.permissions.insert request, exactly one of the id or value fields must be specified unless the permission type is anyone, in which case both id and value are ignored.
   "kind": "drive#permission", # This is always drive#permission.
   "name": "A String", # The name for this permission.
+  "pendingOwner": True or False, # Whether the account associated with this permission is a pending owner. Only populated for user type permissions for files that are not in a shared drive.
   "permissionDetails": [ # Details of whether the permissions on this shared drive item are inherited or directly on this item. This is an output-only field which is present only for shared drive items.
     {
       "additionalRoles": [ # Additional roles for this user. Only commenter is currently possible, though more may be supported in the future.
@@ -643,6 +649,7 @@ 
Method Details

   "id": "A String", # The ID of the user this permission refers to, and identical to the permissionId in the About and Files resources. When making a drive.permissions.insert request, exactly one of the id or value fields must be specified unless the permission type is anyone, in which case both id and value are ignored.
   "kind": "drive#permission", # This is always drive#permission.
   "name": "A String", # The name for this permission.
+  "pendingOwner": True or False, # Whether the account associated with this permission is a pending owner. Only populated for user type permissions for files that are not in a shared drive.
   "permissionDetails": [ # Details of whether the permissions on this shared drive item are inherited or directly on this item. This is an output-only field which is present only for shared drive items.
     {
       "additionalRoles": [ # Additional roles for this user. Only commenter is currently possible, though more may be supported in the future.
@@ -716,6 +723,7 @@ 
Method Details

   "id": "A String", # The ID of the user this permission refers to, and identical to the permissionId in the About and Files resources. When making a drive.permissions.insert request, exactly one of the id or value fields must be specified unless the permission type is anyone, in which case both id and value are ignored.
   "kind": "drive#permission", # This is always drive#permission.
   "name": "A String", # The name for this permission.
+  "pendingOwner": True or False, # Whether the account associated with this permission is a pending owner. Only populated for user type permissions for files that are not in a shared drive.
   "permissionDetails": [ # Details of whether the permissions on this shared drive item are inherited or directly on this item. This is an output-only field which is present only for shared drive items.
     {
       "additionalRoles": [ # Additional roles for this user. Only commenter is currently possible, though more may be supported in the future.
diff --git a/docs/dyn/drive_v3.changes.html b/docs/dyn/drive_v3.changes.html
index 86d5675e2a8..24ba61550bc 100644
--- a/docs/dyn/drive_v3.changes.html
+++ b/docs/dyn/drive_v3.changes.html
@@ -189,6 +189,7 @@ 
Method Details

           "a_key": "A String",
         },
         "capabilities": { # Capabilities the current user has on this file. Each capability corresponds to a fine-grained action that a user may take.
+          "canAcceptOwnership": True or False, # Whether the current user is the pending owner of the file. Not populated for shared drive files.
           "canAddChildren": True or False, # Whether the current user can add children to this folder. This is always false when the item is not a folder.
           "canAddFolderFromAnotherDrive": True or False, # Whether the current user can add a folder from another drive (different shared drive or My Drive) to this folder. This is false when the item is not a folder. Only populated for items in shared drives.
           "canAddMyDriveParent": True or False, # Whether the current user can add a parent for the item without removing an existing parent in the same request. Not populated for shared drive files.
@@ -352,6 +353,7 @@ 
Method Details

                 # - The time cannot be more than a year in the future
             "id": "A String", # The ID of this permission. This is a unique identifier for the grantee, and is published in User resources as permissionId. IDs should be treated as opaque values.
             "kind": "drive#permission", # Identifies what kind of resource this is. Value: the fixed string "drive#permission".
+            "pendingOwner": True or False, # Whether the account associated with this permission is a pending owner. Only populated for user type permissions for files that are not in a shared drive.
             "permissionDetails": [ # Details of whether the permissions on this shared drive item are inherited or directly on this item. This is an output-only field which is present only for shared drive items.
               {
                 "inherited": True or False, # Whether this permission is inherited. This field is always populated. This is an output-only field.
diff --git a/docs/dyn/drive_v3.files.html b/docs/dyn/drive_v3.files.html
index 964c76bb578..6a11dfe3cc2 100644
--- a/docs/dyn/drive_v3.files.html
+++ b/docs/dyn/drive_v3.files.html
@@ -140,6 +140,7 @@ 
Method Details

     "a_key": "A String",
   },
   "capabilities": { # Capabilities the current user has on this file. Each capability corresponds to a fine-grained action that a user may take.
+    "canAcceptOwnership": True or False, # Whether the current user is the pending owner of the file. Not populated for shared drive files.
     "canAddChildren": True or False, # Whether the current user can add children to this folder. This is always false when the item is not a folder.
     "canAddFolderFromAnotherDrive": True or False, # Whether the current user can add a folder from another drive (different shared drive or My Drive) to this folder. This is false when the item is not a folder. Only populated for items in shared drives.
     "canAddMyDriveParent": True or False, # Whether the current user can add a parent for the item without removing an existing parent in the same request. Not populated for shared drive files.
@@ -303,6 +304,7 @@ 
Method Details

           # - The time cannot be more than a year in the future
       "id": "A String", # The ID of this permission. This is a unique identifier for the grantee, and is published in User resources as permissionId. IDs should be treated as opaque values.
       "kind": "drive#permission", # Identifies what kind of resource this is. Value: the fixed string "drive#permission".
+      "pendingOwner": True or False, # Whether the account associated with this permission is a pending owner. Only populated for user type permissions for files that are not in a shared drive.
       "permissionDetails": [ # Details of whether the permissions on this shared drive item are inherited or directly on this item. This is an output-only field which is present only for shared drive items.
         {
           "inherited": True or False, # Whether this permission is inherited. This field is always populated. This is an output-only field.
@@ -412,6 +414,7 @@ 
Method Details

     "a_key": "A String",
   },
   "capabilities": { # Capabilities the current user has on this file. Each capability corresponds to a fine-grained action that a user may take.
+    "canAcceptOwnership": True or False, # Whether the current user is the pending owner of the file. Not populated for shared drive files.
     "canAddChildren": True or False, # Whether the current user can add children to this folder. This is always false when the item is not a folder.
     "canAddFolderFromAnotherDrive": True or False, # Whether the current user can add a folder from another drive (different shared drive or My Drive) to this folder. This is false when the item is not a folder. Only populated for items in shared drives.
     "canAddMyDriveParent": True or False, # Whether the current user can add a parent for the item without removing an existing parent in the same request. Not populated for shared drive files.
@@ -575,6 +578,7 @@ 
Method Details

           # - The time cannot be more than a year in the future
       "id": "A String", # The ID of this permission. This is a unique identifier for the grantee, and is published in User resources as permissionId. IDs should be treated as opaque values.
       "kind": "drive#permission", # Identifies what kind of resource this is. Value: the fixed string "drive#permission".
+      "pendingOwner": True or False, # Whether the account associated with this permission is a pending owner. Only populated for user type permissions for files that are not in a shared drive.
       "permissionDetails": [ # Details of whether the permissions on this shared drive item are inherited or directly on this item. This is an output-only field which is present only for shared drive items.
         {
           "inherited": True or False, # Whether this permission is inherited. This field is always populated. This is an output-only field.
@@ -682,6 +686,7 @@ 
Method Details

     "a_key": "A String",
   },
   "capabilities": { # Capabilities the current user has on this file. Each capability corresponds to a fine-grained action that a user may take.
+    "canAcceptOwnership": True or False, # Whether the current user is the pending owner of the file. Not populated for shared drive files.
     "canAddChildren": True or False, # Whether the current user can add children to this folder. This is always false when the item is not a folder.
     "canAddFolderFromAnotherDrive": True or False, # Whether the current user can add a folder from another drive (different shared drive or My Drive) to this folder. This is false when the item is not a folder. Only populated for items in shared drives.
     "canAddMyDriveParent": True or False, # Whether the current user can add a parent for the item without removing an existing parent in the same request. Not populated for shared drive files.
@@ -845,6 +850,7 @@ 
Method Details

           # - The time cannot be more than a year in the future
       "id": "A String", # The ID of this permission. This is a unique identifier for the grantee, and is published in User resources as permissionId. IDs should be treated as opaque values.
       "kind": "drive#permission", # Identifies what kind of resource this is. Value: the fixed string "drive#permission".
+      "pendingOwner": True or False, # Whether the account associated with this permission is a pending owner. Only populated for user type permissions for files that are not in a shared drive.
       "permissionDetails": [ # Details of whether the permissions on this shared drive item are inherited or directly on this item. This is an output-only field which is present only for shared drive items.
         {
           "inherited": True or False, # Whether this permission is inherited. This field is always populated. This is an output-only field.
@@ -957,6 +963,7 @@ 
Method Details

     "a_key": "A String",
   },
   "capabilities": { # Capabilities the current user has on this file. Each capability corresponds to a fine-grained action that a user may take.
+    "canAcceptOwnership": True or False, # Whether the current user is the pending owner of the file. Not populated for shared drive files.
     "canAddChildren": True or False, # Whether the current user can add children to this folder. This is always false when the item is not a folder.
     "canAddFolderFromAnotherDrive": True or False, # Whether the current user can add a folder from another drive (different shared drive or My Drive) to this folder. This is false when the item is not a folder. Only populated for items in shared drives.
     "canAddMyDriveParent": True or False, # Whether the current user can add a parent for the item without removing an existing parent in the same request. Not populated for shared drive files.
@@ -1120,6 +1127,7 @@ 
Method Details

           # - The time cannot be more than a year in the future
       "id": "A String", # The ID of this permission. This is a unique identifier for the grantee, and is published in User resources as permissionId. IDs should be treated as opaque values.
       "kind": "drive#permission", # Identifies what kind of resource this is. Value: the fixed string "drive#permission".
+      "pendingOwner": True or False, # Whether the account associated with this permission is a pending owner. Only populated for user type permissions for files that are not in a shared drive.
       "permissionDetails": [ # Details of whether the permissions on this shared drive item are inherited or directly on this item. This is an output-only field which is present only for shared drive items.
         {
           "inherited": True or False, # Whether this permission is inherited. This field is always populated. This is an output-only field.
@@ -1295,6 +1303,7 @@ 
Method Details

     "a_key": "A String",
   },
   "capabilities": { # Capabilities the current user has on this file. Each capability corresponds to a fine-grained action that a user may take.
+    "canAcceptOwnership": True or False, # Whether the current user is the pending owner of the file. Not populated for shared drive files.
     "canAddChildren": True or False, # Whether the current user can add children to this folder. This is always false when the item is not a folder.
     "canAddFolderFromAnotherDrive": True or False, # Whether the current user can add a folder from another drive (different shared drive or My Drive) to this folder. This is false when the item is not a folder. Only populated for items in shared drives.
     "canAddMyDriveParent": True or False, # Whether the current user can add a parent for the item without removing an existing parent in the same request. Not populated for shared drive files.
@@ -1458,6 +1467,7 @@ 
Method Details

           # - The time cannot be more than a year in the future
       "id": "A String", # The ID of this permission. This is a unique identifier for the grantee, and is published in User resources as permissionId. IDs should be treated as opaque values.
       "kind": "drive#permission", # Identifies what kind of resource this is. Value: the fixed string "drive#permission".
+      "pendingOwner": True or False, # Whether the account associated with this permission is a pending owner. Only populated for user type permissions for files that are not in a shared drive.
       "permissionDetails": [ # Details of whether the permissions on this shared drive item are inherited or directly on this item. This is an output-only field which is present only for shared drive items.
         {
           "inherited": True or False, # Whether this permission is inherited. This field is always populated. This is an output-only field.
@@ -1602,6 +1612,7 @@ 
Method Details

         "a_key": "A String",
       },
       "capabilities": { # Capabilities the current user has on this file. Each capability corresponds to a fine-grained action that a user may take.
+        "canAcceptOwnership": True or False, # Whether the current user is the pending owner of the file. Not populated for shared drive files.
         "canAddChildren": True or False, # Whether the current user can add children to this folder. This is always false when the item is not a folder.
         "canAddFolderFromAnotherDrive": True or False, # Whether the current user can add a folder from another drive (different shared drive or My Drive) to this folder. This is false when the item is not a folder. Only populated for items in shared drives.
         "canAddMyDriveParent": True or False, # Whether the current user can add a parent for the item without removing an existing parent in the same request. Not populated for shared drive files.
@@ -1765,6 +1776,7 @@ 
Method Details

               # - The time cannot be more than a year in the future
           "id": "A String", # The ID of this permission. This is a unique identifier for the grantee, and is published in User resources as permissionId. IDs should be treated as opaque values.
           "kind": "drive#permission", # Identifies what kind of resource this is. Value: the fixed string "drive#permission".
+          "pendingOwner": True or False, # Whether the account associated with this permission is a pending owner. Only populated for user type permissions for files that are not in a shared drive.
           "permissionDetails": [ # Details of whether the permissions on this shared drive item are inherited or directly on this item. This is an output-only field which is present only for shared drive items.
             {
               "inherited": True or False, # Whether this permission is inherited. This field is always populated. This is an output-only field.
@@ -1892,6 +1904,7 @@ 
Method Details

     "a_key": "A String",
   },
   "capabilities": { # Capabilities the current user has on this file. Each capability corresponds to a fine-grained action that a user may take.
+    "canAcceptOwnership": True or False, # Whether the current user is the pending owner of the file. Not populated for shared drive files.
     "canAddChildren": True or False, # Whether the current user can add children to this folder. This is always false when the item is not a folder.
     "canAddFolderFromAnotherDrive": True or False, # Whether the current user can add a folder from another drive (different shared drive or My Drive) to this folder. This is false when the item is not a folder. Only populated for items in shared drives.
     "canAddMyDriveParent": True or False, # Whether the current user can add a parent for the item without removing an existing parent in the same request. Not populated for shared drive files.
@@ -2055,6 +2068,7 @@ 
Method Details

           # - The time cannot be more than a year in the future
       "id": "A String", # The ID of this permission. This is a unique identifier for the grantee, and is published in User resources as permissionId. IDs should be treated as opaque values.
       "kind": "drive#permission", # Identifies what kind of resource this is. Value: the fixed string "drive#permission".
+      "pendingOwner": True or False, # Whether the account associated with this permission is a pending owner. Only populated for user type permissions for files that are not in a shared drive.
       "permissionDetails": [ # Details of whether the permissions on this shared drive item are inherited or directly on this item. This is an output-only field which is present only for shared drive items.
         {
           "inherited": True or False, # Whether this permission is inherited. This field is always populated. This is an output-only field.
@@ -2168,6 +2182,7 @@ 
Method Details

     "a_key": "A String",
   },
   "capabilities": { # Capabilities the current user has on this file. Each capability corresponds to a fine-grained action that a user may take.
+    "canAcceptOwnership": True or False, # Whether the current user is the pending owner of the file. Not populated for shared drive files.
     "canAddChildren": True or False, # Whether the current user can add children to this folder. This is always false when the item is not a folder.
     "canAddFolderFromAnotherDrive": True or False, # Whether the current user can add a folder from another drive (different shared drive or My Drive) to this folder. This is false when the item is not a folder. Only populated for items in shared drives.
     "canAddMyDriveParent": True or False, # Whether the current user can add a parent for the item without removing an existing parent in the same request. Not populated for shared drive files.
@@ -2331,6 +2346,7 @@ 
Method Details

           # - The time cannot be more than a year in the future
       "id": "A String", # The ID of this permission. This is a unique identifier for the grantee, and is published in User resources as permissionId. IDs should be treated as opaque values.
       "kind": "drive#permission", # Identifies what kind of resource this is. Value: the fixed string "drive#permission".
+      "pendingOwner": True or False, # Whether the account associated with this permission is a pending owner. Only populated for user type permissions for files that are not in a shared drive.
       "permissionDetails": [ # Details of whether the permissions on this shared drive item are inherited or directly on this item. This is an output-only field which is present only for shared drive items.
         {
           "inherited": True or False, # Whether this permission is inherited. This field is always populated. This is an output-only field.
diff --git a/docs/dyn/drive_v3.permissions.html b/docs/dyn/drive_v3.permissions.html
index 0b46d51d4e1..79866a93317 100644
--- a/docs/dyn/drive_v3.permissions.html
+++ b/docs/dyn/drive_v3.permissions.html
@@ -126,6 +126,7 @@ 
Method Details

       # - The time cannot be more than a year in the future
   "id": "A String", # The ID of this permission. This is a unique identifier for the grantee, and is published in User resources as permissionId. IDs should be treated as opaque values.
   "kind": "drive#permission", # Identifies what kind of resource this is. Value: the fixed string "drive#permission".
+  "pendingOwner": True or False, # Whether the account associated with this permission is a pending owner. Only populated for user type permissions for files that are not in a shared drive.
   "permissionDetails": [ # Details of whether the permissions on this shared drive item are inherited or directly on this item. This is an output-only field which is present only for shared drive items.
     {
       "inherited": True or False, # Whether this permission is inherited. This field is always populated. This is an output-only field.
@@ -193,6 +194,7 @@ 
Method Details

       # - The time cannot be more than a year in the future
   "id": "A String", # The ID of this permission. This is a unique identifier for the grantee, and is published in User resources as permissionId. IDs should be treated as opaque values.
   "kind": "drive#permission", # Identifies what kind of resource this is. Value: the fixed string "drive#permission".
+  "pendingOwner": True or False, # Whether the account associated with this permission is a pending owner. Only populated for user type permissions for files that are not in a shared drive.
   "permissionDetails": [ # Details of whether the permissions on this shared drive item are inherited or directly on this item. This is an output-only field which is present only for shared drive items.
     {
       "inherited": True or False, # Whether this permission is inherited. This field is always populated. This is an output-only field.
@@ -276,6 +278,7 @@ 
Method Details

       # - The time cannot be more than a year in the future
   "id": "A String", # The ID of this permission. This is a unique identifier for the grantee, and is published in User resources as permissionId. IDs should be treated as opaque values.
   "kind": "drive#permission", # Identifies what kind of resource this is. Value: the fixed string "drive#permission".
+  "pendingOwner": True or False, # Whether the account associated with this permission is a pending owner. Only populated for user type permissions for files that are not in a shared drive.
   "permissionDetails": [ # Details of whether the permissions on this shared drive item are inherited or directly on this item. This is an output-only field which is present only for shared drive items.
     {
       "inherited": True or False, # Whether this permission is inherited. This field is always populated. This is an output-only field.
@@ -352,6 +355,7 @@ 
Method Details

           # - The time cannot be more than a year in the future
       "id": "A String", # The ID of this permission. This is a unique identifier for the grantee, and is published in User resources as permissionId. IDs should be treated as opaque values.
       "kind": "drive#permission", # Identifies what kind of resource this is. Value: the fixed string "drive#permission".
+      "pendingOwner": True or False, # Whether the account associated with this permission is a pending owner. Only populated for user type permissions for files that are not in a shared drive.
       "permissionDetails": [ # Details of whether the permissions on this shared drive item are inherited or directly on this item. This is an output-only field which is present only for shared drive items.
         {
           "inherited": True or False, # Whether this permission is inherited. This field is always populated. This is an output-only field.
@@ -434,6 +438,7 @@ 
Method Details

       # - The time cannot be more than a year in the future
   "id": "A String", # The ID of this permission. This is a unique identifier for the grantee, and is published in User resources as permissionId. IDs should be treated as opaque values.
   "kind": "drive#permission", # Identifies what kind of resource this is. Value: the fixed string "drive#permission".
+  "pendingOwner": True or False, # Whether the account associated with this permission is a pending owner. Only populated for user type permissions for files that are not in a shared drive.
   "permissionDetails": [ # Details of whether the permissions on this shared drive item are inherited or directly on this item. This is an output-only field which is present only for shared drive items.
     {
       "inherited": True or False, # Whether this permission is inherited. This field is always populated. This is an output-only field.
@@ -498,6 +503,7 @@ 
Method Details

       # - The time cannot be more than a year in the future
   "id": "A String", # The ID of this permission. This is a unique identifier for the grantee, and is published in User resources as permissionId. IDs should be treated as opaque values.
   "kind": "drive#permission", # Identifies what kind of resource this is. Value: the fixed string "drive#permission".
+  "pendingOwner": True or False, # Whether the account associated with this permission is a pending owner. Only populated for user type permissions for files that are not in a shared drive.
   "permissionDetails": [ # Details of whether the permissions on this shared drive item are inherited or directly on this item. This is an output-only field which is present only for shared drive items.
     {
       "inherited": True or False, # Whether this permission is inherited. This field is always populated. This is an output-only field.
diff --git a/docs/dyn/eventarc_v1.projects.locations.channels.html b/docs/dyn/eventarc_v1.projects.locations.channels.html
index 88b74a5bcd5..05b63c9285a 100644
--- a/docs/dyn/eventarc_v1.projects.locations.channels.html
+++ b/docs/dyn/eventarc_v1.projects.locations.channels.html
@@ -98,7 +98,7 @@ 
Method Details

 
 Args:
   resource: string, REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. (required)
-  options_requestedPolicyVersion: integer, Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  options_requestedPolicyVersion: integer, Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
diff --git a/docs/dyn/eventarc_v1.projects.locations.triggers.html b/docs/dyn/eventarc_v1.projects.locations.triggers.html
index 3a2a42c6a11..758385c1d69 100644
--- a/docs/dyn/eventarc_v1.projects.locations.triggers.html
+++ b/docs/dyn/eventarc_v1.projects.locations.triggers.html
@@ -285,7 +285,7 @@ 
Method Details

 
 Args:
   resource: string, REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. (required)
-  options_requestedPolicyVersion: integer, Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  options_requestedPolicyVersion: integer, Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
diff --git a/docs/dyn/eventarc_v1beta1.projects.locations.triggers.html b/docs/dyn/eventarc_v1beta1.projects.locations.triggers.html
index d188af277c0..4cb22568acb 100644
--- a/docs/dyn/eventarc_v1beta1.projects.locations.triggers.html
+++ b/docs/dyn/eventarc_v1beta1.projects.locations.triggers.html
@@ -269,7 +269,7 @@ 
Method Details

 
 Args:
   resource: string, REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. (required)
-  options_requestedPolicyVersion: integer, Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  options_requestedPolicyVersion: integer, Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
diff --git a/docs/dyn/file_v1.projects.locations.instances.html b/docs/dyn/file_v1.projects.locations.instances.html
index 0e21332efca..0ea3282f181 100644
--- a/docs/dyn/file_v1.projects.locations.instances.html
+++ b/docs/dyn/file_v1.projects.locations.instances.html
@@ -74,6 +74,11 @@
 
 
Cloud Filestore API . projects . locations . instances

 
Instance Methods

+

+  snapshots()
+

+
Returns the snapshots Resource.

+
 

   close()

 
Close httplib2 connections.

@@ -81,7 +86,7 @@ 
Instance Methods

   create(parent, body=None, instanceId=None, x__xgafv=None)

 
Creates an instance. When creating from a backup, the capacity of the new instance needs to be equal to or larger than the capacity of the backup (and also equal to or larger than the minimum capacity of the tier).

 

-  delete(name, x__xgafv=None)

+  delete(name, force=None, x__xgafv=None)

 
Deletes an instance.

 

   get(name, x__xgafv=None)

@@ -135,12 +140,14 @@ 
Method Details

       "sourceBackup": "A String", # The resource name of the backup, in the format `projects/{project_number}/locations/{location_id}/backups/{backup_id}`, that this file share has been restored from.
     },
   ],
+  "kmsKeyName": "A String", # KMS key name used for data encryption.
   "labels": { # Resource labels to represent user provided metadata.
     "a_key": "A String",
   },
   "name": "A String", # Output only. The resource name of the instance, in the format `projects/{project}/locations/{location}/instances/{instance}`.
   "networks": [ # VPC networks to which the instance is connected. For this version, only a single network is supported.
     { # Network configuration for the instance.
+      "connectMode": "A String", # The network connect mode of the Filestore instance. If not provided, the connect mode defaults to DIRECT_PEERING.
       "ipAddresses": [ # Output only. IPv4 addresses in the format `{octet1}.{octet2}.{octet3}.{octet4}` or IPv6 addresses in the format `{block1}:{block2}:{block3}:{block4}:{block5}:{block6}:{block7}:{block8}`.
         "A String",
       ],
@@ -148,12 +155,15 @@ 
Method Details

         "A String",
       ],
       "network": "A String", # The name of the Google Compute Engine [VPC network](https://cloud.google.com/vpc/docs/vpc) to which the instance is connected.
-      "reservedIpRange": "A String", # A /29 CIDR block in one of the [internal IP address ranges](https://www.arin.net/reference/research/statistics/address_filters/) that identifies the range of IP addresses reserved for this instance. For example, 10.0.0.0/29 or 192.168.0.0/29. The range you specify can't overlap with either existing subnets or assigned IP address ranges for other Cloud Filestore instances in the selected VPC network.
+      "reservedIpRange": "A String", # Optional, reserved_ip_range can have one of the following two types of values. * CIDR range value when using DIRECT_PEERING connect mode. * [Allocated IP address range](https://cloud.google.com/compute/docs/ip-addresses/reserve-static-internal-ip-address) when using PRIVATE_SERVICE_ACCESS connect mode. When the name of an allocated IP address range is specified, it must be one of the ranges associated with the private service access connection. When specified as a direct CIDR value, it must be a /29 CIDR block for Basic tier or a /24 CIDR block for High Scale or Enterprise tier in one of the [internal IP address ranges](https://www.arin.net/reference/research/statistics/address_filters/) that identifies the range of IP addresses reserved for this instance. For example, 10.0.0.0/29 or 192.168.0.0/24. The range you specify can't overlap with either existing subnets or assigned IP address ranges for other Cloud Filestore instances in the selected VPC network.
     },
   ],
   "satisfiesPzs": True or False, # Output only. Reserved for future use.
   "state": "A String", # Output only. The instance state.
   "statusMessage": "A String", # Output only. Additional information about the instance state, if available.
+  "suspensionReasons": [ # Output only. field indicates all the reasons the instance is in "SUSPENDED" state.
+    "A String",
+  ],
   "tier": "A String", # The service tier of the instance.
 }
 
@@ -188,11 +198,12 @@ 
Method Details

 

 
 

-    delete(name, x__xgafv=None)
+    delete(name, force=None, x__xgafv=None)
   
Deletes an instance.
 
 Args:
   name: string, Required. The instance resource name, in the format `projects/{project_id}/locations/{location}/instances/{instance_id}` (required)
+  force: boolean, If set to true, all snapshots of the instance will also be deleted. (Otherwise, the request will only work if the instance has no snapshots.)
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
@@ -258,12 +269,14 @@ 
Method Details

       "sourceBackup": "A String", # The resource name of the backup, in the format `projects/{project_number}/locations/{location_id}/backups/{backup_id}`, that this file share has been restored from.
     },
   ],
+  "kmsKeyName": "A String", # KMS key name used for data encryption.
   "labels": { # Resource labels to represent user provided metadata.
     "a_key": "A String",
   },
   "name": "A String", # Output only. The resource name of the instance, in the format `projects/{project}/locations/{location}/instances/{instance}`.
   "networks": [ # VPC networks to which the instance is connected. For this version, only a single network is supported.
     { # Network configuration for the instance.
+      "connectMode": "A String", # The network connect mode of the Filestore instance. If not provided, the connect mode defaults to DIRECT_PEERING.
       "ipAddresses": [ # Output only. IPv4 addresses in the format `{octet1}.{octet2}.{octet3}.{octet4}` or IPv6 addresses in the format `{block1}:{block2}:{block3}:{block4}:{block5}:{block6}:{block7}:{block8}`.
         "A String",
       ],
@@ -271,12 +284,15 @@ 
Method Details

         "A String",
       ],
       "network": "A String", # The name of the Google Compute Engine [VPC network](https://cloud.google.com/vpc/docs/vpc) to which the instance is connected.
-      "reservedIpRange": "A String", # A /29 CIDR block in one of the [internal IP address ranges](https://www.arin.net/reference/research/statistics/address_filters/) that identifies the range of IP addresses reserved for this instance. For example, 10.0.0.0/29 or 192.168.0.0/29. The range you specify can't overlap with either existing subnets or assigned IP address ranges for other Cloud Filestore instances in the selected VPC network.
+      "reservedIpRange": "A String", # Optional, reserved_ip_range can have one of the following two types of values. * CIDR range value when using DIRECT_PEERING connect mode. * [Allocated IP address range](https://cloud.google.com/compute/docs/ip-addresses/reserve-static-internal-ip-address) when using PRIVATE_SERVICE_ACCESS connect mode. When the name of an allocated IP address range is specified, it must be one of the ranges associated with the private service access connection. When specified as a direct CIDR value, it must be a /29 CIDR block for Basic tier or a /24 CIDR block for High Scale or Enterprise tier in one of the [internal IP address ranges](https://www.arin.net/reference/research/statistics/address_filters/) that identifies the range of IP addresses reserved for this instance. For example, 10.0.0.0/29 or 192.168.0.0/24. The range you specify can't overlap with either existing subnets or assigned IP address ranges for other Cloud Filestore instances in the selected VPC network.
     },
   ],
   "satisfiesPzs": True or False, # Output only. Reserved for future use.
   "state": "A String", # Output only. The instance state.
   "statusMessage": "A String", # Output only. Additional information about the instance state, if available.
+  "suspensionReasons": [ # Output only. field indicates all the reasons the instance is in "SUSPENDED" state.
+    "A String",
+  ],
   "tier": "A String", # The service tier of the instance.
 }

 

@@ -323,12 +339,14 @@ 
Method Details

           "sourceBackup": "A String", # The resource name of the backup, in the format `projects/{project_number}/locations/{location_id}/backups/{backup_id}`, that this file share has been restored from.
         },
       ],
+      "kmsKeyName": "A String", # KMS key name used for data encryption.
       "labels": { # Resource labels to represent user provided metadata.
         "a_key": "A String",
       },
       "name": "A String", # Output only. The resource name of the instance, in the format `projects/{project}/locations/{location}/instances/{instance}`.
       "networks": [ # VPC networks to which the instance is connected. For this version, only a single network is supported.
         { # Network configuration for the instance.
+          "connectMode": "A String", # The network connect mode of the Filestore instance. If not provided, the connect mode defaults to DIRECT_PEERING.
           "ipAddresses": [ # Output only. IPv4 addresses in the format `{octet1}.{octet2}.{octet3}.{octet4}` or IPv6 addresses in the format `{block1}:{block2}:{block3}:{block4}:{block5}:{block6}:{block7}:{block8}`.
             "A String",
           ],
@@ -336,12 +354,15 @@ 
Method Details

             "A String",
           ],
           "network": "A String", # The name of the Google Compute Engine [VPC network](https://cloud.google.com/vpc/docs/vpc) to which the instance is connected.
-          "reservedIpRange": "A String", # A /29 CIDR block in one of the [internal IP address ranges](https://www.arin.net/reference/research/statistics/address_filters/) that identifies the range of IP addresses reserved for this instance. For example, 10.0.0.0/29 or 192.168.0.0/29. The range you specify can't overlap with either existing subnets or assigned IP address ranges for other Cloud Filestore instances in the selected VPC network.
+          "reservedIpRange": "A String", # Optional, reserved_ip_range can have one of the following two types of values. * CIDR range value when using DIRECT_PEERING connect mode. * [Allocated IP address range](https://cloud.google.com/compute/docs/ip-addresses/reserve-static-internal-ip-address) when using PRIVATE_SERVICE_ACCESS connect mode. When the name of an allocated IP address range is specified, it must be one of the ranges associated with the private service access connection. When specified as a direct CIDR value, it must be a /29 CIDR block for Basic tier or a /24 CIDR block for High Scale or Enterprise tier in one of the [internal IP address ranges](https://www.arin.net/reference/research/statistics/address_filters/) that identifies the range of IP addresses reserved for this instance. For example, 10.0.0.0/29 or 192.168.0.0/24. The range you specify can't overlap with either existing subnets or assigned IP address ranges for other Cloud Filestore instances in the selected VPC network.
         },
       ],
       "satisfiesPzs": True or False, # Output only. Reserved for future use.
       "state": "A String", # Output only. The instance state.
       "statusMessage": "A String", # Output only. Additional information about the instance state, if available.
+      "suspensionReasons": [ # Output only. field indicates all the reasons the instance is in "SUSPENDED" state.
+        "A String",
+      ],
       "tier": "A String", # The service tier of the instance.
     },
   ],
@@ -397,12 +418,14 @@ 
Method Details

       "sourceBackup": "A String", # The resource name of the backup, in the format `projects/{project_number}/locations/{location_id}/backups/{backup_id}`, that this file share has been restored from.
     },
   ],
+  "kmsKeyName": "A String", # KMS key name used for data encryption.
   "labels": { # Resource labels to represent user provided metadata.
     "a_key": "A String",
   },
   "name": "A String", # Output only. The resource name of the instance, in the format `projects/{project}/locations/{location}/instances/{instance}`.
   "networks": [ # VPC networks to which the instance is connected. For this version, only a single network is supported.
     { # Network configuration for the instance.
+      "connectMode": "A String", # The network connect mode of the Filestore instance. If not provided, the connect mode defaults to DIRECT_PEERING.
       "ipAddresses": [ # Output only. IPv4 addresses in the format `{octet1}.{octet2}.{octet3}.{octet4}` or IPv6 addresses in the format `{block1}:{block2}:{block3}:{block4}:{block5}:{block6}:{block7}:{block8}`.
         "A String",
       ],
@@ -410,12 +433,15 @@ 
Method Details

         "A String",
       ],
       "network": "A String", # The name of the Google Compute Engine [VPC network](https://cloud.google.com/vpc/docs/vpc) to which the instance is connected.
-      "reservedIpRange": "A String", # A /29 CIDR block in one of the [internal IP address ranges](https://www.arin.net/reference/research/statistics/address_filters/) that identifies the range of IP addresses reserved for this instance. For example, 10.0.0.0/29 or 192.168.0.0/29. The range you specify can't overlap with either existing subnets or assigned IP address ranges for other Cloud Filestore instances in the selected VPC network.
+      "reservedIpRange": "A String", # Optional, reserved_ip_range can have one of the following two types of values. * CIDR range value when using DIRECT_PEERING connect mode. * [Allocated IP address range](https://cloud.google.com/compute/docs/ip-addresses/reserve-static-internal-ip-address) when using PRIVATE_SERVICE_ACCESS connect mode. When the name of an allocated IP address range is specified, it must be one of the ranges associated with the private service access connection. When specified as a direct CIDR value, it must be a /29 CIDR block for Basic tier or a /24 CIDR block for High Scale or Enterprise tier in one of the [internal IP address ranges](https://www.arin.net/reference/research/statistics/address_filters/) that identifies the range of IP addresses reserved for this instance. For example, 10.0.0.0/29 or 192.168.0.0/24. The range you specify can't overlap with either existing subnets or assigned IP address ranges for other Cloud Filestore instances in the selected VPC network.
     },
   ],
   "satisfiesPzs": True or False, # Output only. Reserved for future use.
   "state": "A String", # Output only. The instance state.
   "statusMessage": "A String", # Output only. Additional information about the instance state, if available.
+  "suspensionReasons": [ # Output only. field indicates all the reasons the instance is in "SUSPENDED" state.
+    "A String",
+  ],
   "tier": "A String", # The service tier of the instance.
 }
 
diff --git a/docs/dyn/file_v1.projects.locations.instances.snapshots.html b/docs/dyn/file_v1.projects.locations.instances.snapshots.html
new file mode 100644
index 00000000000..bcca5a4f75a
--- /dev/null
+++ b/docs/dyn/file_v1.projects.locations.instances.snapshots.html
@@ -0,0 +1,314 @@
+
+
+
+
Cloud Filestore API . projects . locations . instances . snapshots

+
Instance Methods

+

+  close()

+
Close httplib2 connections.

+

+  create(parent, body=None, snapshotId=None, x__xgafv=None)

+
Creates a snapshot.

+

+  delete(name, x__xgafv=None)

+
Deletes a snapshot.

+

+  get(name, x__xgafv=None)

+
Gets the details of a specific snapshot.

+

+  list(parent, filter=None, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None)

+
Lists all snapshots in a project for either a specified location or for all locations.

+

+  list_next(previous_request, previous_response)

+
Retrieves the next page of results.

+

+  patch(name, body=None, updateMask=None, x__xgafv=None)

+
Updates the settings of a specific snapshot.

+
Method Details

+

+    close()
+  
Close httplib2 connections.

+

+
+

+    create(parent, body=None, snapshotId=None, x__xgafv=None)
+  
Creates a snapshot.
+
+Args:
+  parent: string, Required. The Filestore Instance to create the snapshots of, in the format `projects/{project_id}/locations/{location}/instances/{instance_id}` (required)
+  body: object, The request body.
+    The object takes the form of:
+
+{ # A Filestore snapshot.
+  "createTime": "A String", # Output only. The time when the snapshot was created.
+  "description": "A String", # A description of the snapshot with 2048 characters or less. Requests with longer descriptions will be rejected.
+  "filesystemUsedBytes": "A String", # Output only. The amount of bytes needed to allocate a full copy of the snapshot content
+  "labels": { # Resource labels to represent user provided metadata.
+    "a_key": "A String",
+  },
+  "name": "A String", # Output only. The resource name of the snapshot, in the format `projects/{project_id}/locations/{location_id}/instances/{instance_id}/snapshots/{snapshot_id}`.
+  "state": "A String", # Output only. The snapshot state.
+}
+
+  snapshotId: string, Required. The ID to use for the snapshot. The ID must be unique within the specified instance. This value must start with a lowercase letter followed by up to 62 lowercase letters, numbers, or hyphens, and cannot end with a hyphen.
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # This resource represents a long-running operation that is the result of a network API call.
+  "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+  "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+    "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+    "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+      {
+        "a_key": "", # Properties of the object. Contains field @type with type URL.
+      },
+    ],
+    "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+  },
+  "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+    "a_key": "", # Properties of the object. Contains field @type with type URL.
+  },
+  "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+  "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+    "a_key": "", # Properties of the object. Contains field @type with type URL.
+  },
+}

+

+
+

+    delete(name, x__xgafv=None)
+  
Deletes a snapshot.
+
+Args:
+  name: string, Required. The snapshot resource name, in the format `projects/{project_id}/locations/{location}/instances/{instance_id}/snapshots/{snapshot_id}` (required)
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # This resource represents a long-running operation that is the result of a network API call.
+  "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+  "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+    "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+    "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+      {
+        "a_key": "", # Properties of the object. Contains field @type with type URL.
+      },
+    ],
+    "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+  },
+  "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+    "a_key": "", # Properties of the object. Contains field @type with type URL.
+  },
+  "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+  "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+    "a_key": "", # Properties of the object. Contains field @type with type URL.
+  },
+}

+

+
+

+    get(name, x__xgafv=None)
+  
Gets the details of a specific snapshot.
+
+Args:
+  name: string, Required. The snapshot resource name, in the format `projects/{project_id}/locations/{location}/instances/{instance_id}/snapshots/{snapshot_id}` (required)
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # A Filestore snapshot.
+  "createTime": "A String", # Output only. The time when the snapshot was created.
+  "description": "A String", # A description of the snapshot with 2048 characters or less. Requests with longer descriptions will be rejected.
+  "filesystemUsedBytes": "A String", # Output only. The amount of bytes needed to allocate a full copy of the snapshot content
+  "labels": { # Resource labels to represent user provided metadata.
+    "a_key": "A String",
+  },
+  "name": "A String", # Output only. The resource name of the snapshot, in the format `projects/{project_id}/locations/{location_id}/instances/{instance_id}/snapshots/{snapshot_id}`.
+  "state": "A String", # Output only. The snapshot state.
+}

+

+
+

+    list(parent, filter=None, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None)
+  
Lists all snapshots in a project for either a specified location or for all locations.
+
+Args:
+  parent: string, Required. The instance for which to retrieve snapshot information, in the format `projects/{project_id}/locations/{location}/instances/{instance_id}`. (required)
+  filter: string, List filter.
+  orderBy: string, Sort results. Supported values are "name", "name desc" or "" (unsorted).
+  pageSize: integer, The maximum number of items to return.
+  pageToken: string, The next_page_token value to use if there are additional results to retrieve for this list request.
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # ListSnapshotsResponse is the result of ListSnapshotsRequest.
+  "nextPageToken": "A String", # The token you can use to retrieve the next page of results. Not returned if there are no more results in the list.
+  "snapshots": [ # A list of snapshots in the project for the specified instance.
+    { # A Filestore snapshot.
+      "createTime": "A String", # Output only. The time when the snapshot was created.
+      "description": "A String", # A description of the snapshot with 2048 characters or less. Requests with longer descriptions will be rejected.
+      "filesystemUsedBytes": "A String", # Output only. The amount of bytes needed to allocate a full copy of the snapshot content
+      "labels": { # Resource labels to represent user provided metadata.
+        "a_key": "A String",
+      },
+      "name": "A String", # Output only. The resource name of the snapshot, in the format `projects/{project_id}/locations/{location_id}/instances/{instance_id}/snapshots/{snapshot_id}`.
+      "state": "A String", # Output only. The snapshot state.
+    },
+  ],
+}

+

+
+

+    list_next(previous_request, previous_response)
+  
Retrieves the next page of results.
+
+Args:
+  previous_request: The request for the previous page. (required)
+  previous_response: The response from the request for the previous page. (required)
+
+Returns:
+  A request object that you can call 'execute()' on to request the next
+  page. Returns None if there are no more items in the collection.
+    

+

+
+

+    patch(name, body=None, updateMask=None, x__xgafv=None)
+  
Updates the settings of a specific snapshot.
+
+Args:
+  name: string, Output only. The resource name of the snapshot, in the format `projects/{project_id}/locations/{location_id}/instances/{instance_id}/snapshots/{snapshot_id}`. (required)
+  body: object, The request body.
+    The object takes the form of:
+
+{ # A Filestore snapshot.
+  "createTime": "A String", # Output only. The time when the snapshot was created.
+  "description": "A String", # A description of the snapshot with 2048 characters or less. Requests with longer descriptions will be rejected.
+  "filesystemUsedBytes": "A String", # Output only. The amount of bytes needed to allocate a full copy of the snapshot content
+  "labels": { # Resource labels to represent user provided metadata.
+    "a_key": "A String",
+  },
+  "name": "A String", # Output only. The resource name of the snapshot, in the format `projects/{project_id}/locations/{location_id}/instances/{instance_id}/snapshots/{snapshot_id}`.
+  "state": "A String", # Output only. The snapshot state.
+}
+
+  updateMask: string, Required. Mask of fields to update. At least one path must be supplied in this field.
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # This resource represents a long-running operation that is the result of a network API call.
+  "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+  "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+    "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+    "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+      {
+        "a_key": "", # Properties of the object. Contains field @type with type URL.
+      },
+    ],
+    "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+  },
+  "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+    "a_key": "", # Properties of the object. Contains field @type with type URL.
+  },
+  "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+  "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+    "a_key": "", # Properties of the object. Contains field @type with type URL.
+  },
+}

+

+
+
\ No newline at end of file
diff --git a/docs/dyn/firebasedynamiclinks_v1.managedShortLinks.html b/docs/dyn/firebasedynamiclinks_v1.managedShortLinks.html
index 3907b813bb2..776ec1de0f7 100644
--- a/docs/dyn/firebasedynamiclinks_v1.managedShortLinks.html
+++ b/docs/dyn/firebasedynamiclinks_v1.managedShortLinks.html
@@ -98,7 +98,7 @@ 
Method Details

   "dynamicLinkInfo": { # Information about a Dynamic Link. # Information about the Dynamic Link to be shortened. [Learn more](https://firebase.google.com/docs/reference/dynamic-links/link-shortener).
     "analyticsInfo": { # Tracking parameters supported by Dynamic Link. # Parameters used for tracking. See all tracking parameters in the [documentation](https://firebase.google.com/docs/dynamic-links/create-manually).
       "googlePlayAnalytics": { # Parameters for Google Play Campaign Measurements. [Learn more](https://developers.google.com/analytics/devguides/collection/android/v4/campaigns#campaign-params) # Google Play Campaign Measurements.
-        "gclid": "A String", # [AdWords autotagging parameter](https://support.google.com/analytics/answer/1033981?hl=en); used to measure Google AdWords ads. This value is generated dynamically and should never be modified.
+        "gclid": "A String", # Deprecated; FDL SDK does not process nor log it.
         "utmCampaign": "A String", # Campaign name; used for keyword analysis to identify a specific product promotion or strategic campaign.
         "utmContent": "A String", # Campaign content; used for A/B testing and content-targeted ads to differentiate ads or links that point to the same URL.
         "utmMedium": "A String", # Campaign medium; used to identify a medium such as email or cost-per-click.
@@ -168,7 +168,7 @@ 
Method Details

     "info": { # Information about a Dynamic Link. # Full Dyamic Link info
       "analyticsInfo": { # Tracking parameters supported by Dynamic Link. # Parameters used for tracking. See all tracking parameters in the [documentation](https://firebase.google.com/docs/dynamic-links/create-manually).
         "googlePlayAnalytics": { # Parameters for Google Play Campaign Measurements. [Learn more](https://developers.google.com/analytics/devguides/collection/android/v4/campaigns#campaign-params) # Google Play Campaign Measurements.
-          "gclid": "A String", # [AdWords autotagging parameter](https://support.google.com/analytics/answer/1033981?hl=en); used to measure Google AdWords ads. This value is generated dynamically and should never be modified.
+          "gclid": "A String", # Deprecated; FDL SDK does not process nor log it.
           "utmCampaign": "A String", # Campaign name; used for keyword analysis to identify a specific product promotion or strategic campaign.
           "utmContent": "A String", # Campaign content; used for A/B testing and content-targeted ads to differentiate ads or links that point to the same URL.
           "utmMedium": "A String", # Campaign medium; used to identify a medium such as email or cost-per-click.
diff --git a/docs/dyn/firebasedynamiclinks_v1.shortLinks.html b/docs/dyn/firebasedynamiclinks_v1.shortLinks.html
index 38e7d1ac875..ee9422b7696 100644
--- a/docs/dyn/firebasedynamiclinks_v1.shortLinks.html
+++ b/docs/dyn/firebasedynamiclinks_v1.shortLinks.html
@@ -98,7 +98,7 @@ 
Method Details

   "dynamicLinkInfo": { # Information about a Dynamic Link. # Information about the Dynamic Link to be shortened. [Learn more](https://firebase.google.com/docs/reference/dynamic-links/link-shortener).
     "analyticsInfo": { # Tracking parameters supported by Dynamic Link. # Parameters used for tracking. See all tracking parameters in the [documentation](https://firebase.google.com/docs/dynamic-links/create-manually).
       "googlePlayAnalytics": { # Parameters for Google Play Campaign Measurements. [Learn more](https://developers.google.com/analytics/devguides/collection/android/v4/campaigns#campaign-params) # Google Play Campaign Measurements.
-        "gclid": "A String", # [AdWords autotagging parameter](https://support.google.com/analytics/answer/1033981?hl=en); used to measure Google AdWords ads. This value is generated dynamically and should never be modified.
+        "gclid": "A String", # Deprecated; FDL SDK does not process nor log it.
         "utmCampaign": "A String", # Campaign name; used for keyword analysis to identify a specific product promotion or strategic campaign.
         "utmContent": "A String", # Campaign content; used for A/B testing and content-targeted ads to differentiate ads or links that point to the same URL.
         "utmMedium": "A String", # Campaign medium; used to identify a medium such as email or cost-per-click.
diff --git a/docs/dyn/firestore_v1beta1.projects.databases.documents.html b/docs/dyn/firestore_v1beta1.projects.databases.documents.html
index 238163834c4..2a1c182059d 100644
--- a/docs/dyn/firestore_v1beta1.projects.databases.documents.html
+++ b/docs/dyn/firestore_v1beta1.projects.databases.documents.html
@@ -175,11 +175,7 @@ 
Method Details

     "createTime": "A String", # Output only. The time at which the document was created. This value increases monotonically when a document is deleted then recreated. It can also be compared to values from other documents and the `read_time` of a query.
     "fields": { # The document's fields. The map keys represent field names. A simple field name contains only characters `a` to `z`, `A` to `Z`, `0` to `9`, or `_`, and must not start with `0` to `9`. For example, `foo_bar_17`. Field names matching the regular expression `__.*__` are reserved. Reserved field names are forbidden except in certain documented contexts. The map keys, represented as UTF-8, must not exceed 1,500 bytes and cannot be empty. Field paths may be used in other contexts to refer to structured fields defined here. For `map_value`, the field path is represented by the simple or quoted field names of the containing fields, delimited by `.`. For example, the structured field `"foo" : { map_value: { "x&y" : { string_value: "hello" }}}` would be represented by the field path `foo.x&y`. Within a field path, a quoted field name starts and ends with `` ` `` and may contain any character. Some characters, including `` ` ``, must be escaped using a `\`. For example, `` `x&y` `` represents `x&y` and `` `bak\`tik` `` represents `` bak`tik ``.
       "a_key": { # A message that can hold any of the supported value types.
-        "arrayValue": { # An array value. # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
-          "values": [ # Values in the array.
-            # Object with schema name: Value
-          ],
-        },
+        "arrayValue": # Object with schema name: ArrayValue # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
         "booleanValue": True or False, # A boolean value.
         "bytesValue": "A String", # A bytes value. Must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes are considered by queries.
         "doubleValue": 3.14, # A double value.
@@ -234,16 +230,31 @@ 
Method Details

           { # A transformation of a field of the document.
             "appendMissingElements": { # An array value. # Append the given elements in order if they are not already present in the current field value. If the field is not an array, or if the field does not yet exist, it is first set to the empty array. Equivalent numbers of different types (e.g. 3L and 3.0) are considered equal when checking if a value is missing. NaN is equal to NaN, and Null is equal to Null. If the input contains multiple equivalent values, only the first will be considered. The corresponding transform_result will be the null value.
               "values": [ # Values in the array.
-                # Object with schema name: Value
+                { # A message that can hold any of the supported value types.
+                  "arrayValue": # Object with schema name: ArrayValue # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
+                  "booleanValue": True or False, # A boolean value.
+                  "bytesValue": "A String", # A bytes value. Must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes are considered by queries.
+                  "doubleValue": 3.14, # A double value.
+                  "geoPointValue": { # An object that represents a latitude/longitude pair. This is expressed as a pair of doubles to represent degrees latitude and degrees longitude. Unless specified otherwise, this object must conform to the WGS84 standard. Values must be within normalized ranges. # A geo point value representing a point on the surface of Earth.
+                    "latitude": 3.14, # The latitude in degrees. It must be in the range [-90.0, +90.0].
+                    "longitude": 3.14, # The longitude in degrees. It must be in the range [-180.0, +180.0].
+                  },
+                  "integerValue": "A String", # An integer value.
+                  "mapValue": { # A map value. # A map value.
+                    "fields": { # The map's fields. The map keys represent field names. Field names matching the regular expression `__.*__` are reserved. Reserved field names are forbidden except in certain documented contexts. The map keys, represented as UTF-8, must not exceed 1,500 bytes and cannot be empty.
+                      "a_key": # Object with schema name: Value
+                    },
+                  },
+                  "nullValue": "A String", # A null value.
+                  "referenceValue": "A String", # A reference to a document. For example: `projects/{project_id}/databases/{database_id}/documents/{document_path}`.
+                  "stringValue": "A String", # A string value. The string, represented as UTF-8, must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes of the UTF-8 representation are considered by queries.
+                  "timestampValue": "A String", # A timestamp value. Precise only to microseconds. When stored, any additional precision is rounded down.
+                },
               ],
             },
             "fieldPath": "A String", # The path of the field. See Document.fields for the field path syntax reference.
             "increment": { # A message that can hold any of the supported value types. # Adds the given value to the field's current value. This must be an integer or a double value. If the field is not an integer or double, or if the field does not yet exist, the transformation will set the field to the given value. If either of the given value or the current field value are doubles, both values will be interpreted as doubles. Double arithmetic and representation of double values follow IEEE 754 semantics. If there is positive/negative integer overflow, the field is resolved to the largest magnitude positive/negative integer.
-              "arrayValue": { # An array value. # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
-                "values": [ # Values in the array.
-                  # Object with schema name: Value
-                ],
-              },
+              "arrayValue": # Object with schema name: ArrayValue # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
               "booleanValue": True or False, # A boolean value.
               "bytesValue": "A String", # A bytes value. Must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes are considered by queries.
               "doubleValue": 3.14, # A double value.
@@ -263,11 +274,7 @@ 
Method Details

               "timestampValue": "A String", # A timestamp value. Precise only to microseconds. When stored, any additional precision is rounded down.
             },
             "maximum": { # A message that can hold any of the supported value types. # Sets the field to the maximum of its current value and the given value. This must be an integer or a double value. If the field is not an integer or double, or if the field does not yet exist, the transformation will set the field to the given value. If a maximum operation is applied where the field and the input value are of mixed types (that is - one is an integer and one is a double) the field takes on the type of the larger operand. If the operands are equivalent (e.g. 3 and 3.0), the field does not change. 0, 0.0, and -0.0 are all zero. The maximum of a zero stored value and zero input value is always the stored value. The maximum of any numeric value x and NaN is NaN.
-              "arrayValue": { # An array value. # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
-                "values": [ # Values in the array.
-                  # Object with schema name: Value
-                ],
-              },
+              "arrayValue": # Object with schema name: ArrayValue # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
               "booleanValue": True or False, # A boolean value.
               "bytesValue": "A String", # A bytes value. Must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes are considered by queries.
               "doubleValue": 3.14, # A double value.
@@ -287,11 +294,7 @@ 
Method Details

               "timestampValue": "A String", # A timestamp value. Precise only to microseconds. When stored, any additional precision is rounded down.
             },
             "minimum": { # A message that can hold any of the supported value types. # Sets the field to the minimum of its current value and the given value. This must be an integer or a double value. If the field is not an integer or double, or if the field does not yet exist, the transformation will set the field to the input value. If a minimum operation is applied where the field and the input value are of mixed types (that is - one is an integer and one is a double) the field takes on the type of the smaller operand. If the operands are equivalent (e.g. 3 and 3.0), the field does not change. 0, 0.0, and -0.0 are all zero. The minimum of a zero stored value and zero input value is always the stored value. The minimum of any numeric value x and NaN is NaN.
-              "arrayValue": { # An array value. # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
-                "values": [ # Values in the array.
-                  # Object with schema name: Value
-                ],
-              },
+              "arrayValue": # Object with schema name: ArrayValue # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
               "booleanValue": True or False, # A boolean value.
               "bytesValue": "A String", # A bytes value. Must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes are considered by queries.
               "doubleValue": 3.14, # A double value.
@@ -312,7 +315,26 @@ 
Method Details

             },
             "removeAllFromArray": { # An array value. # Remove all of the given elements from the array in the field. If the field is not an array, or if the field does not yet exist, it is set to the empty array. Equivalent numbers of the different types (e.g. 3L and 3.0) are considered equal when deciding whether an element should be removed. NaN is equal to NaN, and Null is equal to Null. This will remove all equivalent values if there are duplicates. The corresponding transform_result will be the null value.
               "values": [ # Values in the array.
-                # Object with schema name: Value
+                { # A message that can hold any of the supported value types.
+                  "arrayValue": # Object with schema name: ArrayValue # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
+                  "booleanValue": True or False, # A boolean value.
+                  "bytesValue": "A String", # A bytes value. Must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes are considered by queries.
+                  "doubleValue": 3.14, # A double value.
+                  "geoPointValue": { # An object that represents a latitude/longitude pair. This is expressed as a pair of doubles to represent degrees latitude and degrees longitude. Unless specified otherwise, this object must conform to the WGS84 standard. Values must be within normalized ranges. # A geo point value representing a point on the surface of Earth.
+                    "latitude": 3.14, # The latitude in degrees. It must be in the range [-90.0, +90.0].
+                    "longitude": 3.14, # The longitude in degrees. It must be in the range [-180.0, +180.0].
+                  },
+                  "integerValue": "A String", # An integer value.
+                  "mapValue": { # A map value. # A map value.
+                    "fields": { # The map's fields. The map keys represent field names. Field names matching the regular expression `__.*__` are reserved. Reserved field names are forbidden except in certain documented contexts. The map keys, represented as UTF-8, must not exceed 1,500 bytes and cannot be empty.
+                      "a_key": # Object with schema name: Value
+                    },
+                  },
+                  "nullValue": "A String", # A null value.
+                  "referenceValue": "A String", # A reference to a document. For example: `projects/{project_id}/databases/{database_id}/documents/{document_path}`.
+                  "stringValue": "A String", # A string value. The string, represented as UTF-8, must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes of the UTF-8 representation are considered by queries.
+                  "timestampValue": "A String", # A timestamp value. Precise only to microseconds. When stored, any additional precision is rounded down.
+                },
               ],
             },
             "setToServerValue": "A String", # Sets the field to the given server value.
@@ -323,11 +345,7 @@ 
Method Details

         "createTime": "A String", # Output only. The time at which the document was created. This value increases monotonically when a document is deleted then recreated. It can also be compared to values from other documents and the `read_time` of a query.
         "fields": { # The document's fields. The map keys represent field names. A simple field name contains only characters `a` to `z`, `A` to `Z`, `0` to `9`, or `_`, and must not start with `0` to `9`. For example, `foo_bar_17`. Field names matching the regular expression `__.*__` are reserved. Reserved field names are forbidden except in certain documented contexts. The map keys, represented as UTF-8, must not exceed 1,500 bytes and cannot be empty. Field paths may be used in other contexts to refer to structured fields defined here. For `map_value`, the field path is represented by the simple or quoted field names of the containing fields, delimited by `.`. For example, the structured field `"foo" : { map_value: { "x&y" : { string_value: "hello" }}}` would be represented by the field path `foo.x&y`. Within a field path, a quoted field name starts and ends with `` ` `` and may contain any character. Some characters, including `` ` ``, must be escaped using a `\`. For example, `` `x&y` `` represents `x&y` and `` `bak\`tik` `` represents `` bak`tik ``.
           "a_key": { # A message that can hold any of the supported value types.
-            "arrayValue": { # An array value. # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
-              "values": [ # Values in the array.
-                # Object with schema name: Value
-              ],
-            },
+            "arrayValue": # Object with schema name: ArrayValue # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
             "booleanValue": True or False, # A boolean value.
             "bytesValue": "A String", # A bytes value. Must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes are considered by queries.
             "doubleValue": 3.14, # A double value.
@@ -359,16 +377,31 @@ 
Method Details

         { # A transformation of a field of the document.
           "appendMissingElements": { # An array value. # Append the given elements in order if they are not already present in the current field value. If the field is not an array, or if the field does not yet exist, it is first set to the empty array. Equivalent numbers of different types (e.g. 3L and 3.0) are considered equal when checking if a value is missing. NaN is equal to NaN, and Null is equal to Null. If the input contains multiple equivalent values, only the first will be considered. The corresponding transform_result will be the null value.
             "values": [ # Values in the array.
-              # Object with schema name: Value
+              { # A message that can hold any of the supported value types.
+                "arrayValue": # Object with schema name: ArrayValue # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
+                "booleanValue": True or False, # A boolean value.
+                "bytesValue": "A String", # A bytes value. Must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes are considered by queries.
+                "doubleValue": 3.14, # A double value.
+                "geoPointValue": { # An object that represents a latitude/longitude pair. This is expressed as a pair of doubles to represent degrees latitude and degrees longitude. Unless specified otherwise, this object must conform to the WGS84 standard. Values must be within normalized ranges. # A geo point value representing a point on the surface of Earth.
+                  "latitude": 3.14, # The latitude in degrees. It must be in the range [-90.0, +90.0].
+                  "longitude": 3.14, # The longitude in degrees. It must be in the range [-180.0, +180.0].
+                },
+                "integerValue": "A String", # An integer value.
+                "mapValue": { # A map value. # A map value.
+                  "fields": { # The map's fields. The map keys represent field names. Field names matching the regular expression `__.*__` are reserved. Reserved field names are forbidden except in certain documented contexts. The map keys, represented as UTF-8, must not exceed 1,500 bytes and cannot be empty.
+                    "a_key": # Object with schema name: Value
+                  },
+                },
+                "nullValue": "A String", # A null value.
+                "referenceValue": "A String", # A reference to a document. For example: `projects/{project_id}/databases/{database_id}/documents/{document_path}`.
+                "stringValue": "A String", # A string value. The string, represented as UTF-8, must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes of the UTF-8 representation are considered by queries.
+                "timestampValue": "A String", # A timestamp value. Precise only to microseconds. When stored, any additional precision is rounded down.
+              },
             ],
           },
           "fieldPath": "A String", # The path of the field. See Document.fields for the field path syntax reference.
           "increment": { # A message that can hold any of the supported value types. # Adds the given value to the field's current value. This must be an integer or a double value. If the field is not an integer or double, or if the field does not yet exist, the transformation will set the field to the given value. If either of the given value or the current field value are doubles, both values will be interpreted as doubles. Double arithmetic and representation of double values follow IEEE 754 semantics. If there is positive/negative integer overflow, the field is resolved to the largest magnitude positive/negative integer.
-            "arrayValue": { # An array value. # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
-              "values": [ # Values in the array.
-                # Object with schema name: Value
-              ],
-            },
+            "arrayValue": # Object with schema name: ArrayValue # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
             "booleanValue": True or False, # A boolean value.
             "bytesValue": "A String", # A bytes value. Must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes are considered by queries.
             "doubleValue": 3.14, # A double value.
@@ -388,11 +421,7 @@ 
Method Details

             "timestampValue": "A String", # A timestamp value. Precise only to microseconds. When stored, any additional precision is rounded down.
           },
           "maximum": { # A message that can hold any of the supported value types. # Sets the field to the maximum of its current value and the given value. This must be an integer or a double value. If the field is not an integer or double, or if the field does not yet exist, the transformation will set the field to the given value. If a maximum operation is applied where the field and the input value are of mixed types (that is - one is an integer and one is a double) the field takes on the type of the larger operand. If the operands are equivalent (e.g. 3 and 3.0), the field does not change. 0, 0.0, and -0.0 are all zero. The maximum of a zero stored value and zero input value is always the stored value. The maximum of any numeric value x and NaN is NaN.
-            "arrayValue": { # An array value. # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
-              "values": [ # Values in the array.
-                # Object with schema name: Value
-              ],
-            },
+            "arrayValue": # Object with schema name: ArrayValue # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
             "booleanValue": True or False, # A boolean value.
             "bytesValue": "A String", # A bytes value. Must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes are considered by queries.
             "doubleValue": 3.14, # A double value.
@@ -412,11 +441,7 @@ 
Method Details

             "timestampValue": "A String", # A timestamp value. Precise only to microseconds. When stored, any additional precision is rounded down.
           },
           "minimum": { # A message that can hold any of the supported value types. # Sets the field to the minimum of its current value and the given value. This must be an integer or a double value. If the field is not an integer or double, or if the field does not yet exist, the transformation will set the field to the input value. If a minimum operation is applied where the field and the input value are of mixed types (that is - one is an integer and one is a double) the field takes on the type of the smaller operand. If the operands are equivalent (e.g. 3 and 3.0), the field does not change. 0, 0.0, and -0.0 are all zero. The minimum of a zero stored value and zero input value is always the stored value. The minimum of any numeric value x and NaN is NaN.
-            "arrayValue": { # An array value. # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
-              "values": [ # Values in the array.
-                # Object with schema name: Value
-              ],
-            },
+            "arrayValue": # Object with schema name: ArrayValue # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
             "booleanValue": True or False, # A boolean value.
             "bytesValue": "A String", # A bytes value. Must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes are considered by queries.
             "doubleValue": 3.14, # A double value.
@@ -437,7 +462,26 @@ 
Method Details

           },
           "removeAllFromArray": { # An array value. # Remove all of the given elements from the array in the field. If the field is not an array, or if the field does not yet exist, it is set to the empty array. Equivalent numbers of the different types (e.g. 3L and 3.0) are considered equal when deciding whether an element should be removed. NaN is equal to NaN, and Null is equal to Null. This will remove all equivalent values if there are duplicates. The corresponding transform_result will be the null value.
             "values": [ # Values in the array.
-              # Object with schema name: Value
+              { # A message that can hold any of the supported value types.
+                "arrayValue": # Object with schema name: ArrayValue # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
+                "booleanValue": True or False, # A boolean value.
+                "bytesValue": "A String", # A bytes value. Must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes are considered by queries.
+                "doubleValue": 3.14, # A double value.
+                "geoPointValue": { # An object that represents a latitude/longitude pair. This is expressed as a pair of doubles to represent degrees latitude and degrees longitude. Unless specified otherwise, this object must conform to the WGS84 standard. Values must be within normalized ranges. # A geo point value representing a point on the surface of Earth.
+                  "latitude": 3.14, # The latitude in degrees. It must be in the range [-90.0, +90.0].
+                  "longitude": 3.14, # The longitude in degrees. It must be in the range [-180.0, +180.0].
+                },
+                "integerValue": "A String", # An integer value.
+                "mapValue": { # A map value. # A map value.
+                  "fields": { # The map's fields. The map keys represent field names. Field names matching the regular expression `__.*__` are reserved. Reserved field names are forbidden except in certain documented contexts. The map keys, represented as UTF-8, must not exceed 1,500 bytes and cannot be empty.
+                    "a_key": # Object with schema name: Value
+                  },
+                },
+                "nullValue": "A String", # A null value.
+                "referenceValue": "A String", # A reference to a document. For example: `projects/{project_id}/databases/{database_id}/documents/{document_path}`.
+                "stringValue": "A String", # A string value. The string, represented as UTF-8, must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes of the UTF-8 representation are considered by queries.
+                "timestampValue": "A String", # A timestamp value. Precise only to microseconds. When stored, any additional precision is rounded down.
+              },
             ],
           },
           "setToServerValue": "A String", # Sets the field to the given server value.
@@ -471,11 +515,7 @@ 
Method Details

     { # The result of applying a write.
       "transformResults": [ # The results of applying each DocumentTransform.FieldTransform, in the same order.
         { # A message that can hold any of the supported value types.
-          "arrayValue": { # An array value. # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
-            "values": [ # Values in the array.
-              # Object with schema name: Value
-            ],
-          },
+          "arrayValue": # Object with schema name: ArrayValue # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
           "booleanValue": True or False, # A boolean value.
           "bytesValue": "A String", # A bytes value. Must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes are considered by queries.
           "doubleValue": 3.14, # A double value.
@@ -563,16 +603,31 @@ 
Method Details

           { # A transformation of a field of the document.
             "appendMissingElements": { # An array value. # Append the given elements in order if they are not already present in the current field value. If the field is not an array, or if the field does not yet exist, it is first set to the empty array. Equivalent numbers of different types (e.g. 3L and 3.0) are considered equal when checking if a value is missing. NaN is equal to NaN, and Null is equal to Null. If the input contains multiple equivalent values, only the first will be considered. The corresponding transform_result will be the null value.
               "values": [ # Values in the array.
-                # Object with schema name: Value
+                { # A message that can hold any of the supported value types.
+                  "arrayValue": # Object with schema name: ArrayValue # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
+                  "booleanValue": True or False, # A boolean value.
+                  "bytesValue": "A String", # A bytes value. Must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes are considered by queries.
+                  "doubleValue": 3.14, # A double value.
+                  "geoPointValue": { # An object that represents a latitude/longitude pair. This is expressed as a pair of doubles to represent degrees latitude and degrees longitude. Unless specified otherwise, this object must conform to the WGS84 standard. Values must be within normalized ranges. # A geo point value representing a point on the surface of Earth.
+                    "latitude": 3.14, # The latitude in degrees. It must be in the range [-90.0, +90.0].
+                    "longitude": 3.14, # The longitude in degrees. It must be in the range [-180.0, +180.0].
+                  },
+                  "integerValue": "A String", # An integer value.
+                  "mapValue": { # A map value. # A map value.
+                    "fields": { # The map's fields. The map keys represent field names. Field names matching the regular expression `__.*__` are reserved. Reserved field names are forbidden except in certain documented contexts. The map keys, represented as UTF-8, must not exceed 1,500 bytes and cannot be empty.
+                      "a_key": # Object with schema name: Value
+                    },
+                  },
+                  "nullValue": "A String", # A null value.
+                  "referenceValue": "A String", # A reference to a document. For example: `projects/{project_id}/databases/{database_id}/documents/{document_path}`.
+                  "stringValue": "A String", # A string value. The string, represented as UTF-8, must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes of the UTF-8 representation are considered by queries.
+                  "timestampValue": "A String", # A timestamp value. Precise only to microseconds. When stored, any additional precision is rounded down.
+                },
               ],
             },
             "fieldPath": "A String", # The path of the field. See Document.fields for the field path syntax reference.
             "increment": { # A message that can hold any of the supported value types. # Adds the given value to the field's current value. This must be an integer or a double value. If the field is not an integer or double, or if the field does not yet exist, the transformation will set the field to the given value. If either of the given value or the current field value are doubles, both values will be interpreted as doubles. Double arithmetic and representation of double values follow IEEE 754 semantics. If there is positive/negative integer overflow, the field is resolved to the largest magnitude positive/negative integer.
-              "arrayValue": { # An array value. # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
-                "values": [ # Values in the array.
-                  # Object with schema name: Value
-                ],
-              },
+              "arrayValue": # Object with schema name: ArrayValue # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
               "booleanValue": True or False, # A boolean value.
               "bytesValue": "A String", # A bytes value. Must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes are considered by queries.
               "doubleValue": 3.14, # A double value.
@@ -592,11 +647,7 @@ 
Method Details

               "timestampValue": "A String", # A timestamp value. Precise only to microseconds. When stored, any additional precision is rounded down.
             },
             "maximum": { # A message that can hold any of the supported value types. # Sets the field to the maximum of its current value and the given value. This must be an integer or a double value. If the field is not an integer or double, or if the field does not yet exist, the transformation will set the field to the given value. If a maximum operation is applied where the field and the input value are of mixed types (that is - one is an integer and one is a double) the field takes on the type of the larger operand. If the operands are equivalent (e.g. 3 and 3.0), the field does not change. 0, 0.0, and -0.0 are all zero. The maximum of a zero stored value and zero input value is always the stored value. The maximum of any numeric value x and NaN is NaN.
-              "arrayValue": { # An array value. # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
-                "values": [ # Values in the array.
-                  # Object with schema name: Value
-                ],
-              },
+              "arrayValue": # Object with schema name: ArrayValue # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
               "booleanValue": True or False, # A boolean value.
               "bytesValue": "A String", # A bytes value. Must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes are considered by queries.
               "doubleValue": 3.14, # A double value.
@@ -616,11 +667,7 @@ 
Method Details

               "timestampValue": "A String", # A timestamp value. Precise only to microseconds. When stored, any additional precision is rounded down.
             },
             "minimum": { # A message that can hold any of the supported value types. # Sets the field to the minimum of its current value and the given value. This must be an integer or a double value. If the field is not an integer or double, or if the field does not yet exist, the transformation will set the field to the input value. If a minimum operation is applied where the field and the input value are of mixed types (that is - one is an integer and one is a double) the field takes on the type of the smaller operand. If the operands are equivalent (e.g. 3 and 3.0), the field does not change. 0, 0.0, and -0.0 are all zero. The minimum of a zero stored value and zero input value is always the stored value. The minimum of any numeric value x and NaN is NaN.
-              "arrayValue": { # An array value. # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
-                "values": [ # Values in the array.
-                  # Object with schema name: Value
-                ],
-              },
+              "arrayValue": # Object with schema name: ArrayValue # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
               "booleanValue": True or False, # A boolean value.
               "bytesValue": "A String", # A bytes value. Must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes are considered by queries.
               "doubleValue": 3.14, # A double value.
@@ -641,7 +688,26 @@ 
Method Details

             },
             "removeAllFromArray": { # An array value. # Remove all of the given elements from the array in the field. If the field is not an array, or if the field does not yet exist, it is set to the empty array. Equivalent numbers of the different types (e.g. 3L and 3.0) are considered equal when deciding whether an element should be removed. NaN is equal to NaN, and Null is equal to Null. This will remove all equivalent values if there are duplicates. The corresponding transform_result will be the null value.
               "values": [ # Values in the array.
-                # Object with schema name: Value
+                { # A message that can hold any of the supported value types.
+                  "arrayValue": # Object with schema name: ArrayValue # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
+                  "booleanValue": True or False, # A boolean value.
+                  "bytesValue": "A String", # A bytes value. Must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes are considered by queries.
+                  "doubleValue": 3.14, # A double value.
+                  "geoPointValue": { # An object that represents a latitude/longitude pair. This is expressed as a pair of doubles to represent degrees latitude and degrees longitude. Unless specified otherwise, this object must conform to the WGS84 standard. Values must be within normalized ranges. # A geo point value representing a point on the surface of Earth.
+                    "latitude": 3.14, # The latitude in degrees. It must be in the range [-90.0, +90.0].
+                    "longitude": 3.14, # The longitude in degrees. It must be in the range [-180.0, +180.0].
+                  },
+                  "integerValue": "A String", # An integer value.
+                  "mapValue": { # A map value. # A map value.
+                    "fields": { # The map's fields. The map keys represent field names. Field names matching the regular expression `__.*__` are reserved. Reserved field names are forbidden except in certain documented contexts. The map keys, represented as UTF-8, must not exceed 1,500 bytes and cannot be empty.
+                      "a_key": # Object with schema name: Value
+                    },
+                  },
+                  "nullValue": "A String", # A null value.
+                  "referenceValue": "A String", # A reference to a document. For example: `projects/{project_id}/databases/{database_id}/documents/{document_path}`.
+                  "stringValue": "A String", # A string value. The string, represented as UTF-8, must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes of the UTF-8 representation are considered by queries.
+                  "timestampValue": "A String", # A timestamp value. Precise only to microseconds. When stored, any additional precision is rounded down.
+                },
               ],
             },
             "setToServerValue": "A String", # Sets the field to the given server value.
@@ -652,11 +718,7 @@ 
Method Details

         "createTime": "A String", # Output only. The time at which the document was created. This value increases monotonically when a document is deleted then recreated. It can also be compared to values from other documents and the `read_time` of a query.
         "fields": { # The document's fields. The map keys represent field names. A simple field name contains only characters `a` to `z`, `A` to `Z`, `0` to `9`, or `_`, and must not start with `0` to `9`. For example, `foo_bar_17`. Field names matching the regular expression `__.*__` are reserved. Reserved field names are forbidden except in certain documented contexts. The map keys, represented as UTF-8, must not exceed 1,500 bytes and cannot be empty. Field paths may be used in other contexts to refer to structured fields defined here. For `map_value`, the field path is represented by the simple or quoted field names of the containing fields, delimited by `.`. For example, the structured field `"foo" : { map_value: { "x&y" : { string_value: "hello" }}}` would be represented by the field path `foo.x&y`. Within a field path, a quoted field name starts and ends with `` ` `` and may contain any character. Some characters, including `` ` ``, must be escaped using a `\`. For example, `` `x&y` `` represents `x&y` and `` `bak\`tik` `` represents `` bak`tik ``.
           "a_key": { # A message that can hold any of the supported value types.
-            "arrayValue": { # An array value. # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
-              "values": [ # Values in the array.
-                # Object with schema name: Value
-              ],
-            },
+            "arrayValue": # Object with schema name: ArrayValue # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
             "booleanValue": True or False, # A boolean value.
             "bytesValue": "A String", # A bytes value. Must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes are considered by queries.
             "doubleValue": 3.14, # A double value.
@@ -688,16 +750,31 @@ 
Method Details

         { # A transformation of a field of the document.
           "appendMissingElements": { # An array value. # Append the given elements in order if they are not already present in the current field value. If the field is not an array, or if the field does not yet exist, it is first set to the empty array. Equivalent numbers of different types (e.g. 3L and 3.0) are considered equal when checking if a value is missing. NaN is equal to NaN, and Null is equal to Null. If the input contains multiple equivalent values, only the first will be considered. The corresponding transform_result will be the null value.
             "values": [ # Values in the array.
-              # Object with schema name: Value
+              { # A message that can hold any of the supported value types.
+                "arrayValue": # Object with schema name: ArrayValue # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
+                "booleanValue": True or False, # A boolean value.
+                "bytesValue": "A String", # A bytes value. Must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes are considered by queries.
+                "doubleValue": 3.14, # A double value.
+                "geoPointValue": { # An object that represents a latitude/longitude pair. This is expressed as a pair of doubles to represent degrees latitude and degrees longitude. Unless specified otherwise, this object must conform to the WGS84 standard. Values must be within normalized ranges. # A geo point value representing a point on the surface of Earth.
+                  "latitude": 3.14, # The latitude in degrees. It must be in the range [-90.0, +90.0].
+                  "longitude": 3.14, # The longitude in degrees. It must be in the range [-180.0, +180.0].
+                },
+                "integerValue": "A String", # An integer value.
+                "mapValue": { # A map value. # A map value.
+                  "fields": { # The map's fields. The map keys represent field names. Field names matching the regular expression `__.*__` are reserved. Reserved field names are forbidden except in certain documented contexts. The map keys, represented as UTF-8, must not exceed 1,500 bytes and cannot be empty.
+                    "a_key": # Object with schema name: Value
+                  },
+                },
+                "nullValue": "A String", # A null value.
+                "referenceValue": "A String", # A reference to a document. For example: `projects/{project_id}/databases/{database_id}/documents/{document_path}`.
+                "stringValue": "A String", # A string value. The string, represented as UTF-8, must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes of the UTF-8 representation are considered by queries.
+                "timestampValue": "A String", # A timestamp value. Precise only to microseconds. When stored, any additional precision is rounded down.
+              },
             ],
           },
           "fieldPath": "A String", # The path of the field. See Document.fields for the field path syntax reference.
           "increment": { # A message that can hold any of the supported value types. # Adds the given value to the field's current value. This must be an integer or a double value. If the field is not an integer or double, or if the field does not yet exist, the transformation will set the field to the given value. If either of the given value or the current field value are doubles, both values will be interpreted as doubles. Double arithmetic and representation of double values follow IEEE 754 semantics. If there is positive/negative integer overflow, the field is resolved to the largest magnitude positive/negative integer.
-            "arrayValue": { # An array value. # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
-              "values": [ # Values in the array.
-                # Object with schema name: Value
-              ],
-            },
+            "arrayValue": # Object with schema name: ArrayValue # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
             "booleanValue": True or False, # A boolean value.
             "bytesValue": "A String", # A bytes value. Must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes are considered by queries.
             "doubleValue": 3.14, # A double value.
@@ -717,11 +794,7 @@ 
Method Details

             "timestampValue": "A String", # A timestamp value. Precise only to microseconds. When stored, any additional precision is rounded down.
           },
           "maximum": { # A message that can hold any of the supported value types. # Sets the field to the maximum of its current value and the given value. This must be an integer or a double value. If the field is not an integer or double, or if the field does not yet exist, the transformation will set the field to the given value. If a maximum operation is applied where the field and the input value are of mixed types (that is - one is an integer and one is a double) the field takes on the type of the larger operand. If the operands are equivalent (e.g. 3 and 3.0), the field does not change. 0, 0.0, and -0.0 are all zero. The maximum of a zero stored value and zero input value is always the stored value. The maximum of any numeric value x and NaN is NaN.
-            "arrayValue": { # An array value. # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
-              "values": [ # Values in the array.
-                # Object with schema name: Value
-              ],
-            },
+            "arrayValue": # Object with schema name: ArrayValue # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
             "booleanValue": True or False, # A boolean value.
             "bytesValue": "A String", # A bytes value. Must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes are considered by queries.
             "doubleValue": 3.14, # A double value.
@@ -741,11 +814,7 @@ 
Method Details

             "timestampValue": "A String", # A timestamp value. Precise only to microseconds. When stored, any additional precision is rounded down.
           },
           "minimum": { # A message that can hold any of the supported value types. # Sets the field to the minimum of its current value and the given value. This must be an integer or a double value. If the field is not an integer or double, or if the field does not yet exist, the transformation will set the field to the input value. If a minimum operation is applied where the field and the input value are of mixed types (that is - one is an integer and one is a double) the field takes on the type of the smaller operand. If the operands are equivalent (e.g. 3 and 3.0), the field does not change. 0, 0.0, and -0.0 are all zero. The minimum of a zero stored value and zero input value is always the stored value. The minimum of any numeric value x and NaN is NaN.
-            "arrayValue": { # An array value. # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
-              "values": [ # Values in the array.
-                # Object with schema name: Value
-              ],
-            },
+            "arrayValue": # Object with schema name: ArrayValue # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
             "booleanValue": True or False, # A boolean value.
             "bytesValue": "A String", # A bytes value. Must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes are considered by queries.
             "doubleValue": 3.14, # A double value.
@@ -766,7 +835,26 @@ 
Method Details

           },
           "removeAllFromArray": { # An array value. # Remove all of the given elements from the array in the field. If the field is not an array, or if the field does not yet exist, it is set to the empty array. Equivalent numbers of the different types (e.g. 3L and 3.0) are considered equal when deciding whether an element should be removed. NaN is equal to NaN, and Null is equal to Null. This will remove all equivalent values if there are duplicates. The corresponding transform_result will be the null value.
             "values": [ # Values in the array.
-              # Object with schema name: Value
+              { # A message that can hold any of the supported value types.
+                "arrayValue": # Object with schema name: ArrayValue # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
+                "booleanValue": True or False, # A boolean value.
+                "bytesValue": "A String", # A bytes value. Must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes are considered by queries.
+                "doubleValue": 3.14, # A double value.
+                "geoPointValue": { # An object that represents a latitude/longitude pair. This is expressed as a pair of doubles to represent degrees latitude and degrees longitude. Unless specified otherwise, this object must conform to the WGS84 standard. Values must be within normalized ranges. # A geo point value representing a point on the surface of Earth.
+                  "latitude": 3.14, # The latitude in degrees. It must be in the range [-90.0, +90.0].
+                  "longitude": 3.14, # The longitude in degrees. It must be in the range [-180.0, +180.0].
+                },
+                "integerValue": "A String", # An integer value.
+                "mapValue": { # A map value. # A map value.
+                  "fields": { # The map's fields. The map keys represent field names. Field names matching the regular expression `__.*__` are reserved. Reserved field names are forbidden except in certain documented contexts. The map keys, represented as UTF-8, must not exceed 1,500 bytes and cannot be empty.
+                    "a_key": # Object with schema name: Value
+                  },
+                },
+                "nullValue": "A String", # A null value.
+                "referenceValue": "A String", # A reference to a document. For example: `projects/{project_id}/databases/{database_id}/documents/{document_path}`.
+                "stringValue": "A String", # A string value. The string, represented as UTF-8, must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes of the UTF-8 representation are considered by queries.
+                "timestampValue": "A String", # A timestamp value. Precise only to microseconds. When stored, any additional precision is rounded down.
+              },
             ],
           },
           "setToServerValue": "A String", # Sets the field to the given server value.
@@ -790,11 +878,7 @@ 
Method Details

     { # The result of applying a write.
       "transformResults": [ # The results of applying each DocumentTransform.FieldTransform, in the same order.
         { # A message that can hold any of the supported value types.
-          "arrayValue": { # An array value. # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
-            "values": [ # Values in the array.
-              # Object with schema name: Value
-            ],
-          },
+          "arrayValue": # Object with schema name: ArrayValue # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
           "booleanValue": True or False, # A boolean value.
           "bytesValue": "A String", # A bytes value. Must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes are considered by queries.
           "doubleValue": 3.14, # A double value.
@@ -834,11 +918,7 @@ 
Method Details

   "createTime": "A String", # Output only. The time at which the document was created. This value increases monotonically when a document is deleted then recreated. It can also be compared to values from other documents and the `read_time` of a query.
   "fields": { # The document's fields. The map keys represent field names. A simple field name contains only characters `a` to `z`, `A` to `Z`, `0` to `9`, or `_`, and must not start with `0` to `9`. For example, `foo_bar_17`. Field names matching the regular expression `__.*__` are reserved. Reserved field names are forbidden except in certain documented contexts. The map keys, represented as UTF-8, must not exceed 1,500 bytes and cannot be empty. Field paths may be used in other contexts to refer to structured fields defined here. For `map_value`, the field path is represented by the simple or quoted field names of the containing fields, delimited by `.`. For example, the structured field `"foo" : { map_value: { "x&y" : { string_value: "hello" }}}` would be represented by the field path `foo.x&y`. Within a field path, a quoted field name starts and ends with `` ` `` and may contain any character. Some characters, including `` ` ``, must be escaped using a `\`. For example, `` `x&y` `` represents `x&y` and `` `bak\`tik` `` represents `` bak`tik ``.
     "a_key": { # A message that can hold any of the supported value types.
-      "arrayValue": { # An array value. # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
-        "values": [ # Values in the array.
-          # Object with schema name: Value
-        ],
-      },
+      "arrayValue": # Object with schema name: ArrayValue # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
       "booleanValue": True or False, # A boolean value.
       "bytesValue": "A String", # A bytes value. Must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes are considered by queries.
       "doubleValue": 3.14, # A double value.
@@ -876,11 +956,7 @@ 
Method Details

   "createTime": "A String", # Output only. The time at which the document was created. This value increases monotonically when a document is deleted then recreated. It can also be compared to values from other documents and the `read_time` of a query.
   "fields": { # The document's fields. The map keys represent field names. A simple field name contains only characters `a` to `z`, `A` to `Z`, `0` to `9`, or `_`, and must not start with `0` to `9`. For example, `foo_bar_17`. Field names matching the regular expression `__.*__` are reserved. Reserved field names are forbidden except in certain documented contexts. The map keys, represented as UTF-8, must not exceed 1,500 bytes and cannot be empty. Field paths may be used in other contexts to refer to structured fields defined here. For `map_value`, the field path is represented by the simple or quoted field names of the containing fields, delimited by `.`. For example, the structured field `"foo" : { map_value: { "x&y" : { string_value: "hello" }}}` would be represented by the field path `foo.x&y`. Within a field path, a quoted field name starts and ends with `` ` `` and may contain any character. Some characters, including `` ` ``, must be escaped using a `\`. For example, `` `x&y` `` represents `x&y` and `` `bak\`tik` `` represents `` bak`tik ``.
     "a_key": { # A message that can hold any of the supported value types.
-      "arrayValue": { # An array value. # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
-        "values": [ # Values in the array.
-          # Object with schema name: Value
-        ],
-      },
+      "arrayValue": # Object with schema name: ArrayValue # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
       "booleanValue": True or False, # A boolean value.
       "bytesValue": "A String", # A bytes value. Must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes are considered by queries.
       "doubleValue": 3.14, # A double value.
@@ -946,11 +1022,7 @@ 
Method Details

   "createTime": "A String", # Output only. The time at which the document was created. This value increases monotonically when a document is deleted then recreated. It can also be compared to values from other documents and the `read_time` of a query.
   "fields": { # The document's fields. The map keys represent field names. A simple field name contains only characters `a` to `z`, `A` to `Z`, `0` to `9`, or `_`, and must not start with `0` to `9`. For example, `foo_bar_17`. Field names matching the regular expression `__.*__` are reserved. Reserved field names are forbidden except in certain documented contexts. The map keys, represented as UTF-8, must not exceed 1,500 bytes and cannot be empty. Field paths may be used in other contexts to refer to structured fields defined here. For `map_value`, the field path is represented by the simple or quoted field names of the containing fields, delimited by `.`. For example, the structured field `"foo" : { map_value: { "x&y" : { string_value: "hello" }}}` would be represented by the field path `foo.x&y`. Within a field path, a quoted field name starts and ends with `` ` `` and may contain any character. Some characters, including `` ` ``, must be escaped using a `\`. For example, `` `x&y` `` represents `x&y` and `` `bak\`tik` `` represents `` bak`tik ``.
     "a_key": { # A message that can hold any of the supported value types.
-      "arrayValue": { # An array value. # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
-        "values": [ # Values in the array.
-          # Object with schema name: Value
-        ],
-      },
+      "arrayValue": # Object with schema name: ArrayValue # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
       "booleanValue": True or False, # A boolean value.
       "bytesValue": "A String", # A bytes value. Must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes are considered by queries.
       "doubleValue": 3.14, # A double value.
@@ -1003,11 +1075,7 @@ 
Method Details

       "createTime": "A String", # Output only. The time at which the document was created. This value increases monotonically when a document is deleted then recreated. It can also be compared to values from other documents and the `read_time` of a query.
       "fields": { # The document's fields. The map keys represent field names. A simple field name contains only characters `a` to `z`, `A` to `Z`, `0` to `9`, or `_`, and must not start with `0` to `9`. For example, `foo_bar_17`. Field names matching the regular expression `__.*__` are reserved. Reserved field names are forbidden except in certain documented contexts. The map keys, represented as UTF-8, must not exceed 1,500 bytes and cannot be empty. Field paths may be used in other contexts to refer to structured fields defined here. For `map_value`, the field path is represented by the simple or quoted field names of the containing fields, delimited by `.`. For example, the structured field `"foo" : { map_value: { "x&y" : { string_value: "hello" }}}` would be represented by the field path `foo.x&y`. Within a field path, a quoted field name starts and ends with `` ` `` and may contain any character. Some characters, including `` ` ``, must be escaped using a `\`. For example, `` `x&y` `` represents `x&y` and `` `bak\`tik` `` represents `` bak`tik ``.
         "a_key": { # A message that can hold any of the supported value types.
-          "arrayValue": { # An array value. # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
-            "values": [ # Values in the array.
-              # Object with schema name: Value
-            ],
-          },
+          "arrayValue": # Object with schema name: ArrayValue # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
           "booleanValue": True or False, # A boolean value.
           "bytesValue": "A String", # A bytes value. Must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes are considered by queries.
           "doubleValue": 3.14, # A double value.
@@ -1117,11 +1185,7 @@ 
Method Details

           "before": True or False, # If the position is just before or just after the given values, relative to the sort order defined by the query.
           "values": [ # The values that represent a position, in the order they appear in the order by clause of a query. Can contain fewer values than specified in the order by clause.
             { # A message that can hold any of the supported value types.
-              "arrayValue": { # An array value. # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
-                "values": [ # Values in the array.
-                  # Object with schema name: Value
-                ],
-              },
+              "arrayValue": # Object with schema name: ArrayValue # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
               "booleanValue": True or False, # A boolean value.
               "bytesValue": "A String", # A bytes value. Must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes are considered by queries.
               "doubleValue": 3.14, # A double value.
@@ -1169,11 +1233,7 @@ 
Method Details

           "before": True or False, # If the position is just before or just after the given values, relative to the sort order defined by the query.
           "values": [ # The values that represent a position, in the order they appear in the order by clause of a query. Can contain fewer values than specified in the order by clause.
             { # A message that can hold any of the supported value types.
-              "arrayValue": { # An array value. # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
-                "values": [ # Values in the array.
-                  # Object with schema name: Value
-                ],
-              },
+              "arrayValue": # Object with schema name: ArrayValue # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
               "booleanValue": True or False, # A boolean value.
               "bytesValue": "A String", # A bytes value. Must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes are considered by queries.
               "doubleValue": 3.14, # A double value.
@@ -1207,11 +1267,7 @@ 
Method Details

             },
             "op": "A String", # The operator to filter by.
             "value": { # A message that can hold any of the supported value types. # The value to compare to.
-              "arrayValue": { # An array value. # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
-                "values": [ # Values in the array.
-                  # Object with schema name: Value
-                ],
-              },
+              "arrayValue": # Object with schema name: ArrayValue # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
               "booleanValue": True or False, # A boolean value.
               "bytesValue": "A String", # A bytes value. Must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes are considered by queries.
               "doubleValue": 3.14, # A double value.
@@ -1264,11 +1320,7 @@ 
Method Details

       "createTime": "A String", # Output only. The time at which the document was created. This value increases monotonically when a document is deleted then recreated. It can also be compared to values from other documents and the `read_time` of a query.
       "fields": { # The document's fields. The map keys represent field names. A simple field name contains only characters `a` to `z`, `A` to `Z`, `0` to `9`, or `_`, and must not start with `0` to `9`. For example, `foo_bar_17`. Field names matching the regular expression `__.*__` are reserved. Reserved field names are forbidden except in certain documented contexts. The map keys, represented as UTF-8, must not exceed 1,500 bytes and cannot be empty. Field paths may be used in other contexts to refer to structured fields defined here. For `map_value`, the field path is represented by the simple or quoted field names of the containing fields, delimited by `.`. For example, the structured field `"foo" : { map_value: { "x&y" : { string_value: "hello" }}}` would be represented by the field path `foo.x&y`. Within a field path, a quoted field name starts and ends with `` ` `` and may contain any character. Some characters, including `` ` ``, must be escaped using a `\`. For example, `` `x&y` `` represents `x&y` and `` `bak\`tik` `` represents `` bak`tik ``.
         "a_key": { # A message that can hold any of the supported value types.
-          "arrayValue": { # An array value. # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
-            "values": [ # Values in the array.
-              # Object with schema name: Value
-            ],
-          },
+          "arrayValue": # Object with schema name: ArrayValue # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
           "booleanValue": True or False, # A boolean value.
           "bytesValue": "A String", # A bytes value. Must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes are considered by queries.
           "doubleValue": 3.14, # A double value.
@@ -1354,11 +1406,7 @@ 
Method Details

       "before": True or False, # If the position is just before or just after the given values, relative to the sort order defined by the query.
       "values": [ # The values that represent a position, in the order they appear in the order by clause of a query. Can contain fewer values than specified in the order by clause.
         { # A message that can hold any of the supported value types.
-          "arrayValue": { # An array value. # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
-            "values": [ # Values in the array.
-              # Object with schema name: Value
-            ],
-          },
+          "arrayValue": # Object with schema name: ArrayValue # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
           "booleanValue": True or False, # A boolean value.
           "bytesValue": "A String", # A bytes value. Must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes are considered by queries.
           "doubleValue": 3.14, # A double value.
@@ -1406,11 +1454,7 @@ 
Method Details

       "before": True or False, # If the position is just before or just after the given values, relative to the sort order defined by the query.
       "values": [ # The values that represent a position, in the order they appear in the order by clause of a query. Can contain fewer values than specified in the order by clause.
         { # A message that can hold any of the supported value types.
-          "arrayValue": { # An array value. # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
-            "values": [ # Values in the array.
-              # Object with schema name: Value
-            ],
-          },
+          "arrayValue": # Object with schema name: ArrayValue # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
           "booleanValue": True or False, # A boolean value.
           "bytesValue": "A String", # A bytes value. Must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes are considered by queries.
           "doubleValue": 3.14, # A double value.
@@ -1444,11 +1488,7 @@ 
Method Details

         },
         "op": "A String", # The operator to filter by.
         "value": { # A message that can hold any of the supported value types. # The value to compare to.
-          "arrayValue": { # An array value. # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
-            "values": [ # Values in the array.
-              # Object with schema name: Value
-            ],
-          },
+          "arrayValue": # Object with schema name: ArrayValue # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
           "booleanValue": True or False, # A boolean value.
           "bytesValue": "A String", # A bytes value. Must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes are considered by queries.
           "doubleValue": 3.14, # A double value.
@@ -1493,11 +1533,7 @@ 
Method Details

       "before": True or False, # If the position is just before or just after the given values, relative to the sort order defined by the query.
       "values": [ # The values that represent a position, in the order they appear in the order by clause of a query. Can contain fewer values than specified in the order by clause.
         { # A message that can hold any of the supported value types.
-          "arrayValue": { # An array value. # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
-            "values": [ # Values in the array.
-              # Object with schema name: Value
-            ],
-          },
+          "arrayValue": # Object with schema name: ArrayValue # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
           "booleanValue": True or False, # A boolean value.
           "bytesValue": "A String", # A bytes value. Must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes are considered by queries.
           "doubleValue": 3.14, # A double value.
@@ -1549,11 +1585,7 @@ 
Method Details

   "createTime": "A String", # Output only. The time at which the document was created. This value increases monotonically when a document is deleted then recreated. It can also be compared to values from other documents and the `read_time` of a query.
   "fields": { # The document's fields. The map keys represent field names. A simple field name contains only characters `a` to `z`, `A` to `Z`, `0` to `9`, or `_`, and must not start with `0` to `9`. For example, `foo_bar_17`. Field names matching the regular expression `__.*__` are reserved. Reserved field names are forbidden except in certain documented contexts. The map keys, represented as UTF-8, must not exceed 1,500 bytes and cannot be empty. Field paths may be used in other contexts to refer to structured fields defined here. For `map_value`, the field path is represented by the simple or quoted field names of the containing fields, delimited by `.`. For example, the structured field `"foo" : { map_value: { "x&y" : { string_value: "hello" }}}` would be represented by the field path `foo.x&y`. Within a field path, a quoted field name starts and ends with `` ` `` and may contain any character. Some characters, including `` ` ``, must be escaped using a `\`. For example, `` `x&y` `` represents `x&y` and `` `bak\`tik` `` represents `` bak`tik ``.
     "a_key": { # A message that can hold any of the supported value types.
-      "arrayValue": { # An array value. # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
-        "values": [ # Values in the array.
-          # Object with schema name: Value
-        ],
-      },
+      "arrayValue": # Object with schema name: ArrayValue # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
       "booleanValue": True or False, # A boolean value.
       "bytesValue": "A String", # A bytes value. Must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes are considered by queries.
       "doubleValue": 3.14, # A double value.
@@ -1593,11 +1625,7 @@ 
Method Details

   "createTime": "A String", # Output only. The time at which the document was created. This value increases monotonically when a document is deleted then recreated. It can also be compared to values from other documents and the `read_time` of a query.
   "fields": { # The document's fields. The map keys represent field names. A simple field name contains only characters `a` to `z`, `A` to `Z`, `0` to `9`, or `_`, and must not start with `0` to `9`. For example, `foo_bar_17`. Field names matching the regular expression `__.*__` are reserved. Reserved field names are forbidden except in certain documented contexts. The map keys, represented as UTF-8, must not exceed 1,500 bytes and cannot be empty. Field paths may be used in other contexts to refer to structured fields defined here. For `map_value`, the field path is represented by the simple or quoted field names of the containing fields, delimited by `.`. For example, the structured field `"foo" : { map_value: { "x&y" : { string_value: "hello" }}}` would be represented by the field path `foo.x&y`. Within a field path, a quoted field name starts and ends with `` ` `` and may contain any character. Some characters, including `` ` ``, must be escaped using a `\`. For example, `` `x&y` `` represents `x&y` and `` `bak\`tik` `` represents `` bak`tik ``.
     "a_key": { # A message that can hold any of the supported value types.
-      "arrayValue": { # An array value. # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
-        "values": [ # Values in the array.
-          # Object with schema name: Value
-        ],
-      },
+      "arrayValue": # Object with schema name: ArrayValue # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
       "booleanValue": True or False, # A boolean value.
       "bytesValue": "A String", # A bytes value. Must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes are considered by queries.
       "doubleValue": 3.14, # A double value.
@@ -1671,11 +1699,7 @@ 
Method Details

       "before": True or False, # If the position is just before or just after the given values, relative to the sort order defined by the query.
       "values": [ # The values that represent a position, in the order they appear in the order by clause of a query. Can contain fewer values than specified in the order by clause.
         { # A message that can hold any of the supported value types.
-          "arrayValue": { # An array value. # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
-            "values": [ # Values in the array.
-              # Object with schema name: Value
-            ],
-          },
+          "arrayValue": # Object with schema name: ArrayValue # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
           "booleanValue": True or False, # A boolean value.
           "bytesValue": "A String", # A bytes value. Must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes are considered by queries.
           "doubleValue": 3.14, # A double value.
@@ -1723,11 +1747,7 @@ 
Method Details

       "before": True or False, # If the position is just before or just after the given values, relative to the sort order defined by the query.
       "values": [ # The values that represent a position, in the order they appear in the order by clause of a query. Can contain fewer values than specified in the order by clause.
         { # A message that can hold any of the supported value types.
-          "arrayValue": { # An array value. # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
-            "values": [ # Values in the array.
-              # Object with schema name: Value
-            ],
-          },
+          "arrayValue": # Object with schema name: ArrayValue # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
           "booleanValue": True or False, # A boolean value.
           "bytesValue": "A String", # A bytes value. Must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes are considered by queries.
           "doubleValue": 3.14, # A double value.
@@ -1761,11 +1781,7 @@ 
Method Details

         },
         "op": "A String", # The operator to filter by.
         "value": { # A message that can hold any of the supported value types. # The value to compare to.
-          "arrayValue": { # An array value. # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
-            "values": [ # Values in the array.
-              # Object with schema name: Value
-            ],
-          },
+          "arrayValue": # Object with schema name: ArrayValue # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
           "booleanValue": True or False, # A boolean value.
           "bytesValue": "A String", # A bytes value. Must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes are considered by queries.
           "doubleValue": 3.14, # A double value.
@@ -1809,11 +1825,7 @@ 
Method Details

     "createTime": "A String", # Output only. The time at which the document was created. This value increases monotonically when a document is deleted then recreated. It can also be compared to values from other documents and the `read_time` of a query.
     "fields": { # The document's fields. The map keys represent field names. A simple field name contains only characters `a` to `z`, `A` to `Z`, `0` to `9`, or `_`, and must not start with `0` to `9`. For example, `foo_bar_17`. Field names matching the regular expression `__.*__` are reserved. Reserved field names are forbidden except in certain documented contexts. The map keys, represented as UTF-8, must not exceed 1,500 bytes and cannot be empty. Field paths may be used in other contexts to refer to structured fields defined here. For `map_value`, the field path is represented by the simple or quoted field names of the containing fields, delimited by `.`. For example, the structured field `"foo" : { map_value: { "x&y" : { string_value: "hello" }}}` would be represented by the field path `foo.x&y`. Within a field path, a quoted field name starts and ends with `` ` `` and may contain any character. Some characters, including `` ` ``, must be escaped using a `\`. For example, `` `x&y` `` represents `x&y` and `` `bak\`tik` `` represents `` bak`tik ``.
       "a_key": { # A message that can hold any of the supported value types.
-        "arrayValue": { # An array value. # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
-          "values": [ # Values in the array.
-            # Object with schema name: Value
-          ],
-        },
+        "arrayValue": # Object with schema name: ArrayValue # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
         "booleanValue": True or False, # A boolean value.
         "bytesValue": "A String", # A bytes value. Must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes are considered by queries.
         "doubleValue": 3.14, # A double value.
@@ -1870,16 +1882,31 @@ 
Method Details

           { # A transformation of a field of the document.
             "appendMissingElements": { # An array value. # Append the given elements in order if they are not already present in the current field value. If the field is not an array, or if the field does not yet exist, it is first set to the empty array. Equivalent numbers of different types (e.g. 3L and 3.0) are considered equal when checking if a value is missing. NaN is equal to NaN, and Null is equal to Null. If the input contains multiple equivalent values, only the first will be considered. The corresponding transform_result will be the null value.
               "values": [ # Values in the array.
-                # Object with schema name: Value
+                { # A message that can hold any of the supported value types.
+                  "arrayValue": # Object with schema name: ArrayValue # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
+                  "booleanValue": True or False, # A boolean value.
+                  "bytesValue": "A String", # A bytes value. Must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes are considered by queries.
+                  "doubleValue": 3.14, # A double value.
+                  "geoPointValue": { # An object that represents a latitude/longitude pair. This is expressed as a pair of doubles to represent degrees latitude and degrees longitude. Unless specified otherwise, this object must conform to the WGS84 standard. Values must be within normalized ranges. # A geo point value representing a point on the surface of Earth.
+                    "latitude": 3.14, # The latitude in degrees. It must be in the range [-90.0, +90.0].
+                    "longitude": 3.14, # The longitude in degrees. It must be in the range [-180.0, +180.0].
+                  },
+                  "integerValue": "A String", # An integer value.
+                  "mapValue": { # A map value. # A map value.
+                    "fields": { # The map's fields. The map keys represent field names. Field names matching the regular expression `__.*__` are reserved. Reserved field names are forbidden except in certain documented contexts. The map keys, represented as UTF-8, must not exceed 1,500 bytes and cannot be empty.
+                      "a_key": # Object with schema name: Value
+                    },
+                  },
+                  "nullValue": "A String", # A null value.
+                  "referenceValue": "A String", # A reference to a document. For example: `projects/{project_id}/databases/{database_id}/documents/{document_path}`.
+                  "stringValue": "A String", # A string value. The string, represented as UTF-8, must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes of the UTF-8 representation are considered by queries.
+                  "timestampValue": "A String", # A timestamp value. Precise only to microseconds. When stored, any additional precision is rounded down.
+                },
               ],
             },
             "fieldPath": "A String", # The path of the field. See Document.fields for the field path syntax reference.
             "increment": { # A message that can hold any of the supported value types. # Adds the given value to the field's current value. This must be an integer or a double value. If the field is not an integer or double, or if the field does not yet exist, the transformation will set the field to the given value. If either of the given value or the current field value are doubles, both values will be interpreted as doubles. Double arithmetic and representation of double values follow IEEE 754 semantics. If there is positive/negative integer overflow, the field is resolved to the largest magnitude positive/negative integer.
-              "arrayValue": { # An array value. # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
-                "values": [ # Values in the array.
-                  # Object with schema name: Value
-                ],
-              },
+              "arrayValue": # Object with schema name: ArrayValue # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
               "booleanValue": True or False, # A boolean value.
               "bytesValue": "A String", # A bytes value. Must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes are considered by queries.
               "doubleValue": 3.14, # A double value.
@@ -1899,11 +1926,7 @@ 
Method Details

               "timestampValue": "A String", # A timestamp value. Precise only to microseconds. When stored, any additional precision is rounded down.
             },
             "maximum": { # A message that can hold any of the supported value types. # Sets the field to the maximum of its current value and the given value. This must be an integer or a double value. If the field is not an integer or double, or if the field does not yet exist, the transformation will set the field to the given value. If a maximum operation is applied where the field and the input value are of mixed types (that is - one is an integer and one is a double) the field takes on the type of the larger operand. If the operands are equivalent (e.g. 3 and 3.0), the field does not change. 0, 0.0, and -0.0 are all zero. The maximum of a zero stored value and zero input value is always the stored value. The maximum of any numeric value x and NaN is NaN.
-              "arrayValue": { # An array value. # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
-                "values": [ # Values in the array.
-                  # Object with schema name: Value
-                ],
-              },
+              "arrayValue": # Object with schema name: ArrayValue # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
               "booleanValue": True or False, # A boolean value.
               "bytesValue": "A String", # A bytes value. Must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes are considered by queries.
               "doubleValue": 3.14, # A double value.
@@ -1923,11 +1946,7 @@ 
Method Details

               "timestampValue": "A String", # A timestamp value. Precise only to microseconds. When stored, any additional precision is rounded down.
             },
             "minimum": { # A message that can hold any of the supported value types. # Sets the field to the minimum of its current value and the given value. This must be an integer or a double value. If the field is not an integer or double, or if the field does not yet exist, the transformation will set the field to the input value. If a minimum operation is applied where the field and the input value are of mixed types (that is - one is an integer and one is a double) the field takes on the type of the smaller operand. If the operands are equivalent (e.g. 3 and 3.0), the field does not change. 0, 0.0, and -0.0 are all zero. The minimum of a zero stored value and zero input value is always the stored value. The minimum of any numeric value x and NaN is NaN.
-              "arrayValue": { # An array value. # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
-                "values": [ # Values in the array.
-                  # Object with schema name: Value
-                ],
-              },
+              "arrayValue": # Object with schema name: ArrayValue # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
               "booleanValue": True or False, # A boolean value.
               "bytesValue": "A String", # A bytes value. Must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes are considered by queries.
               "doubleValue": 3.14, # A double value.
@@ -1948,7 +1967,26 @@ 
Method Details

             },
             "removeAllFromArray": { # An array value. # Remove all of the given elements from the array in the field. If the field is not an array, or if the field does not yet exist, it is set to the empty array. Equivalent numbers of the different types (e.g. 3L and 3.0) are considered equal when deciding whether an element should be removed. NaN is equal to NaN, and Null is equal to Null. This will remove all equivalent values if there are duplicates. The corresponding transform_result will be the null value.
               "values": [ # Values in the array.
-                # Object with schema name: Value
+                { # A message that can hold any of the supported value types.
+                  "arrayValue": # Object with schema name: ArrayValue # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
+                  "booleanValue": True or False, # A boolean value.
+                  "bytesValue": "A String", # A bytes value. Must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes are considered by queries.
+                  "doubleValue": 3.14, # A double value.
+                  "geoPointValue": { # An object that represents a latitude/longitude pair. This is expressed as a pair of doubles to represent degrees latitude and degrees longitude. Unless specified otherwise, this object must conform to the WGS84 standard. Values must be within normalized ranges. # A geo point value representing a point on the surface of Earth.
+                    "latitude": 3.14, # The latitude in degrees. It must be in the range [-90.0, +90.0].
+                    "longitude": 3.14, # The longitude in degrees. It must be in the range [-180.0, +180.0].
+                  },
+                  "integerValue": "A String", # An integer value.
+                  "mapValue": { # A map value. # A map value.
+                    "fields": { # The map's fields. The map keys represent field names. Field names matching the regular expression `__.*__` are reserved. Reserved field names are forbidden except in certain documented contexts. The map keys, represented as UTF-8, must not exceed 1,500 bytes and cannot be empty.
+                      "a_key": # Object with schema name: Value
+                    },
+                  },
+                  "nullValue": "A String", # A null value.
+                  "referenceValue": "A String", # A reference to a document. For example: `projects/{project_id}/databases/{database_id}/documents/{document_path}`.
+                  "stringValue": "A String", # A string value. The string, represented as UTF-8, must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes of the UTF-8 representation are considered by queries.
+                  "timestampValue": "A String", # A timestamp value. Precise only to microseconds. When stored, any additional precision is rounded down.
+                },
               ],
             },
             "setToServerValue": "A String", # Sets the field to the given server value.
@@ -1959,11 +1997,7 @@ 
Method Details

         "createTime": "A String", # Output only. The time at which the document was created. This value increases monotonically when a document is deleted then recreated. It can also be compared to values from other documents and the `read_time` of a query.
         "fields": { # The document's fields. The map keys represent field names. A simple field name contains only characters `a` to `z`, `A` to `Z`, `0` to `9`, or `_`, and must not start with `0` to `9`. For example, `foo_bar_17`. Field names matching the regular expression `__.*__` are reserved. Reserved field names are forbidden except in certain documented contexts. The map keys, represented as UTF-8, must not exceed 1,500 bytes and cannot be empty. Field paths may be used in other contexts to refer to structured fields defined here. For `map_value`, the field path is represented by the simple or quoted field names of the containing fields, delimited by `.`. For example, the structured field `"foo" : { map_value: { "x&y" : { string_value: "hello" }}}` would be represented by the field path `foo.x&y`. Within a field path, a quoted field name starts and ends with `` ` `` and may contain any character. Some characters, including `` ` ``, must be escaped using a `\`. For example, `` `x&y` `` represents `x&y` and `` `bak\`tik` `` represents `` bak`tik ``.
           "a_key": { # A message that can hold any of the supported value types.
-            "arrayValue": { # An array value. # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
-              "values": [ # Values in the array.
-                # Object with schema name: Value
-              ],
-            },
+            "arrayValue": # Object with schema name: ArrayValue # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
             "booleanValue": True or False, # A boolean value.
             "bytesValue": "A String", # A bytes value. Must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes are considered by queries.
             "doubleValue": 3.14, # A double value.
@@ -1995,16 +2029,31 @@ 
Method Details

         { # A transformation of a field of the document.
           "appendMissingElements": { # An array value. # Append the given elements in order if they are not already present in the current field value. If the field is not an array, or if the field does not yet exist, it is first set to the empty array. Equivalent numbers of different types (e.g. 3L and 3.0) are considered equal when checking if a value is missing. NaN is equal to NaN, and Null is equal to Null. If the input contains multiple equivalent values, only the first will be considered. The corresponding transform_result will be the null value.
             "values": [ # Values in the array.
-              # Object with schema name: Value
+              { # A message that can hold any of the supported value types.
+                "arrayValue": # Object with schema name: ArrayValue # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
+                "booleanValue": True or False, # A boolean value.
+                "bytesValue": "A String", # A bytes value. Must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes are considered by queries.
+                "doubleValue": 3.14, # A double value.
+                "geoPointValue": { # An object that represents a latitude/longitude pair. This is expressed as a pair of doubles to represent degrees latitude and degrees longitude. Unless specified otherwise, this object must conform to the WGS84 standard. Values must be within normalized ranges. # A geo point value representing a point on the surface of Earth.
+                  "latitude": 3.14, # The latitude in degrees. It must be in the range [-90.0, +90.0].
+                  "longitude": 3.14, # The longitude in degrees. It must be in the range [-180.0, +180.0].
+                },
+                "integerValue": "A String", # An integer value.
+                "mapValue": { # A map value. # A map value.
+                  "fields": { # The map's fields. The map keys represent field names. Field names matching the regular expression `__.*__` are reserved. Reserved field names are forbidden except in certain documented contexts. The map keys, represented as UTF-8, must not exceed 1,500 bytes and cannot be empty.
+                    "a_key": # Object with schema name: Value
+                  },
+                },
+                "nullValue": "A String", # A null value.
+                "referenceValue": "A String", # A reference to a document. For example: `projects/{project_id}/databases/{database_id}/documents/{document_path}`.
+                "stringValue": "A String", # A string value. The string, represented as UTF-8, must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes of the UTF-8 representation are considered by queries.
+                "timestampValue": "A String", # A timestamp value. Precise only to microseconds. When stored, any additional precision is rounded down.
+              },
             ],
           },
           "fieldPath": "A String", # The path of the field. See Document.fields for the field path syntax reference.
           "increment": { # A message that can hold any of the supported value types. # Adds the given value to the field's current value. This must be an integer or a double value. If the field is not an integer or double, or if the field does not yet exist, the transformation will set the field to the given value. If either of the given value or the current field value are doubles, both values will be interpreted as doubles. Double arithmetic and representation of double values follow IEEE 754 semantics. If there is positive/negative integer overflow, the field is resolved to the largest magnitude positive/negative integer.
-            "arrayValue": { # An array value. # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
-              "values": [ # Values in the array.
-                # Object with schema name: Value
-              ],
-            },
+            "arrayValue": # Object with schema name: ArrayValue # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
             "booleanValue": True or False, # A boolean value.
             "bytesValue": "A String", # A bytes value. Must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes are considered by queries.
             "doubleValue": 3.14, # A double value.
@@ -2024,11 +2073,7 @@ 
Method Details

             "timestampValue": "A String", # A timestamp value. Precise only to microseconds. When stored, any additional precision is rounded down.
           },
           "maximum": { # A message that can hold any of the supported value types. # Sets the field to the maximum of its current value and the given value. This must be an integer or a double value. If the field is not an integer or double, or if the field does not yet exist, the transformation will set the field to the given value. If a maximum operation is applied where the field and the input value are of mixed types (that is - one is an integer and one is a double) the field takes on the type of the larger operand. If the operands are equivalent (e.g. 3 and 3.0), the field does not change. 0, 0.0, and -0.0 are all zero. The maximum of a zero stored value and zero input value is always the stored value. The maximum of any numeric value x and NaN is NaN.
-            "arrayValue": { # An array value. # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
-              "values": [ # Values in the array.
-                # Object with schema name: Value
-              ],
-            },
+            "arrayValue": # Object with schema name: ArrayValue # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
             "booleanValue": True or False, # A boolean value.
             "bytesValue": "A String", # A bytes value. Must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes are considered by queries.
             "doubleValue": 3.14, # A double value.
@@ -2048,11 +2093,7 @@ 
Method Details

             "timestampValue": "A String", # A timestamp value. Precise only to microseconds. When stored, any additional precision is rounded down.
           },
           "minimum": { # A message that can hold any of the supported value types. # Sets the field to the minimum of its current value and the given value. This must be an integer or a double value. If the field is not an integer or double, or if the field does not yet exist, the transformation will set the field to the input value. If a minimum operation is applied where the field and the input value are of mixed types (that is - one is an integer and one is a double) the field takes on the type of the smaller operand. If the operands are equivalent (e.g. 3 and 3.0), the field does not change. 0, 0.0, and -0.0 are all zero. The minimum of a zero stored value and zero input value is always the stored value. The minimum of any numeric value x and NaN is NaN.
-            "arrayValue": { # An array value. # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
-              "values": [ # Values in the array.
-                # Object with schema name: Value
-              ],
-            },
+            "arrayValue": # Object with schema name: ArrayValue # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
             "booleanValue": True or False, # A boolean value.
             "bytesValue": "A String", # A bytes value. Must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes are considered by queries.
             "doubleValue": 3.14, # A double value.
@@ -2073,7 +2114,26 @@ 
Method Details

           },
           "removeAllFromArray": { # An array value. # Remove all of the given elements from the array in the field. If the field is not an array, or if the field does not yet exist, it is set to the empty array. Equivalent numbers of the different types (e.g. 3L and 3.0) are considered equal when deciding whether an element should be removed. NaN is equal to NaN, and Null is equal to Null. This will remove all equivalent values if there are duplicates. The corresponding transform_result will be the null value.
             "values": [ # Values in the array.
-              # Object with schema name: Value
+              { # A message that can hold any of the supported value types.
+                "arrayValue": # Object with schema name: ArrayValue # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
+                "booleanValue": True or False, # A boolean value.
+                "bytesValue": "A String", # A bytes value. Must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes are considered by queries.
+                "doubleValue": 3.14, # A double value.
+                "geoPointValue": { # An object that represents a latitude/longitude pair. This is expressed as a pair of doubles to represent degrees latitude and degrees longitude. Unless specified otherwise, this object must conform to the WGS84 standard. Values must be within normalized ranges. # A geo point value representing a point on the surface of Earth.
+                  "latitude": 3.14, # The latitude in degrees. It must be in the range [-90.0, +90.0].
+                  "longitude": 3.14, # The longitude in degrees. It must be in the range [-180.0, +180.0].
+                },
+                "integerValue": "A String", # An integer value.
+                "mapValue": { # A map value. # A map value.
+                  "fields": { # The map's fields. The map keys represent field names. Field names matching the regular expression `__.*__` are reserved. Reserved field names are forbidden except in certain documented contexts. The map keys, represented as UTF-8, must not exceed 1,500 bytes and cannot be empty.
+                    "a_key": # Object with schema name: Value
+                  },
+                },
+                "nullValue": "A String", # A null value.
+                "referenceValue": "A String", # A reference to a document. For example: `projects/{project_id}/databases/{database_id}/documents/{document_path}`.
+                "stringValue": "A String", # A string value. The string, represented as UTF-8, must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes of the UTF-8 representation are considered by queries.
+                "timestampValue": "A String", # A timestamp value. Precise only to microseconds. When stored, any additional precision is rounded down.
+              },
             ],
           },
           "setToServerValue": "A String", # Sets the field to the given server value.
@@ -2099,11 +2159,7 @@ 
Method Details

     { # The result of applying a write.
       "transformResults": [ # The results of applying each DocumentTransform.FieldTransform, in the same order.
         { # A message that can hold any of the supported value types.
-          "arrayValue": { # An array value. # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
-            "values": [ # Values in the array.
-              # Object with schema name: Value
-            ],
-          },
+          "arrayValue": # Object with schema name: ArrayValue # An array value. Cannot directly contain another array value, though can contain an map which contains another array.
           "booleanValue": True or False, # A boolean value.
           "bytesValue": "A String", # A bytes value. Must not exceed 1 MiB - 89 bytes. Only the first 1,500 bytes are considered by queries.
           "doubleValue": 3.14, # A double value.
diff --git a/docs/dyn/gameservices_v1.projects.locations.gameServerDeployments.configs.html b/docs/dyn/gameservices_v1.projects.locations.gameServerDeployments.configs.html
index 4ce6d399d24..22ff344732f 100644
--- a/docs/dyn/gameservices_v1.projects.locations.gameServerDeployments.configs.html
+++ b/docs/dyn/gameservices_v1.projects.locations.gameServerDeployments.configs.html
@@ -125,7 +125,7 @@ 
Method Details

       "fleetAutoscalerSpec": "A String", # Required. Agones fleet autoscaler spec. Example spec: https://agones.dev/site/docs/reference/fleetautoscaler/
       "name": "A String", # Required. The name of the Scaling Config
       "schedules": [ # The schedules to which this Scaling Config applies.
-        { # The schedule of a recurring or one time event. The event's time span is specified by start_time and end_time. If the scheduled event's timespan is larger than the cron_spec + cron_job_duration, the event will be recurring. If only cron_spec + cron_job_duration are specified, the event is effective starting at the local time specified by cron_spec, and is recurring. start_time|-------[cron job]-------[cron job]-------[cron job]---|end_time cron job: cron spec start time + duration
+        { # The schedule of a recurring or one time event. The event's time span is specified by start_time and end_time. If the scheduled event's timespan is larger than the cron_spec + cron_job_duration, the event will be recurring. If only cron_spec + cron_job_duration are specified, the event is effective starting at the local time specified by cron_spec, and is recurring. ``` start_time|-------[cron job]-------[cron job]-------[cron job]---|end_time cron job: cron spec start time + duration ```
           "cronJobDuration": "A String", # The duration for the cron job event. The duration of the event is effective after the cron job's start time.
           "cronSpec": "A String", # The cron definition of the scheduled event. See https://en.wikipedia.org/wiki/Cron. Cron spec specifies the local time as defined by the realm.
           "endTime": "A String", # The end time of the event.
@@ -241,7 +241,7 @@ 
Method Details

       "fleetAutoscalerSpec": "A String", # Required. Agones fleet autoscaler spec. Example spec: https://agones.dev/site/docs/reference/fleetautoscaler/
       "name": "A String", # Required. The name of the Scaling Config
       "schedules": [ # The schedules to which this Scaling Config applies.
-        { # The schedule of a recurring or one time event. The event's time span is specified by start_time and end_time. If the scheduled event's timespan is larger than the cron_spec + cron_job_duration, the event will be recurring. If only cron_spec + cron_job_duration are specified, the event is effective starting at the local time specified by cron_spec, and is recurring. start_time|-------[cron job]-------[cron job]-------[cron job]---|end_time cron job: cron spec start time + duration
+        { # The schedule of a recurring or one time event. The event's time span is specified by start_time and end_time. If the scheduled event's timespan is larger than the cron_spec + cron_job_duration, the event will be recurring. If only cron_spec + cron_job_duration are specified, the event is effective starting at the local time specified by cron_spec, and is recurring. ``` start_time|-------[cron job]-------[cron job]-------[cron job]---|end_time cron job: cron spec start time + duration ```
           "cronJobDuration": "A String", # The duration for the cron job event. The duration of the event is effective after the cron job's start time.
           "cronSpec": "A String", # The cron definition of the scheduled event. See https://en.wikipedia.org/wiki/Cron. Cron spec specifies the local time as defined by the realm.
           "endTime": "A String", # The end time of the event.
@@ -299,7 +299,7 @@ 
Method Details

           "fleetAutoscalerSpec": "A String", # Required. Agones fleet autoscaler spec. Example spec: https://agones.dev/site/docs/reference/fleetautoscaler/
           "name": "A String", # Required. The name of the Scaling Config
           "schedules": [ # The schedules to which this Scaling Config applies.
-            { # The schedule of a recurring or one time event. The event's time span is specified by start_time and end_time. If the scheduled event's timespan is larger than the cron_spec + cron_job_duration, the event will be recurring. If only cron_spec + cron_job_duration are specified, the event is effective starting at the local time specified by cron_spec, and is recurring. start_time|-------[cron job]-------[cron job]-------[cron job]---|end_time cron job: cron spec start time + duration
+            { # The schedule of a recurring or one time event. The event's time span is specified by start_time and end_time. If the scheduled event's timespan is larger than the cron_spec + cron_job_duration, the event will be recurring. If only cron_spec + cron_job_duration are specified, the event is effective starting at the local time specified by cron_spec, and is recurring. ``` start_time|-------[cron job]-------[cron job]-------[cron job]---|end_time cron job: cron spec start time + duration ```
               "cronJobDuration": "A String", # The duration for the cron job event. The duration of the event is effective after the cron job's start time.
               "cronSpec": "A String", # The cron definition of the scheduled event. See https://en.wikipedia.org/wiki/Cron. Cron spec specifies the local time as defined by the realm.
               "endTime": "A String", # The end time of the event.
diff --git a/docs/dyn/gameservices_v1.projects.locations.gameServerDeployments.html b/docs/dyn/gameservices_v1.projects.locations.gameServerDeployments.html
index 0aa52dbdc14..ff4eea0a069 100644
--- a/docs/dyn/gameservices_v1.projects.locations.gameServerDeployments.html
+++ b/docs/dyn/gameservices_v1.projects.locations.gameServerDeployments.html
@@ -302,7 +302,7 @@ 
Method Details

 
 Args:
   resource: string, REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. (required)
-  options_requestedPolicyVersion: integer, Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  options_requestedPolicyVersion: integer, Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
diff --git a/docs/dyn/gameservices_v1beta.projects.locations.gameServerDeployments.configs.html b/docs/dyn/gameservices_v1beta.projects.locations.gameServerDeployments.configs.html
index 44c8d6cc585..2c5b9c3ed91 100644
--- a/docs/dyn/gameservices_v1beta.projects.locations.gameServerDeployments.configs.html
+++ b/docs/dyn/gameservices_v1beta.projects.locations.gameServerDeployments.configs.html
@@ -125,7 +125,7 @@ 
Method Details

       "fleetAutoscalerSpec": "A String", # Required. Agones fleet autoscaler spec. Example spec: https://agones.dev/site/docs/reference/fleetautoscaler/
       "name": "A String", # Required. The name of the Scaling Config
       "schedules": [ # The schedules to which this Scaling Config applies.
-        { # The schedule of a recurring or one time event. The event's time span is specified by start_time and end_time. If the scheduled event's timespan is larger than the cron_spec + cron_job_duration, the event will be recurring. If only cron_spec + cron_job_duration are specified, the event is effective starting at the local time specified by cron_spec, and is recurring. start_time|-------[cron job]-------[cron job]-------[cron job]---|end_time cron job: cron spec start time + duration
+        { # The schedule of a recurring or one time event. The event's time span is specified by start_time and end_time. If the scheduled event's timespan is larger than the cron_spec + cron_job_duration, the event will be recurring. If only cron_spec + cron_job_duration are specified, the event is effective starting at the local time specified by cron_spec, and is recurring. ``` start_time|-------[cron job]-------[cron job]-------[cron job]---|end_time cron job: cron spec start time + duration ```
           "cronJobDuration": "A String", # The duration for the cron job event. The duration of the event is effective after the cron job's start time.
           "cronSpec": "A String", # The cron definition of the scheduled event. See https://en.wikipedia.org/wiki/Cron. Cron spec specifies the local time as defined by the realm.
           "endTime": "A String", # The end time of the event.
@@ -241,7 +241,7 @@ 
Method Details

       "fleetAutoscalerSpec": "A String", # Required. Agones fleet autoscaler spec. Example spec: https://agones.dev/site/docs/reference/fleetautoscaler/
       "name": "A String", # Required. The name of the Scaling Config
       "schedules": [ # The schedules to which this Scaling Config applies.
-        { # The schedule of a recurring or one time event. The event's time span is specified by start_time and end_time. If the scheduled event's timespan is larger than the cron_spec + cron_job_duration, the event will be recurring. If only cron_spec + cron_job_duration are specified, the event is effective starting at the local time specified by cron_spec, and is recurring. start_time|-------[cron job]-------[cron job]-------[cron job]---|end_time cron job: cron spec start time + duration
+        { # The schedule of a recurring or one time event. The event's time span is specified by start_time and end_time. If the scheduled event's timespan is larger than the cron_spec + cron_job_duration, the event will be recurring. If only cron_spec + cron_job_duration are specified, the event is effective starting at the local time specified by cron_spec, and is recurring. ``` start_time|-------[cron job]-------[cron job]-------[cron job]---|end_time cron job: cron spec start time + duration ```
           "cronJobDuration": "A String", # The duration for the cron job event. The duration of the event is effective after the cron job's start time.
           "cronSpec": "A String", # The cron definition of the scheduled event. See https://en.wikipedia.org/wiki/Cron. Cron spec specifies the local time as defined by the realm.
           "endTime": "A String", # The end time of the event.
@@ -299,7 +299,7 @@ 
Method Details

           "fleetAutoscalerSpec": "A String", # Required. Agones fleet autoscaler spec. Example spec: https://agones.dev/site/docs/reference/fleetautoscaler/
           "name": "A String", # Required. The name of the Scaling Config
           "schedules": [ # The schedules to which this Scaling Config applies.
-            { # The schedule of a recurring or one time event. The event's time span is specified by start_time and end_time. If the scheduled event's timespan is larger than the cron_spec + cron_job_duration, the event will be recurring. If only cron_spec + cron_job_duration are specified, the event is effective starting at the local time specified by cron_spec, and is recurring. start_time|-------[cron job]-------[cron job]-------[cron job]---|end_time cron job: cron spec start time + duration
+            { # The schedule of a recurring or one time event. The event's time span is specified by start_time and end_time. If the scheduled event's timespan is larger than the cron_spec + cron_job_duration, the event will be recurring. If only cron_spec + cron_job_duration are specified, the event is effective starting at the local time specified by cron_spec, and is recurring. ``` start_time|-------[cron job]-------[cron job]-------[cron job]---|end_time cron job: cron spec start time + duration ```
               "cronJobDuration": "A String", # The duration for the cron job event. The duration of the event is effective after the cron job's start time.
               "cronSpec": "A String", # The cron definition of the scheduled event. See https://en.wikipedia.org/wiki/Cron. Cron spec specifies the local time as defined by the realm.
               "endTime": "A String", # The end time of the event.
diff --git a/docs/dyn/gameservices_v1beta.projects.locations.gameServerDeployments.html b/docs/dyn/gameservices_v1beta.projects.locations.gameServerDeployments.html
index 5beebe97602..5c722994ca7 100644
--- a/docs/dyn/gameservices_v1beta.projects.locations.gameServerDeployments.html
+++ b/docs/dyn/gameservices_v1beta.projects.locations.gameServerDeployments.html
@@ -302,7 +302,7 @@ 
Method Details

 
 Args:
   resource: string, REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. (required)
-  options_requestedPolicyVersion: integer, Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  options_requestedPolicyVersion: integer, Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
diff --git a/docs/dyn/gkehub_v1.projects.locations.features.html b/docs/dyn/gkehub_v1.projects.locations.features.html
index ed970647e0d..d1fb580c29e 100644
--- a/docs/dyn/gkehub_v1.projects.locations.features.html
+++ b/docs/dyn/gkehub_v1.projects.locations.features.html
@@ -134,12 +134,13 @@ 
Method Details

             "gcpServiceAccountEmail": "A String", # The GCP Service Account Email used for auth when secret_type is gcpServiceAccount.
             "httpsProxy": "A String", # URL for the HTTPS proxy to be used when communicating with the Git repo.
             "policyDir": "A String", # The path within the Git repository that represents the top level of the repo to sync. Default: the root directory of the repository.
-            "secretType": "A String", # Type of secret configured for access to the Git repo.
+            "secretType": "A String", # Type of secret configured for access to the Git repo. Must be one of ssh, cookiefile, gcenode, token, gcpserviceaccount or none. The validation of this is case-sensitive. Required.
             "syncBranch": "A String", # The branch of the repository to sync from. Default: master.
             "syncRepo": "A String", # The URL of the Git repository to use as the source of truth.
             "syncRev": "A String", # Git revision (tag or hash) to check out. Default HEAD.
             "syncWaitSecs": "A String", # Period in seconds between consecutive syncs. Default: 15.
           },
+          "preventDrift": True or False, # Set to true to enable the Config Sync admission webhook to prevent drifts. If set to `false`, disables the Config Sync admission webhook and does not prevent drifts.
           "sourceFormat": "A String", # Specifies whether the Config Sync Repo is in “hierarchical” or “unstructured” mode.
         },
         "hierarchyController": { # Configuration for Hierarchy Controller # Hierarchy Controller configuration for the cluster.
@@ -234,12 +235,13 @@ 
Method Details

               "gcpServiceAccountEmail": "A String", # The GCP Service Account Email used for auth when secret_type is gcpServiceAccount.
               "httpsProxy": "A String", # URL for the HTTPS proxy to be used when communicating with the Git repo.
               "policyDir": "A String", # The path within the Git repository that represents the top level of the repo to sync. Default: the root directory of the repository.
-              "secretType": "A String", # Type of secret configured for access to the Git repo.
+              "secretType": "A String", # Type of secret configured for access to the Git repo. Must be one of ssh, cookiefile, gcenode, token, gcpserviceaccount or none. The validation of this is case-sensitive. Required.
               "syncBranch": "A String", # The branch of the repository to sync from. Default: master.
               "syncRepo": "A String", # The URL of the Git repository to use as the source of truth.
               "syncRev": "A String", # Git revision (tag or hash) to check out. Default HEAD.
               "syncWaitSecs": "A String", # Period in seconds between consecutive syncs. Default: 15.
             },
+            "preventDrift": True or False, # Set to true to enable the Config Sync admission webhook to prevent drifts. If set to `false`, disables the Config Sync admission webhook and does not prevent drifts.
             "sourceFormat": "A String", # Specifies whether the Config Sync Repo is in “hierarchical” or “unstructured” mode.
           },
           "hierarchyController": { # Configuration for Hierarchy Controller # Hierarchy Controller configuration for the cluster.
@@ -409,12 +411,13 @@ 
Method Details

             "gcpServiceAccountEmail": "A String", # The GCP Service Account Email used for auth when secret_type is gcpServiceAccount.
             "httpsProxy": "A String", # URL for the HTTPS proxy to be used when communicating with the Git repo.
             "policyDir": "A String", # The path within the Git repository that represents the top level of the repo to sync. Default: the root directory of the repository.
-            "secretType": "A String", # Type of secret configured for access to the Git repo.
+            "secretType": "A String", # Type of secret configured for access to the Git repo. Must be one of ssh, cookiefile, gcenode, token, gcpserviceaccount or none. The validation of this is case-sensitive. Required.
             "syncBranch": "A String", # The branch of the repository to sync from. Default: master.
             "syncRepo": "A String", # The URL of the Git repository to use as the source of truth.
             "syncRev": "A String", # Git revision (tag or hash) to check out. Default HEAD.
             "syncWaitSecs": "A String", # Period in seconds between consecutive syncs. Default: 15.
           },
+          "preventDrift": True or False, # Set to true to enable the Config Sync admission webhook to prevent drifts. If set to `false`, disables the Config Sync admission webhook and does not prevent drifts.
           "sourceFormat": "A String", # Specifies whether the Config Sync Repo is in “hierarchical” or “unstructured” mode.
         },
         "hierarchyController": { # Configuration for Hierarchy Controller # Hierarchy Controller configuration for the cluster.
@@ -509,12 +512,13 @@ 
Method Details

               "gcpServiceAccountEmail": "A String", # The GCP Service Account Email used for auth when secret_type is gcpServiceAccount.
               "httpsProxy": "A String", # URL for the HTTPS proxy to be used when communicating with the Git repo.
               "policyDir": "A String", # The path within the Git repository that represents the top level of the repo to sync. Default: the root directory of the repository.
-              "secretType": "A String", # Type of secret configured for access to the Git repo.
+              "secretType": "A String", # Type of secret configured for access to the Git repo. Must be one of ssh, cookiefile, gcenode, token, gcpserviceaccount or none. The validation of this is case-sensitive. Required.
               "syncBranch": "A String", # The branch of the repository to sync from. Default: master.
               "syncRepo": "A String", # The URL of the Git repository to use as the source of truth.
               "syncRev": "A String", # Git revision (tag or hash) to check out. Default HEAD.
               "syncWaitSecs": "A String", # Period in seconds between consecutive syncs. Default: 15.
             },
+            "preventDrift": True or False, # Set to true to enable the Config Sync admission webhook to prevent drifts. If set to `false`, disables the Config Sync admission webhook and does not prevent drifts.
             "sourceFormat": "A String", # Specifies whether the Config Sync Repo is in “hierarchical” or “unstructured” mode.
           },
           "hierarchyController": { # Configuration for Hierarchy Controller # Hierarchy Controller configuration for the cluster.
@@ -594,7 +598,7 @@ 
Method Details

 
 Args:
   resource: string, REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. (required)
-  options_requestedPolicyVersion: integer, Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  options_requestedPolicyVersion: integer, Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
@@ -672,12 +676,13 @@ 
Method Details

                 "gcpServiceAccountEmail": "A String", # The GCP Service Account Email used for auth when secret_type is gcpServiceAccount.
                 "httpsProxy": "A String", # URL for the HTTPS proxy to be used when communicating with the Git repo.
                 "policyDir": "A String", # The path within the Git repository that represents the top level of the repo to sync. Default: the root directory of the repository.
-                "secretType": "A String", # Type of secret configured for access to the Git repo.
+                "secretType": "A String", # Type of secret configured for access to the Git repo. Must be one of ssh, cookiefile, gcenode, token, gcpserviceaccount or none. The validation of this is case-sensitive. Required.
                 "syncBranch": "A String", # The branch of the repository to sync from. Default: master.
                 "syncRepo": "A String", # The URL of the Git repository to use as the source of truth.
                 "syncRev": "A String", # Git revision (tag or hash) to check out. Default HEAD.
                 "syncWaitSecs": "A String", # Period in seconds between consecutive syncs. Default: 15.
               },
+              "preventDrift": True or False, # Set to true to enable the Config Sync admission webhook to prevent drifts. If set to `false`, disables the Config Sync admission webhook and does not prevent drifts.
               "sourceFormat": "A String", # Specifies whether the Config Sync Repo is in “hierarchical” or “unstructured” mode.
             },
             "hierarchyController": { # Configuration for Hierarchy Controller # Hierarchy Controller configuration for the cluster.
@@ -772,12 +777,13 @@ 
Method Details

                   "gcpServiceAccountEmail": "A String", # The GCP Service Account Email used for auth when secret_type is gcpServiceAccount.
                   "httpsProxy": "A String", # URL for the HTTPS proxy to be used when communicating with the Git repo.
                   "policyDir": "A String", # The path within the Git repository that represents the top level of the repo to sync. Default: the root directory of the repository.
-                  "secretType": "A String", # Type of secret configured for access to the Git repo.
+                  "secretType": "A String", # Type of secret configured for access to the Git repo. Must be one of ssh, cookiefile, gcenode, token, gcpserviceaccount or none. The validation of this is case-sensitive. Required.
                   "syncBranch": "A String", # The branch of the repository to sync from. Default: master.
                   "syncRepo": "A String", # The URL of the Git repository to use as the source of truth.
                   "syncRev": "A String", # Git revision (tag or hash) to check out. Default HEAD.
                   "syncWaitSecs": "A String", # Period in seconds between consecutive syncs. Default: 15.
                 },
+                "preventDrift": True or False, # Set to true to enable the Config Sync admission webhook to prevent drifts. If set to `false`, disables the Config Sync admission webhook and does not prevent drifts.
                 "sourceFormat": "A String", # Specifies whether the Config Sync Repo is in “hierarchical” or “unstructured” mode.
               },
               "hierarchyController": { # Configuration for Hierarchy Controller # Hierarchy Controller configuration for the cluster.
@@ -891,12 +897,13 @@ 
Method Details

             "gcpServiceAccountEmail": "A String", # The GCP Service Account Email used for auth when secret_type is gcpServiceAccount.
             "httpsProxy": "A String", # URL for the HTTPS proxy to be used when communicating with the Git repo.
             "policyDir": "A String", # The path within the Git repository that represents the top level of the repo to sync. Default: the root directory of the repository.
-            "secretType": "A String", # Type of secret configured for access to the Git repo.
+            "secretType": "A String", # Type of secret configured for access to the Git repo. Must be one of ssh, cookiefile, gcenode, token, gcpserviceaccount or none. The validation of this is case-sensitive. Required.
             "syncBranch": "A String", # The branch of the repository to sync from. Default: master.
             "syncRepo": "A String", # The URL of the Git repository to use as the source of truth.
             "syncRev": "A String", # Git revision (tag or hash) to check out. Default HEAD.
             "syncWaitSecs": "A String", # Period in seconds between consecutive syncs. Default: 15.
           },
+          "preventDrift": True or False, # Set to true to enable the Config Sync admission webhook to prevent drifts. If set to `false`, disables the Config Sync admission webhook and does not prevent drifts.
           "sourceFormat": "A String", # Specifies whether the Config Sync Repo is in “hierarchical” or “unstructured” mode.
         },
         "hierarchyController": { # Configuration for Hierarchy Controller # Hierarchy Controller configuration for the cluster.
@@ -991,12 +998,13 @@ 
Method Details

               "gcpServiceAccountEmail": "A String", # The GCP Service Account Email used for auth when secret_type is gcpServiceAccount.
               "httpsProxy": "A String", # URL for the HTTPS proxy to be used when communicating with the Git repo.
               "policyDir": "A String", # The path within the Git repository that represents the top level of the repo to sync. Default: the root directory of the repository.
-              "secretType": "A String", # Type of secret configured for access to the Git repo.
+              "secretType": "A String", # Type of secret configured for access to the Git repo. Must be one of ssh, cookiefile, gcenode, token, gcpserviceaccount or none. The validation of this is case-sensitive. Required.
               "syncBranch": "A String", # The branch of the repository to sync from. Default: master.
               "syncRepo": "A String", # The URL of the Git repository to use as the source of truth.
               "syncRev": "A String", # Git revision (tag or hash) to check out. Default HEAD.
               "syncWaitSecs": "A String", # Period in seconds between consecutive syncs. Default: 15.
             },
+            "preventDrift": True or False, # Set to true to enable the Config Sync admission webhook to prevent drifts. If set to `false`, disables the Config Sync admission webhook and does not prevent drifts.
             "sourceFormat": "A String", # Specifies whether the Config Sync Repo is in “hierarchical” or “unstructured” mode.
           },
           "hierarchyController": { # Configuration for Hierarchy Controller # Hierarchy Controller configuration for the cluster.
diff --git a/docs/dyn/gkehub_v1.projects.locations.memberships.html b/docs/dyn/gkehub_v1.projects.locations.memberships.html
index 11399f3e85d..e931fb60264 100644
--- a/docs/dyn/gkehub_v1.projects.locations.memberships.html
+++ b/docs/dyn/gkehub_v1.projects.locations.memberships.html
@@ -145,6 +145,25 @@ 
Method Details

       "updateTime": "A String", # Output only. The time at which these details were last updated. This update_time is different from the Membership-level update_time since EndpointDetails are updated internally for API consumers.
       "vcpuCount": 42, # Output only. vCPU count as reported by Kubernetes nodes resources.
     },
+    "kubernetesResource": { # KubernetesResource contains the YAML manifests and configuration for Membership Kubernetes resources in the cluster. After CreateMembership or UpdateMembership, these resources should be re-applied in the cluster. # Optional. The in-cluster Kubernetes Resources that should be applied for a correctly registered cluster, in the steady state. These resources: * Ensure that the cluster is exclusively registered to one and only one Hub Membership. * Propagate Workload Pool Information available in the Membership Authority field. * Ensure proper initial configuration of default Hub Features.
+      "connectResources": [ # Output only. The Kubernetes resources for installing the GKE Connect agent This field is only populated in the Membership returned from a successful long-running operation from CreateMembership or UpdateMembership. It is not populated during normal GetMembership or ListMemberships requests. To get the resource manifest after the initial registration, the caller should make a UpdateMembership call with an empty field mask.
+        { # ResourceManifest represents a single Kubernetes resource to be applied to the cluster.
+          "clusterScoped": True or False, # Whether the resource provided in the manifest is `cluster_scoped`. If unset, the manifest is assumed to be namespace scoped. This field is used for REST mapping when applying the resource in a cluster.
+          "manifest": "A String", # YAML manifest of the resource.
+        },
+      ],
+      "membershipCrManifest": "A String", # Input only. The YAML representation of the Membership CR. This field is ignored for GKE clusters where Hub can read the CR directly. Callers should provide the CR that is currently present in the cluster during CreateMembership or UpdateMembership, or leave this field empty if none exists. The CR manifest is used to validate the cluster has not been registered with another Membership.
+      "membershipResources": [ # Output only. Additional Kubernetes resources that need to be applied to the cluster after Membership creation, and after every update. This field is only populated in the Membership returned from a successful long-running operation from CreateMembership or UpdateMembership. It is not populated during normal GetMembership or ListMemberships requests. To get the resource manifest after the initial registration, the caller should make a UpdateMembership call with an empty field mask.
+        { # ResourceManifest represents a single Kubernetes resource to be applied to the cluster.
+          "clusterScoped": True or False, # Whether the resource provided in the manifest is `cluster_scoped`. If unset, the manifest is assumed to be namespace scoped. This field is used for REST mapping when applying the resource in a cluster.
+          "manifest": "A String", # YAML manifest of the resource.
+        },
+      ],
+      "resourceOptions": { # ResourceOptions represent options for Kubernetes resource generation. # Optional. Options for Kubernetes resource generation.
+        "connectVersion": "A String", # Optional. The Connect agent version to use for connect_resources. Defaults to the latest GKE Connect version. The version must be a currently supported version, obsolete versions will be rejected.
+        "v1beta1Crd": True or False, # Optional. Use `apiextensions/v1beta1` instead of `apiextensions/v1` for CustomResourceDefinition resources. This option should be set for clusters with Kubernetes apiserver versions <1.16.
+      },
+    },
     "multiCloudCluster": { # MultiCloudCluster contains information specific to GKE Multi-Cloud clusters. # Optional. Specific information for a GKE Multi-Cloud cluster.
       "clusterMissing": True or False, # Output only. If cluster_missing is set then it denotes that API(gkemulticloud.googleapis.com) resource for this GKE Multi-Cloud cluster no longer exists.
       "resourceLink": "A String", # Immutable. Self-link of the GCP resource for the GKE Multi-Cloud cluster. For example: //gkemulticloud.googleapis.com/projects/my-project/locations/us-west1-a/awsClusters/my-cluster //gkemulticloud.googleapis.com/projects/my-project/locations/us-west1-a/azureClusters/my-cluster
@@ -305,6 +324,25 @@ 
Method Details

       "updateTime": "A String", # Output only. The time at which these details were last updated. This update_time is different from the Membership-level update_time since EndpointDetails are updated internally for API consumers.
       "vcpuCount": 42, # Output only. vCPU count as reported by Kubernetes nodes resources.
     },
+    "kubernetesResource": { # KubernetesResource contains the YAML manifests and configuration for Membership Kubernetes resources in the cluster. After CreateMembership or UpdateMembership, these resources should be re-applied in the cluster. # Optional. The in-cluster Kubernetes Resources that should be applied for a correctly registered cluster, in the steady state. These resources: * Ensure that the cluster is exclusively registered to one and only one Hub Membership. * Propagate Workload Pool Information available in the Membership Authority field. * Ensure proper initial configuration of default Hub Features.
+      "connectResources": [ # Output only. The Kubernetes resources for installing the GKE Connect agent This field is only populated in the Membership returned from a successful long-running operation from CreateMembership or UpdateMembership. It is not populated during normal GetMembership or ListMemberships requests. To get the resource manifest after the initial registration, the caller should make a UpdateMembership call with an empty field mask.
+        { # ResourceManifest represents a single Kubernetes resource to be applied to the cluster.
+          "clusterScoped": True or False, # Whether the resource provided in the manifest is `cluster_scoped`. If unset, the manifest is assumed to be namespace scoped. This field is used for REST mapping when applying the resource in a cluster.
+          "manifest": "A String", # YAML manifest of the resource.
+        },
+      ],
+      "membershipCrManifest": "A String", # Input only. The YAML representation of the Membership CR. This field is ignored for GKE clusters where Hub can read the CR directly. Callers should provide the CR that is currently present in the cluster during CreateMembership or UpdateMembership, or leave this field empty if none exists. The CR manifest is used to validate the cluster has not been registered with another Membership.
+      "membershipResources": [ # Output only. Additional Kubernetes resources that need to be applied to the cluster after Membership creation, and after every update. This field is only populated in the Membership returned from a successful long-running operation from CreateMembership or UpdateMembership. It is not populated during normal GetMembership or ListMemberships requests. To get the resource manifest after the initial registration, the caller should make a UpdateMembership call with an empty field mask.
+        { # ResourceManifest represents a single Kubernetes resource to be applied to the cluster.
+          "clusterScoped": True or False, # Whether the resource provided in the manifest is `cluster_scoped`. If unset, the manifest is assumed to be namespace scoped. This field is used for REST mapping when applying the resource in a cluster.
+          "manifest": "A String", # YAML manifest of the resource.
+        },
+      ],
+      "resourceOptions": { # ResourceOptions represent options for Kubernetes resource generation. # Optional. Options for Kubernetes resource generation.
+        "connectVersion": "A String", # Optional. The Connect agent version to use for connect_resources. Defaults to the latest GKE Connect version. The version must be a currently supported version, obsolete versions will be rejected.
+        "v1beta1Crd": True or False, # Optional. Use `apiextensions/v1beta1` instead of `apiextensions/v1` for CustomResourceDefinition resources. This option should be set for clusters with Kubernetes apiserver versions <1.16.
+      },
+    },
     "multiCloudCluster": { # MultiCloudCluster contains information specific to GKE Multi-Cloud clusters. # Optional. Specific information for a GKE Multi-Cloud cluster.
       "clusterMissing": True or False, # Output only. If cluster_missing is set then it denotes that API(gkemulticloud.googleapis.com) resource for this GKE Multi-Cloud cluster no longer exists.
       "resourceLink": "A String", # Immutable. Self-link of the GCP resource for the GKE Multi-Cloud cluster. For example: //gkemulticloud.googleapis.com/projects/my-project/locations/us-west1-a/awsClusters/my-cluster //gkemulticloud.googleapis.com/projects/my-project/locations/us-west1-a/azureClusters/my-cluster
@@ -335,7 +373,7 @@ 
Method Details

 
 Args:
   resource: string, REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. (required)
-  options_requestedPolicyVersion: integer, Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  options_requestedPolicyVersion: integer, Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
@@ -421,6 +459,25 @@ 
Method Details

           "updateTime": "A String", # Output only. The time at which these details were last updated. This update_time is different from the Membership-level update_time since EndpointDetails are updated internally for API consumers.
           "vcpuCount": 42, # Output only. vCPU count as reported by Kubernetes nodes resources.
         },
+        "kubernetesResource": { # KubernetesResource contains the YAML manifests and configuration for Membership Kubernetes resources in the cluster. After CreateMembership or UpdateMembership, these resources should be re-applied in the cluster. # Optional. The in-cluster Kubernetes Resources that should be applied for a correctly registered cluster, in the steady state. These resources: * Ensure that the cluster is exclusively registered to one and only one Hub Membership. * Propagate Workload Pool Information available in the Membership Authority field. * Ensure proper initial configuration of default Hub Features.
+          "connectResources": [ # Output only. The Kubernetes resources for installing the GKE Connect agent This field is only populated in the Membership returned from a successful long-running operation from CreateMembership or UpdateMembership. It is not populated during normal GetMembership or ListMemberships requests. To get the resource manifest after the initial registration, the caller should make a UpdateMembership call with an empty field mask.
+            { # ResourceManifest represents a single Kubernetes resource to be applied to the cluster.
+              "clusterScoped": True or False, # Whether the resource provided in the manifest is `cluster_scoped`. If unset, the manifest is assumed to be namespace scoped. This field is used for REST mapping when applying the resource in a cluster.
+              "manifest": "A String", # YAML manifest of the resource.
+            },
+          ],
+          "membershipCrManifest": "A String", # Input only. The YAML representation of the Membership CR. This field is ignored for GKE clusters where Hub can read the CR directly. Callers should provide the CR that is currently present in the cluster during CreateMembership or UpdateMembership, or leave this field empty if none exists. The CR manifest is used to validate the cluster has not been registered with another Membership.
+          "membershipResources": [ # Output only. Additional Kubernetes resources that need to be applied to the cluster after Membership creation, and after every update. This field is only populated in the Membership returned from a successful long-running operation from CreateMembership or UpdateMembership. It is not populated during normal GetMembership or ListMemberships requests. To get the resource manifest after the initial registration, the caller should make a UpdateMembership call with an empty field mask.
+            { # ResourceManifest represents a single Kubernetes resource to be applied to the cluster.
+              "clusterScoped": True or False, # Whether the resource provided in the manifest is `cluster_scoped`. If unset, the manifest is assumed to be namespace scoped. This field is used for REST mapping when applying the resource in a cluster.
+              "manifest": "A String", # YAML manifest of the resource.
+            },
+          ],
+          "resourceOptions": { # ResourceOptions represent options for Kubernetes resource generation. # Optional. Options for Kubernetes resource generation.
+            "connectVersion": "A String", # Optional. The Connect agent version to use for connect_resources. Defaults to the latest GKE Connect version. The version must be a currently supported version, obsolete versions will be rejected.
+            "v1beta1Crd": True or False, # Optional. Use `apiextensions/v1beta1` instead of `apiextensions/v1` for CustomResourceDefinition resources. This option should be set for clusters with Kubernetes apiserver versions <1.16.
+          },
+        },
         "multiCloudCluster": { # MultiCloudCluster contains information specific to GKE Multi-Cloud clusters. # Optional. Specific information for a GKE Multi-Cloud cluster.
           "clusterMissing": True or False, # Output only. If cluster_missing is set then it denotes that API(gkemulticloud.googleapis.com) resource for this GKE Multi-Cloud cluster no longer exists.
           "resourceLink": "A String", # Immutable. Self-link of the GCP resource for the GKE Multi-Cloud cluster. For example: //gkemulticloud.googleapis.com/projects/my-project/locations/us-west1-a/awsClusters/my-cluster //gkemulticloud.googleapis.com/projects/my-project/locations/us-west1-a/azureClusters/my-cluster
@@ -496,6 +553,25 @@ 
Method Details

       "updateTime": "A String", # Output only. The time at which these details were last updated. This update_time is different from the Membership-level update_time since EndpointDetails are updated internally for API consumers.
       "vcpuCount": 42, # Output only. vCPU count as reported by Kubernetes nodes resources.
     },
+    "kubernetesResource": { # KubernetesResource contains the YAML manifests and configuration for Membership Kubernetes resources in the cluster. After CreateMembership or UpdateMembership, these resources should be re-applied in the cluster. # Optional. The in-cluster Kubernetes Resources that should be applied for a correctly registered cluster, in the steady state. These resources: * Ensure that the cluster is exclusively registered to one and only one Hub Membership. * Propagate Workload Pool Information available in the Membership Authority field. * Ensure proper initial configuration of default Hub Features.
+      "connectResources": [ # Output only. The Kubernetes resources for installing the GKE Connect agent This field is only populated in the Membership returned from a successful long-running operation from CreateMembership or UpdateMembership. It is not populated during normal GetMembership or ListMemberships requests. To get the resource manifest after the initial registration, the caller should make a UpdateMembership call with an empty field mask.
+        { # ResourceManifest represents a single Kubernetes resource to be applied to the cluster.
+          "clusterScoped": True or False, # Whether the resource provided in the manifest is `cluster_scoped`. If unset, the manifest is assumed to be namespace scoped. This field is used for REST mapping when applying the resource in a cluster.
+          "manifest": "A String", # YAML manifest of the resource.
+        },
+      ],
+      "membershipCrManifest": "A String", # Input only. The YAML representation of the Membership CR. This field is ignored for GKE clusters where Hub can read the CR directly. Callers should provide the CR that is currently present in the cluster during CreateMembership or UpdateMembership, or leave this field empty if none exists. The CR manifest is used to validate the cluster has not been registered with another Membership.
+      "membershipResources": [ # Output only. Additional Kubernetes resources that need to be applied to the cluster after Membership creation, and after every update. This field is only populated in the Membership returned from a successful long-running operation from CreateMembership or UpdateMembership. It is not populated during normal GetMembership or ListMemberships requests. To get the resource manifest after the initial registration, the caller should make a UpdateMembership call with an empty field mask.
+        { # ResourceManifest represents a single Kubernetes resource to be applied to the cluster.
+          "clusterScoped": True or False, # Whether the resource provided in the manifest is `cluster_scoped`. If unset, the manifest is assumed to be namespace scoped. This field is used for REST mapping when applying the resource in a cluster.
+          "manifest": "A String", # YAML manifest of the resource.
+        },
+      ],
+      "resourceOptions": { # ResourceOptions represent options for Kubernetes resource generation. # Optional. Options for Kubernetes resource generation.
+        "connectVersion": "A String", # Optional. The Connect agent version to use for connect_resources. Defaults to the latest GKE Connect version. The version must be a currently supported version, obsolete versions will be rejected.
+        "v1beta1Crd": True or False, # Optional. Use `apiextensions/v1beta1` instead of `apiextensions/v1` for CustomResourceDefinition resources. This option should be set for clusters with Kubernetes apiserver versions <1.16.
+      },
+    },
     "multiCloudCluster": { # MultiCloudCluster contains information specific to GKE Multi-Cloud clusters. # Optional. Specific information for a GKE Multi-Cloud cluster.
       "clusterMissing": True or False, # Output only. If cluster_missing is set then it denotes that API(gkemulticloud.googleapis.com) resource for this GKE Multi-Cloud cluster no longer exists.
       "resourceLink": "A String", # Immutable. Self-link of the GCP resource for the GKE Multi-Cloud cluster. For example: //gkemulticloud.googleapis.com/projects/my-project/locations/us-west1-a/awsClusters/my-cluster //gkemulticloud.googleapis.com/projects/my-project/locations/us-west1-a/azureClusters/my-cluster
diff --git a/docs/dyn/gkehub_v1alpha.projects.locations.features.html b/docs/dyn/gkehub_v1alpha.projects.locations.features.html
index 5f14d56b707..5f6be6e5568 100644
--- a/docs/dyn/gkehub_v1alpha.projects.locations.features.html
+++ b/docs/dyn/gkehub_v1alpha.projects.locations.features.html
@@ -137,12 +137,13 @@ 
Method Details

             "gcpServiceAccountEmail": "A String", # The GCP Service Account Email used for auth when secret_type is gcpServiceAccount.
             "httpsProxy": "A String", # URL for the HTTPS proxy to be used when communicating with the Git repo.
             "policyDir": "A String", # The path within the Git repository that represents the top level of the repo to sync. Default: the root directory of the repository.
-            "secretType": "A String", # Type of secret configured for access to the Git repo.
+            "secretType": "A String", # Type of secret configured for access to the Git repo. Must be one of ssh, cookiefile, gcenode, token, gcpserviceaccount or none. The validation of this is case-sensitive. Required.
             "syncBranch": "A String", # The branch of the repository to sync from. Default: master.
             "syncRepo": "A String", # The URL of the Git repository to use as the source of truth.
             "syncRev": "A String", # Git revision (tag or hash) to check out. Default HEAD.
             "syncWaitSecs": "A String", # Period in seconds between consecutive syncs. Default: 15.
           },
+          "preventDrift": True or False, # Set to true to enable the Config Sync admission webhook to prevent drifts. If set to `false`, disables the Config Sync admission webhook and does not prevent drifts.
           "sourceFormat": "A String", # Specifies whether the Config Sync Repo is in “hierarchical” or “unstructured” mode.
         },
         "hierarchyController": { # Configuration for Hierarchy Controller # Hierarchy Controller configuration for the cluster.
@@ -270,12 +271,13 @@ 
Method Details

               "gcpServiceAccountEmail": "A String", # The GCP Service Account Email used for auth when secret_type is gcpServiceAccount.
               "httpsProxy": "A String", # URL for the HTTPS proxy to be used when communicating with the Git repo.
               "policyDir": "A String", # The path within the Git repository that represents the top level of the repo to sync. Default: the root directory of the repository.
-              "secretType": "A String", # Type of secret configured for access to the Git repo.
+              "secretType": "A String", # Type of secret configured for access to the Git repo. Must be one of ssh, cookiefile, gcenode, token, gcpserviceaccount or none. The validation of this is case-sensitive. Required.
               "syncBranch": "A String", # The branch of the repository to sync from. Default: master.
               "syncRepo": "A String", # The URL of the Git repository to use as the source of truth.
               "syncRev": "A String", # Git revision (tag or hash) to check out. Default HEAD.
               "syncWaitSecs": "A String", # Period in seconds between consecutive syncs. Default: 15.
             },
+            "preventDrift": True or False, # Set to true to enable the Config Sync admission webhook to prevent drifts. If set to `false`, disables the Config Sync admission webhook and does not prevent drifts.
             "sourceFormat": "A String", # Specifies whether the Config Sync Repo is in “hierarchical” or “unstructured” mode.
           },
           "hierarchyController": { # Configuration for Hierarchy Controller # Hierarchy Controller configuration for the cluster.
@@ -528,12 +530,13 @@ 
Method Details

             "gcpServiceAccountEmail": "A String", # The GCP Service Account Email used for auth when secret_type is gcpServiceAccount.
             "httpsProxy": "A String", # URL for the HTTPS proxy to be used when communicating with the Git repo.
             "policyDir": "A String", # The path within the Git repository that represents the top level of the repo to sync. Default: the root directory of the repository.
-            "secretType": "A String", # Type of secret configured for access to the Git repo.
+            "secretType": "A String", # Type of secret configured for access to the Git repo. Must be one of ssh, cookiefile, gcenode, token, gcpserviceaccount or none. The validation of this is case-sensitive. Required.
             "syncBranch": "A String", # The branch of the repository to sync from. Default: master.
             "syncRepo": "A String", # The URL of the Git repository to use as the source of truth.
             "syncRev": "A String", # Git revision (tag or hash) to check out. Default HEAD.
             "syncWaitSecs": "A String", # Period in seconds between consecutive syncs. Default: 15.
           },
+          "preventDrift": True or False, # Set to true to enable the Config Sync admission webhook to prevent drifts. If set to `false`, disables the Config Sync admission webhook and does not prevent drifts.
           "sourceFormat": "A String", # Specifies whether the Config Sync Repo is in “hierarchical” or “unstructured” mode.
         },
         "hierarchyController": { # Configuration for Hierarchy Controller # Hierarchy Controller configuration for the cluster.
@@ -661,12 +664,13 @@ 
Method Details

               "gcpServiceAccountEmail": "A String", # The GCP Service Account Email used for auth when secret_type is gcpServiceAccount.
               "httpsProxy": "A String", # URL for the HTTPS proxy to be used when communicating with the Git repo.
               "policyDir": "A String", # The path within the Git repository that represents the top level of the repo to sync. Default: the root directory of the repository.
-              "secretType": "A String", # Type of secret configured for access to the Git repo.
+              "secretType": "A String", # Type of secret configured for access to the Git repo. Must be one of ssh, cookiefile, gcenode, token, gcpserviceaccount or none. The validation of this is case-sensitive. Required.
               "syncBranch": "A String", # The branch of the repository to sync from. Default: master.
               "syncRepo": "A String", # The URL of the Git repository to use as the source of truth.
               "syncRev": "A String", # Git revision (tag or hash) to check out. Default HEAD.
               "syncWaitSecs": "A String", # Period in seconds between consecutive syncs. Default: 15.
             },
+            "preventDrift": True or False, # Set to true to enable the Config Sync admission webhook to prevent drifts. If set to `false`, disables the Config Sync admission webhook and does not prevent drifts.
             "sourceFormat": "A String", # Specifies whether the Config Sync Repo is in “hierarchical” or “unstructured” mode.
           },
           "hierarchyController": { # Configuration for Hierarchy Controller # Hierarchy Controller configuration for the cluster.
@@ -826,7 +830,7 @@ 
Method Details

 
 Args:
   resource: string, REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. (required)
-  options_requestedPolicyVersion: integer, Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  options_requestedPolicyVersion: integer, Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
@@ -907,12 +911,13 @@ 
Method Details

                 "gcpServiceAccountEmail": "A String", # The GCP Service Account Email used for auth when secret_type is gcpServiceAccount.
                 "httpsProxy": "A String", # URL for the HTTPS proxy to be used when communicating with the Git repo.
                 "policyDir": "A String", # The path within the Git repository that represents the top level of the repo to sync. Default: the root directory of the repository.
-                "secretType": "A String", # Type of secret configured for access to the Git repo.
+                "secretType": "A String", # Type of secret configured for access to the Git repo. Must be one of ssh, cookiefile, gcenode, token, gcpserviceaccount or none. The validation of this is case-sensitive. Required.
                 "syncBranch": "A String", # The branch of the repository to sync from. Default: master.
                 "syncRepo": "A String", # The URL of the Git repository to use as the source of truth.
                 "syncRev": "A String", # Git revision (tag or hash) to check out. Default HEAD.
                 "syncWaitSecs": "A String", # Period in seconds between consecutive syncs. Default: 15.
               },
+              "preventDrift": True or False, # Set to true to enable the Config Sync admission webhook to prevent drifts. If set to `false`, disables the Config Sync admission webhook and does not prevent drifts.
               "sourceFormat": "A String", # Specifies whether the Config Sync Repo is in “hierarchical” or “unstructured” mode.
             },
             "hierarchyController": { # Configuration for Hierarchy Controller # Hierarchy Controller configuration for the cluster.
@@ -1040,12 +1045,13 @@ 
Method Details

                   "gcpServiceAccountEmail": "A String", # The GCP Service Account Email used for auth when secret_type is gcpServiceAccount.
                   "httpsProxy": "A String", # URL for the HTTPS proxy to be used when communicating with the Git repo.
                   "policyDir": "A String", # The path within the Git repository that represents the top level of the repo to sync. Default: the root directory of the repository.
-                  "secretType": "A String", # Type of secret configured for access to the Git repo.
+                  "secretType": "A String", # Type of secret configured for access to the Git repo. Must be one of ssh, cookiefile, gcenode, token, gcpserviceaccount or none. The validation of this is case-sensitive. Required.
                   "syncBranch": "A String", # The branch of the repository to sync from. Default: master.
                   "syncRepo": "A String", # The URL of the Git repository to use as the source of truth.
                   "syncRev": "A String", # Git revision (tag or hash) to check out. Default HEAD.
                   "syncWaitSecs": "A String", # Period in seconds between consecutive syncs. Default: 15.
                 },
+                "preventDrift": True or False, # Set to true to enable the Config Sync admission webhook to prevent drifts. If set to `false`, disables the Config Sync admission webhook and does not prevent drifts.
                 "sourceFormat": "A String", # Specifies whether the Config Sync Repo is in “hierarchical” or “unstructured” mode.
               },
               "hierarchyController": { # Configuration for Hierarchy Controller # Hierarchy Controller configuration for the cluster.
@@ -1242,12 +1248,13 @@ 
Method Details

             "gcpServiceAccountEmail": "A String", # The GCP Service Account Email used for auth when secret_type is gcpServiceAccount.
             "httpsProxy": "A String", # URL for the HTTPS proxy to be used when communicating with the Git repo.
             "policyDir": "A String", # The path within the Git repository that represents the top level of the repo to sync. Default: the root directory of the repository.
-            "secretType": "A String", # Type of secret configured for access to the Git repo.
+            "secretType": "A String", # Type of secret configured for access to the Git repo. Must be one of ssh, cookiefile, gcenode, token, gcpserviceaccount or none. The validation of this is case-sensitive. Required.
             "syncBranch": "A String", # The branch of the repository to sync from. Default: master.
             "syncRepo": "A String", # The URL of the Git repository to use as the source of truth.
             "syncRev": "A String", # Git revision (tag or hash) to check out. Default HEAD.
             "syncWaitSecs": "A String", # Period in seconds between consecutive syncs. Default: 15.
           },
+          "preventDrift": True or False, # Set to true to enable the Config Sync admission webhook to prevent drifts. If set to `false`, disables the Config Sync admission webhook and does not prevent drifts.
           "sourceFormat": "A String", # Specifies whether the Config Sync Repo is in “hierarchical” or “unstructured” mode.
         },
         "hierarchyController": { # Configuration for Hierarchy Controller # Hierarchy Controller configuration for the cluster.
@@ -1375,12 +1382,13 @@ 
Method Details

               "gcpServiceAccountEmail": "A String", # The GCP Service Account Email used for auth when secret_type is gcpServiceAccount.
               "httpsProxy": "A String", # URL for the HTTPS proxy to be used when communicating with the Git repo.
               "policyDir": "A String", # The path within the Git repository that represents the top level of the repo to sync. Default: the root directory of the repository.
-              "secretType": "A String", # Type of secret configured for access to the Git repo.
+              "secretType": "A String", # Type of secret configured for access to the Git repo. Must be one of ssh, cookiefile, gcenode, token, gcpserviceaccount or none. The validation of this is case-sensitive. Required.
               "syncBranch": "A String", # The branch of the repository to sync from. Default: master.
               "syncRepo": "A String", # The URL of the Git repository to use as the source of truth.
               "syncRev": "A String", # Git revision (tag or hash) to check out. Default HEAD.
               "syncWaitSecs": "A String", # Period in seconds between consecutive syncs. Default: 15.
             },
+            "preventDrift": True or False, # Set to true to enable the Config Sync admission webhook to prevent drifts. If set to `false`, disables the Config Sync admission webhook and does not prevent drifts.
             "sourceFormat": "A String", # Specifies whether the Config Sync Repo is in “hierarchical” or “unstructured” mode.
           },
           "hierarchyController": { # Configuration for Hierarchy Controller # Hierarchy Controller configuration for the cluster.
diff --git a/docs/dyn/gkehub_v1alpha.projects.locations.memberships.html b/docs/dyn/gkehub_v1alpha.projects.locations.memberships.html
index 6cd6183c1e2..afb187924bb 100644
--- a/docs/dyn/gkehub_v1alpha.projects.locations.memberships.html
+++ b/docs/dyn/gkehub_v1alpha.projects.locations.memberships.html
@@ -151,6 +151,25 @@ 
Method Details

       "updateTime": "A String", # Output only. The time at which these details were last updated. This update_time is different from the Membership-level update_time since EndpointDetails are updated internally for API consumers.
       "vcpuCount": 42, # Output only. vCPU count as reported by Kubernetes nodes resources.
     },
+    "kubernetesResource": { # KubernetesResource contains the YAML manifests and configuration for Membership Kubernetes resources in the cluster. After CreateMembership or UpdateMembership, these resources should be re-applied in the cluster. # Optional. The in-cluster Kubernetes Resources that should be applied for a correctly registered cluster, in the steady state. These resources: * Ensure that the cluster is exclusively registered to one and only one Hub Membership. * Propagate Workload Pool Information available in the Membership Authority field. * Ensure proper initial configuration of default Hub Features.
+      "connectResources": [ # Output only. The Kubernetes resources for installing the GKE Connect agent This field is only populated in the Membership returned from a successful long-running operation from CreateMembership or UpdateMembership. It is not populated during normal GetMembership or ListMemberships requests. To get the resource manifest after the initial registration, the caller should make a UpdateMembership call with an empty field mask.
+        { # ResourceManifest represents a single Kubernetes resource to be applied to the cluster.
+          "clusterScoped": True or False, # Whether the resource provided in the manifest is `cluster_scoped`. If unset, the manifest is assumed to be namespace scoped. This field is used for REST mapping when applying the resource in a cluster.
+          "manifest": "A String", # YAML manifest of the resource.
+        },
+      ],
+      "membershipCrManifest": "A String", # Input only. The YAML representation of the Membership CR. This field is ignored for GKE clusters where Hub can read the CR directly. Callers should provide the CR that is currently present in the cluster during CreateMembership or UpdateMembership, or leave this field empty if none exists. The CR manifest is used to validate the cluster has not been registered with another Membership.
+      "membershipResources": [ # Output only. Additional Kubernetes resources that need to be applied to the cluster after Membership creation, and after every update. This field is only populated in the Membership returned from a successful long-running operation from CreateMembership or UpdateMembership. It is not populated during normal GetMembership or ListMemberships requests. To get the resource manifest after the initial registration, the caller should make a UpdateMembership call with an empty field mask.
+        { # ResourceManifest represents a single Kubernetes resource to be applied to the cluster.
+          "clusterScoped": True or False, # Whether the resource provided in the manifest is `cluster_scoped`. If unset, the manifest is assumed to be namespace scoped. This field is used for REST mapping when applying the resource in a cluster.
+          "manifest": "A String", # YAML manifest of the resource.
+        },
+      ],
+      "resourceOptions": { # ResourceOptions represent options for Kubernetes resource generation. # Optional. Options for Kubernetes resource generation.
+        "connectVersion": "A String", # Optional. The Connect agent version to use for connect_resources. Defaults to the latest GKE Connect version. The version must be a currently supported version, obsolete versions will be rejected.
+        "v1beta1Crd": True or False, # Optional. Use `apiextensions/v1beta1` instead of `apiextensions/v1` for CustomResourceDefinition resources. This option should be set for clusters with Kubernetes apiserver versions <1.16.
+      },
+    },
     "multiCloudCluster": { # MultiCloudCluster contains information specific to GKE Multi-Cloud clusters. # Optional. Specific information for a GKE Multi-Cloud cluster.
       "clusterMissing": True or False, # Output only. If cluster_missing is set then it denotes that API(gkemulticloud.googleapis.com) resource for this GKE Multi-Cloud cluster no longer exists.
       "resourceLink": "A String", # Immutable. Self-link of the GCP resource for the GKE Multi-Cloud cluster. For example: //gkemulticloud.googleapis.com/projects/my-project/locations/us-west1-a/awsClusters/my-cluster //gkemulticloud.googleapis.com/projects/my-project/locations/us-west1-a/azureClusters/my-cluster
@@ -311,6 +330,25 @@ 
Method Details

       "updateTime": "A String", # Output only. The time at which these details were last updated. This update_time is different from the Membership-level update_time since EndpointDetails are updated internally for API consumers.
       "vcpuCount": 42, # Output only. vCPU count as reported by Kubernetes nodes resources.
     },
+    "kubernetesResource": { # KubernetesResource contains the YAML manifests and configuration for Membership Kubernetes resources in the cluster. After CreateMembership or UpdateMembership, these resources should be re-applied in the cluster. # Optional. The in-cluster Kubernetes Resources that should be applied for a correctly registered cluster, in the steady state. These resources: * Ensure that the cluster is exclusively registered to one and only one Hub Membership. * Propagate Workload Pool Information available in the Membership Authority field. * Ensure proper initial configuration of default Hub Features.
+      "connectResources": [ # Output only. The Kubernetes resources for installing the GKE Connect agent This field is only populated in the Membership returned from a successful long-running operation from CreateMembership or UpdateMembership. It is not populated during normal GetMembership or ListMemberships requests. To get the resource manifest after the initial registration, the caller should make a UpdateMembership call with an empty field mask.
+        { # ResourceManifest represents a single Kubernetes resource to be applied to the cluster.
+          "clusterScoped": True or False, # Whether the resource provided in the manifest is `cluster_scoped`. If unset, the manifest is assumed to be namespace scoped. This field is used for REST mapping when applying the resource in a cluster.
+          "manifest": "A String", # YAML manifest of the resource.
+        },
+      ],
+      "membershipCrManifest": "A String", # Input only. The YAML representation of the Membership CR. This field is ignored for GKE clusters where Hub can read the CR directly. Callers should provide the CR that is currently present in the cluster during CreateMembership or UpdateMembership, or leave this field empty if none exists. The CR manifest is used to validate the cluster has not been registered with another Membership.
+      "membershipResources": [ # Output only. Additional Kubernetes resources that need to be applied to the cluster after Membership creation, and after every update. This field is only populated in the Membership returned from a successful long-running operation from CreateMembership or UpdateMembership. It is not populated during normal GetMembership or ListMemberships requests. To get the resource manifest after the initial registration, the caller should make a UpdateMembership call with an empty field mask.
+        { # ResourceManifest represents a single Kubernetes resource to be applied to the cluster.
+          "clusterScoped": True or False, # Whether the resource provided in the manifest is `cluster_scoped`. If unset, the manifest is assumed to be namespace scoped. This field is used for REST mapping when applying the resource in a cluster.
+          "manifest": "A String", # YAML manifest of the resource.
+        },
+      ],
+      "resourceOptions": { # ResourceOptions represent options for Kubernetes resource generation. # Optional. Options for Kubernetes resource generation.
+        "connectVersion": "A String", # Optional. The Connect agent version to use for connect_resources. Defaults to the latest GKE Connect version. The version must be a currently supported version, obsolete versions will be rejected.
+        "v1beta1Crd": True or False, # Optional. Use `apiextensions/v1beta1` instead of `apiextensions/v1` for CustomResourceDefinition resources. This option should be set for clusters with Kubernetes apiserver versions <1.16.
+      },
+    },
     "multiCloudCluster": { # MultiCloudCluster contains information specific to GKE Multi-Cloud clusters. # Optional. Specific information for a GKE Multi-Cloud cluster.
       "clusterMissing": True or False, # Output only. If cluster_missing is set then it denotes that API(gkemulticloud.googleapis.com) resource for this GKE Multi-Cloud cluster no longer exists.
       "resourceLink": "A String", # Immutable. Self-link of the GCP resource for the GKE Multi-Cloud cluster. For example: //gkemulticloud.googleapis.com/projects/my-project/locations/us-west1-a/awsClusters/my-cluster //gkemulticloud.googleapis.com/projects/my-project/locations/us-west1-a/azureClusters/my-cluster
@@ -341,7 +379,7 @@ 
Method Details

 
 Args:
   resource: string, REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. (required)
-  options_requestedPolicyVersion: integer, Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  options_requestedPolicyVersion: integer, Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
@@ -427,6 +465,25 @@ 
Method Details

           "updateTime": "A String", # Output only. The time at which these details were last updated. This update_time is different from the Membership-level update_time since EndpointDetails are updated internally for API consumers.
           "vcpuCount": 42, # Output only. vCPU count as reported by Kubernetes nodes resources.
         },
+        "kubernetesResource": { # KubernetesResource contains the YAML manifests and configuration for Membership Kubernetes resources in the cluster. After CreateMembership or UpdateMembership, these resources should be re-applied in the cluster. # Optional. The in-cluster Kubernetes Resources that should be applied for a correctly registered cluster, in the steady state. These resources: * Ensure that the cluster is exclusively registered to one and only one Hub Membership. * Propagate Workload Pool Information available in the Membership Authority field. * Ensure proper initial configuration of default Hub Features.
+          "connectResources": [ # Output only. The Kubernetes resources for installing the GKE Connect agent This field is only populated in the Membership returned from a successful long-running operation from CreateMembership or UpdateMembership. It is not populated during normal GetMembership or ListMemberships requests. To get the resource manifest after the initial registration, the caller should make a UpdateMembership call with an empty field mask.
+            { # ResourceManifest represents a single Kubernetes resource to be applied to the cluster.
+              "clusterScoped": True or False, # Whether the resource provided in the manifest is `cluster_scoped`. If unset, the manifest is assumed to be namespace scoped. This field is used for REST mapping when applying the resource in a cluster.
+              "manifest": "A String", # YAML manifest of the resource.
+            },
+          ],
+          "membershipCrManifest": "A String", # Input only. The YAML representation of the Membership CR. This field is ignored for GKE clusters where Hub can read the CR directly. Callers should provide the CR that is currently present in the cluster during CreateMembership or UpdateMembership, or leave this field empty if none exists. The CR manifest is used to validate the cluster has not been registered with another Membership.
+          "membershipResources": [ # Output only. Additional Kubernetes resources that need to be applied to the cluster after Membership creation, and after every update. This field is only populated in the Membership returned from a successful long-running operation from CreateMembership or UpdateMembership. It is not populated during normal GetMembership or ListMemberships requests. To get the resource manifest after the initial registration, the caller should make a UpdateMembership call with an empty field mask.
+            { # ResourceManifest represents a single Kubernetes resource to be applied to the cluster.
+              "clusterScoped": True or False, # Whether the resource provided in the manifest is `cluster_scoped`. If unset, the manifest is assumed to be namespace scoped. This field is used for REST mapping when applying the resource in a cluster.
+              "manifest": "A String", # YAML manifest of the resource.
+            },
+          ],
+          "resourceOptions": { # ResourceOptions represent options for Kubernetes resource generation. # Optional. Options for Kubernetes resource generation.
+            "connectVersion": "A String", # Optional. The Connect agent version to use for connect_resources. Defaults to the latest GKE Connect version. The version must be a currently supported version, obsolete versions will be rejected.
+            "v1beta1Crd": True or False, # Optional. Use `apiextensions/v1beta1` instead of `apiextensions/v1` for CustomResourceDefinition resources. This option should be set for clusters with Kubernetes apiserver versions <1.16.
+          },
+        },
         "multiCloudCluster": { # MultiCloudCluster contains information specific to GKE Multi-Cloud clusters. # Optional. Specific information for a GKE Multi-Cloud cluster.
           "clusterMissing": True or False, # Output only. If cluster_missing is set then it denotes that API(gkemulticloud.googleapis.com) resource for this GKE Multi-Cloud cluster no longer exists.
           "resourceLink": "A String", # Immutable. Self-link of the GCP resource for the GKE Multi-Cloud cluster. For example: //gkemulticloud.googleapis.com/projects/my-project/locations/us-west1-a/awsClusters/my-cluster //gkemulticloud.googleapis.com/projects/my-project/locations/us-west1-a/azureClusters/my-cluster
@@ -499,6 +556,25 @@ 
Method Details

           "updateTime": "A String", # Output only. The time at which these details were last updated. This update_time is different from the Membership-level update_time since EndpointDetails are updated internally for API consumers.
           "vcpuCount": 42, # Output only. vCPU count as reported by Kubernetes nodes resources.
         },
+        "kubernetesResource": { # KubernetesResource contains the YAML manifests and configuration for Membership Kubernetes resources in the cluster. After CreateMembership or UpdateMembership, these resources should be re-applied in the cluster. # Optional. The in-cluster Kubernetes Resources that should be applied for a correctly registered cluster, in the steady state. These resources: * Ensure that the cluster is exclusively registered to one and only one Hub Membership. * Propagate Workload Pool Information available in the Membership Authority field. * Ensure proper initial configuration of default Hub Features.
+          "connectResources": [ # Output only. The Kubernetes resources for installing the GKE Connect agent This field is only populated in the Membership returned from a successful long-running operation from CreateMembership or UpdateMembership. It is not populated during normal GetMembership or ListMemberships requests. To get the resource manifest after the initial registration, the caller should make a UpdateMembership call with an empty field mask.
+            { # ResourceManifest represents a single Kubernetes resource to be applied to the cluster.
+              "clusterScoped": True or False, # Whether the resource provided in the manifest is `cluster_scoped`. If unset, the manifest is assumed to be namespace scoped. This field is used for REST mapping when applying the resource in a cluster.
+              "manifest": "A String", # YAML manifest of the resource.
+            },
+          ],
+          "membershipCrManifest": "A String", # Input only. The YAML representation of the Membership CR. This field is ignored for GKE clusters where Hub can read the CR directly. Callers should provide the CR that is currently present in the cluster during CreateMembership or UpdateMembership, or leave this field empty if none exists. The CR manifest is used to validate the cluster has not been registered with another Membership.
+          "membershipResources": [ # Output only. Additional Kubernetes resources that need to be applied to the cluster after Membership creation, and after every update. This field is only populated in the Membership returned from a successful long-running operation from CreateMembership or UpdateMembership. It is not populated during normal GetMembership or ListMemberships requests. To get the resource manifest after the initial registration, the caller should make a UpdateMembership call with an empty field mask.
+            { # ResourceManifest represents a single Kubernetes resource to be applied to the cluster.
+              "clusterScoped": True or False, # Whether the resource provided in the manifest is `cluster_scoped`. If unset, the manifest is assumed to be namespace scoped. This field is used for REST mapping when applying the resource in a cluster.
+              "manifest": "A String", # YAML manifest of the resource.
+            },
+          ],
+          "resourceOptions": { # ResourceOptions represent options for Kubernetes resource generation. # Optional. Options for Kubernetes resource generation.
+            "connectVersion": "A String", # Optional. The Connect agent version to use for connect_resources. Defaults to the latest GKE Connect version. The version must be a currently supported version, obsolete versions will be rejected.
+            "v1beta1Crd": True or False, # Optional. Use `apiextensions/v1beta1` instead of `apiextensions/v1` for CustomResourceDefinition resources. This option should be set for clusters with Kubernetes apiserver versions <1.16.
+          },
+        },
         "multiCloudCluster": { # MultiCloudCluster contains information specific to GKE Multi-Cloud clusters. # Optional. Specific information for a GKE Multi-Cloud cluster.
           "clusterMissing": True or False, # Output only. If cluster_missing is set then it denotes that API(gkemulticloud.googleapis.com) resource for this GKE Multi-Cloud cluster no longer exists.
           "resourceLink": "A String", # Immutable. Self-link of the GCP resource for the GKE Multi-Cloud cluster. For example: //gkemulticloud.googleapis.com/projects/my-project/locations/us-west1-a/awsClusters/my-cluster //gkemulticloud.googleapis.com/projects/my-project/locations/us-west1-a/azureClusters/my-cluster
@@ -589,6 +665,25 @@ 
Method Details

       "updateTime": "A String", # Output only. The time at which these details were last updated. This update_time is different from the Membership-level update_time since EndpointDetails are updated internally for API consumers.
       "vcpuCount": 42, # Output only. vCPU count as reported by Kubernetes nodes resources.
     },
+    "kubernetesResource": { # KubernetesResource contains the YAML manifests and configuration for Membership Kubernetes resources in the cluster. After CreateMembership or UpdateMembership, these resources should be re-applied in the cluster. # Optional. The in-cluster Kubernetes Resources that should be applied for a correctly registered cluster, in the steady state. These resources: * Ensure that the cluster is exclusively registered to one and only one Hub Membership. * Propagate Workload Pool Information available in the Membership Authority field. * Ensure proper initial configuration of default Hub Features.
+      "connectResources": [ # Output only. The Kubernetes resources for installing the GKE Connect agent This field is only populated in the Membership returned from a successful long-running operation from CreateMembership or UpdateMembership. It is not populated during normal GetMembership or ListMemberships requests. To get the resource manifest after the initial registration, the caller should make a UpdateMembership call with an empty field mask.
+        { # ResourceManifest represents a single Kubernetes resource to be applied to the cluster.
+          "clusterScoped": True or False, # Whether the resource provided in the manifest is `cluster_scoped`. If unset, the manifest is assumed to be namespace scoped. This field is used for REST mapping when applying the resource in a cluster.
+          "manifest": "A String", # YAML manifest of the resource.
+        },
+      ],
+      "membershipCrManifest": "A String", # Input only. The YAML representation of the Membership CR. This field is ignored for GKE clusters where Hub can read the CR directly. Callers should provide the CR that is currently present in the cluster during CreateMembership or UpdateMembership, or leave this field empty if none exists. The CR manifest is used to validate the cluster has not been registered with another Membership.
+      "membershipResources": [ # Output only. Additional Kubernetes resources that need to be applied to the cluster after Membership creation, and after every update. This field is only populated in the Membership returned from a successful long-running operation from CreateMembership or UpdateMembership. It is not populated during normal GetMembership or ListMemberships requests. To get the resource manifest after the initial registration, the caller should make a UpdateMembership call with an empty field mask.
+        { # ResourceManifest represents a single Kubernetes resource to be applied to the cluster.
+          "clusterScoped": True or False, # Whether the resource provided in the manifest is `cluster_scoped`. If unset, the manifest is assumed to be namespace scoped. This field is used for REST mapping when applying the resource in a cluster.
+          "manifest": "A String", # YAML manifest of the resource.
+        },
+      ],
+      "resourceOptions": { # ResourceOptions represent options for Kubernetes resource generation. # Optional. Options for Kubernetes resource generation.
+        "connectVersion": "A String", # Optional. The Connect agent version to use for connect_resources. Defaults to the latest GKE Connect version. The version must be a currently supported version, obsolete versions will be rejected.
+        "v1beta1Crd": True or False, # Optional. Use `apiextensions/v1beta1` instead of `apiextensions/v1` for CustomResourceDefinition resources. This option should be set for clusters with Kubernetes apiserver versions <1.16.
+      },
+    },
     "multiCloudCluster": { # MultiCloudCluster contains information specific to GKE Multi-Cloud clusters. # Optional. Specific information for a GKE Multi-Cloud cluster.
       "clusterMissing": True or False, # Output only. If cluster_missing is set then it denotes that API(gkemulticloud.googleapis.com) resource for this GKE Multi-Cloud cluster no longer exists.
       "resourceLink": "A String", # Immutable. Self-link of the GCP resource for the GKE Multi-Cloud cluster. For example: //gkemulticloud.googleapis.com/projects/my-project/locations/us-west1-a/awsClusters/my-cluster //gkemulticloud.googleapis.com/projects/my-project/locations/us-west1-a/azureClusters/my-cluster
diff --git a/docs/dyn/gkehub_v1alpha2.projects.locations.memberships.html b/docs/dyn/gkehub_v1alpha2.projects.locations.memberships.html
index 1233319742c..e79ac253549 100644
--- a/docs/dyn/gkehub_v1alpha2.projects.locations.memberships.html
+++ b/docs/dyn/gkehub_v1alpha2.projects.locations.memberships.html
@@ -373,7 +373,7 @@ 
Method Details

 
 Args:
   resource: string, REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. (required)
-  options_requestedPolicyVersion: integer, Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  options_requestedPolicyVersion: integer, Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
diff --git a/docs/dyn/gkehub_v1beta.projects.locations.features.html b/docs/dyn/gkehub_v1beta.projects.locations.features.html
index d960fc2ff31..f91912fbea6 100644
--- a/docs/dyn/gkehub_v1beta.projects.locations.features.html
+++ b/docs/dyn/gkehub_v1beta.projects.locations.features.html
@@ -137,12 +137,13 @@ 
Method Details

             "gcpServiceAccountEmail": "A String", # The GCP Service Account Email used for auth when secret_type is gcpServiceAccount.
             "httpsProxy": "A String", # URL for the HTTPS proxy to be used when communicating with the Git repo.
             "policyDir": "A String", # The path within the Git repository that represents the top level of the repo to sync. Default: the root directory of the repository.
-            "secretType": "A String", # Type of secret configured for access to the Git repo.
+            "secretType": "A String", # Type of secret configured for access to the Git repo. Must be one of ssh, cookiefile, gcenode, token, gcpserviceaccount or none. The validation of this is case-sensitive. Required.
             "syncBranch": "A String", # The branch of the repository to sync from. Default: master.
             "syncRepo": "A String", # The URL of the Git repository to use as the source of truth.
             "syncRev": "A String", # Git revision (tag or hash) to check out. Default HEAD.
             "syncWaitSecs": "A String", # Period in seconds between consecutive syncs. Default: 15.
           },
+          "preventDrift": True or False, # Set to true to enable the Config Sync admission webhook to prevent drifts. If set to `false`, disables the Config Sync admission webhook and does not prevent drifts.
           "sourceFormat": "A String", # Specifies whether the Config Sync Repo is in “hierarchical” or “unstructured” mode.
         },
         "hierarchyController": { # Configuration for Hierarchy Controller # Hierarchy Controller configuration for the cluster.
@@ -267,12 +268,13 @@ 
Method Details

               "gcpServiceAccountEmail": "A String", # The GCP Service Account Email used for auth when secret_type is gcpServiceAccount.
               "httpsProxy": "A String", # URL for the HTTPS proxy to be used when communicating with the Git repo.
               "policyDir": "A String", # The path within the Git repository that represents the top level of the repo to sync. Default: the root directory of the repository.
-              "secretType": "A String", # Type of secret configured for access to the Git repo.
+              "secretType": "A String", # Type of secret configured for access to the Git repo. Must be one of ssh, cookiefile, gcenode, token, gcpserviceaccount or none. The validation of this is case-sensitive. Required.
               "syncBranch": "A String", # The branch of the repository to sync from. Default: master.
               "syncRepo": "A String", # The URL of the Git repository to use as the source of truth.
               "syncRev": "A String", # Git revision (tag or hash) to check out. Default HEAD.
               "syncWaitSecs": "A String", # Period in seconds between consecutive syncs. Default: 15.
             },
+            "preventDrift": True or False, # Set to true to enable the Config Sync admission webhook to prevent drifts. If set to `false`, disables the Config Sync admission webhook and does not prevent drifts.
             "sourceFormat": "A String", # Specifies whether the Config Sync Repo is in “hierarchical” or “unstructured” mode.
           },
           "hierarchyController": { # Configuration for Hierarchy Controller # Hierarchy Controller configuration for the cluster.
@@ -476,12 +478,13 @@ 
Method Details

             "gcpServiceAccountEmail": "A String", # The GCP Service Account Email used for auth when secret_type is gcpServiceAccount.
             "httpsProxy": "A String", # URL for the HTTPS proxy to be used when communicating with the Git repo.
             "policyDir": "A String", # The path within the Git repository that represents the top level of the repo to sync. Default: the root directory of the repository.
-            "secretType": "A String", # Type of secret configured for access to the Git repo.
+            "secretType": "A String", # Type of secret configured for access to the Git repo. Must be one of ssh, cookiefile, gcenode, token, gcpserviceaccount or none. The validation of this is case-sensitive. Required.
             "syncBranch": "A String", # The branch of the repository to sync from. Default: master.
             "syncRepo": "A String", # The URL of the Git repository to use as the source of truth.
             "syncRev": "A String", # Git revision (tag or hash) to check out. Default HEAD.
             "syncWaitSecs": "A String", # Period in seconds between consecutive syncs. Default: 15.
           },
+          "preventDrift": True or False, # Set to true to enable the Config Sync admission webhook to prevent drifts. If set to `false`, disables the Config Sync admission webhook and does not prevent drifts.
           "sourceFormat": "A String", # Specifies whether the Config Sync Repo is in “hierarchical” or “unstructured” mode.
         },
         "hierarchyController": { # Configuration for Hierarchy Controller # Hierarchy Controller configuration for the cluster.
@@ -606,12 +609,13 @@ 
Method Details

               "gcpServiceAccountEmail": "A String", # The GCP Service Account Email used for auth when secret_type is gcpServiceAccount.
               "httpsProxy": "A String", # URL for the HTTPS proxy to be used when communicating with the Git repo.
               "policyDir": "A String", # The path within the Git repository that represents the top level of the repo to sync. Default: the root directory of the repository.
-              "secretType": "A String", # Type of secret configured for access to the Git repo.
+              "secretType": "A String", # Type of secret configured for access to the Git repo. Must be one of ssh, cookiefile, gcenode, token, gcpserviceaccount or none. The validation of this is case-sensitive. Required.
               "syncBranch": "A String", # The branch of the repository to sync from. Default: master.
               "syncRepo": "A String", # The URL of the Git repository to use as the source of truth.
               "syncRev": "A String", # Git revision (tag or hash) to check out. Default HEAD.
               "syncWaitSecs": "A String", # Period in seconds between consecutive syncs. Default: 15.
             },
+            "preventDrift": True or False, # Set to true to enable the Config Sync admission webhook to prevent drifts. If set to `false`, disables the Config Sync admission webhook and does not prevent drifts.
             "sourceFormat": "A String", # Specifies whether the Config Sync Repo is in “hierarchical” or “unstructured” mode.
           },
           "hierarchyController": { # Configuration for Hierarchy Controller # Hierarchy Controller configuration for the cluster.
@@ -722,7 +726,7 @@ 
Method Details

 
 Args:
   resource: string, REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. (required)
-  options_requestedPolicyVersion: integer, Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  options_requestedPolicyVersion: integer, Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
@@ -803,12 +807,13 @@ 
Method Details

                 "gcpServiceAccountEmail": "A String", # The GCP Service Account Email used for auth when secret_type is gcpServiceAccount.
                 "httpsProxy": "A String", # URL for the HTTPS proxy to be used when communicating with the Git repo.
                 "policyDir": "A String", # The path within the Git repository that represents the top level of the repo to sync. Default: the root directory of the repository.
-                "secretType": "A String", # Type of secret configured for access to the Git repo.
+                "secretType": "A String", # Type of secret configured for access to the Git repo. Must be one of ssh, cookiefile, gcenode, token, gcpserviceaccount or none. The validation of this is case-sensitive. Required.
                 "syncBranch": "A String", # The branch of the repository to sync from. Default: master.
                 "syncRepo": "A String", # The URL of the Git repository to use as the source of truth.
                 "syncRev": "A String", # Git revision (tag or hash) to check out. Default HEAD.
                 "syncWaitSecs": "A String", # Period in seconds between consecutive syncs. Default: 15.
               },
+              "preventDrift": True or False, # Set to true to enable the Config Sync admission webhook to prevent drifts. If set to `false`, disables the Config Sync admission webhook and does not prevent drifts.
               "sourceFormat": "A String", # Specifies whether the Config Sync Repo is in “hierarchical” or “unstructured” mode.
             },
             "hierarchyController": { # Configuration for Hierarchy Controller # Hierarchy Controller configuration for the cluster.
@@ -933,12 +938,13 @@ 
Method Details

                   "gcpServiceAccountEmail": "A String", # The GCP Service Account Email used for auth when secret_type is gcpServiceAccount.
                   "httpsProxy": "A String", # URL for the HTTPS proxy to be used when communicating with the Git repo.
                   "policyDir": "A String", # The path within the Git repository that represents the top level of the repo to sync. Default: the root directory of the repository.
-                  "secretType": "A String", # Type of secret configured for access to the Git repo.
+                  "secretType": "A String", # Type of secret configured for access to the Git repo. Must be one of ssh, cookiefile, gcenode, token, gcpserviceaccount or none. The validation of this is case-sensitive. Required.
                   "syncBranch": "A String", # The branch of the repository to sync from. Default: master.
                   "syncRepo": "A String", # The URL of the Git repository to use as the source of truth.
                   "syncRev": "A String", # Git revision (tag or hash) to check out. Default HEAD.
                   "syncWaitSecs": "A String", # Period in seconds between consecutive syncs. Default: 15.
                 },
+                "preventDrift": True or False, # Set to true to enable the Config Sync admission webhook to prevent drifts. If set to `false`, disables the Config Sync admission webhook and does not prevent drifts.
                 "sourceFormat": "A String", # Specifies whether the Config Sync Repo is in “hierarchical” or “unstructured” mode.
               },
               "hierarchyController": { # Configuration for Hierarchy Controller # Hierarchy Controller configuration for the cluster.
@@ -1086,12 +1092,13 @@ 
Method Details

             "gcpServiceAccountEmail": "A String", # The GCP Service Account Email used for auth when secret_type is gcpServiceAccount.
             "httpsProxy": "A String", # URL for the HTTPS proxy to be used when communicating with the Git repo.
             "policyDir": "A String", # The path within the Git repository that represents the top level of the repo to sync. Default: the root directory of the repository.
-            "secretType": "A String", # Type of secret configured for access to the Git repo.
+            "secretType": "A String", # Type of secret configured for access to the Git repo. Must be one of ssh, cookiefile, gcenode, token, gcpserviceaccount or none. The validation of this is case-sensitive. Required.
             "syncBranch": "A String", # The branch of the repository to sync from. Default: master.
             "syncRepo": "A String", # The URL of the Git repository to use as the source of truth.
             "syncRev": "A String", # Git revision (tag or hash) to check out. Default HEAD.
             "syncWaitSecs": "A String", # Period in seconds between consecutive syncs. Default: 15.
           },
+          "preventDrift": True or False, # Set to true to enable the Config Sync admission webhook to prevent drifts. If set to `false`, disables the Config Sync admission webhook and does not prevent drifts.
           "sourceFormat": "A String", # Specifies whether the Config Sync Repo is in “hierarchical” or “unstructured” mode.
         },
         "hierarchyController": { # Configuration for Hierarchy Controller # Hierarchy Controller configuration for the cluster.
@@ -1216,12 +1223,13 @@ 
Method Details

               "gcpServiceAccountEmail": "A String", # The GCP Service Account Email used for auth when secret_type is gcpServiceAccount.
               "httpsProxy": "A String", # URL for the HTTPS proxy to be used when communicating with the Git repo.
               "policyDir": "A String", # The path within the Git repository that represents the top level of the repo to sync. Default: the root directory of the repository.
-              "secretType": "A String", # Type of secret configured for access to the Git repo.
+              "secretType": "A String", # Type of secret configured for access to the Git repo. Must be one of ssh, cookiefile, gcenode, token, gcpserviceaccount or none. The validation of this is case-sensitive. Required.
               "syncBranch": "A String", # The branch of the repository to sync from. Default: master.
               "syncRepo": "A String", # The URL of the Git repository to use as the source of truth.
               "syncRev": "A String", # Git revision (tag or hash) to check out. Default HEAD.
               "syncWaitSecs": "A String", # Period in seconds between consecutive syncs. Default: 15.
             },
+            "preventDrift": True or False, # Set to true to enable the Config Sync admission webhook to prevent drifts. If set to `false`, disables the Config Sync admission webhook and does not prevent drifts.
             "sourceFormat": "A String", # Specifies whether the Config Sync Repo is in “hierarchical” or “unstructured” mode.
           },
           "hierarchyController": { # Configuration for Hierarchy Controller # Hierarchy Controller configuration for the cluster.
diff --git a/docs/dyn/gkehub_v1beta.projects.locations.memberships.html b/docs/dyn/gkehub_v1beta.projects.locations.memberships.html
index ca010d17f51..e329116a505 100644
--- a/docs/dyn/gkehub_v1beta.projects.locations.memberships.html
+++ b/docs/dyn/gkehub_v1beta.projects.locations.memberships.html
@@ -98,7 +98,7 @@ 
Method Details

 
 Args:
   resource: string, REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. (required)
-  options_requestedPolicyVersion: integer, Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  options_requestedPolicyVersion: integer, Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
diff --git a/docs/dyn/gkehub_v1beta1.projects.locations.memberships.html b/docs/dyn/gkehub_v1beta1.projects.locations.memberships.html
index c8e37f26bd5..128899f1355 100644
--- a/docs/dyn/gkehub_v1beta1.projects.locations.memberships.html
+++ b/docs/dyn/gkehub_v1beta1.projects.locations.memberships.html
@@ -408,7 +408,7 @@ 
Method Details

 
 Args:
   resource: string, REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. (required)
-  options_requestedPolicyVersion: integer, Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  options_requestedPolicyVersion: integer, Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
diff --git a/docs/dyn/gmail_v1.users.messages.html b/docs/dyn/gmail_v1.users.messages.html
index f156665c899..fb7781893c2 100644
--- a/docs/dyn/gmail_v1.users.messages.html
+++ b/docs/dyn/gmail_v1.users.messages.html
@@ -96,7 +96,7 @@ 
Instance Methods

 
Gets the specified message.

 

   import_(userId, body=None, deleted=None, internalDateSource=None, media_body=None, media_mime_type=None, neverMarkSpam=None, processForCalendar=None, x__xgafv=None)

-
Imports a message into only this user's mailbox, with standard email delivery scanning and classification similar to receiving via SMTP. Does not send a message. Note: This function doesn't trigger forwarding rules or filters set up by the user.

+
Imports a message into only this user's mailbox, with standard email delivery scanning and classification similar to receiving via SMTP. This method doesn't perform SPF checks, so it might not work for some spam messages, such as those attempting to perform domain spoofing. This method does not send a message. Note: This function doesn't trigger forwarding rules or filters set up by the user.

 

   insert(userId, body=None, deleted=None, internalDateSource=None, media_body=None, media_mime_type=None, x__xgafv=None)

 
Directly inserts a message into only this user's mailbox similar to `IMAP APPEND`, bypassing most scanning and classification. Does not send a message.

@@ -245,7 +245,7 @@ 
Method Details

 
 

     import_(userId, body=None, deleted=None, internalDateSource=None, media_body=None, media_mime_type=None, neverMarkSpam=None, processForCalendar=None, x__xgafv=None)
-  
Imports a message into only this user's mailbox, with standard email delivery scanning and classification similar to receiving via SMTP. Does not send a message. Note: This function doesn't trigger forwarding rules or filters set up by the user.
+  
Imports a message into only this user's mailbox, with standard email delivery scanning and classification similar to receiving via SMTP. This method doesn't perform SPF checks, so it might not work for some spam messages, such as those attempting to perform domain spoofing. This method does not send a message. Note: This function doesn't trigger forwarding rules or filters set up by the user.
 
 Args:
   userId: string, The user's email address. The special value `me` can be used to indicate the authenticated user. (required)
diff --git a/docs/dyn/healthcare_v1.projects.locations.datasets.dicomStores.html b/docs/dyn/healthcare_v1.projects.locations.datasets.dicomStores.html
index 15f41dd34d8..3248a322b16 100644
--- a/docs/dyn/healthcare_v1.projects.locations.datasets.dicomStores.html
+++ b/docs/dyn/healthcare_v1.projects.locations.datasets.dicomStores.html
@@ -201,6 +201,7 @@ 
Method Details

       "skipIdRedaction": True or False, # If true, skip replacing StudyInstanceUID, SeriesInstanceUID, SOPInstanceUID, and MediaStorageSOPInstanceUID and leave them untouched. The Cloud Healthcare API regenerates these UIDs by default based on the DICOM Standard's reasoning: "Whilst these UIDs cannot be mapped directly to an individual out of context, given access to the original images, or to a database of the original images containing the UIDs, it would be possible to recover the individual's identity." http://dicom.nema.org/medical/dicom/current/output/chtml/part15/sect_E.3.9.html
     },
     "fhir": { # Specifies how to handle de-identification of a FHIR store. # Configures de-id of application/FHIR content.
+      "defaultKeepExtensions": True or False, # The behaviour for handling FHIR extensions that aren't otherwise specified for de-identification. If true, all extensions are preserved during de-identification by default. If false or unspecified, all extensions are removed during de-identification by default.
       "fieldMetadataList": [ # Specifies FHIR paths to match and how to transform them. Any field that is not matched by a FieldMetadata is passed through to the output dataset unmodified. All extensions will be processed according to `default_keep_extensions`.
         { # Specifies FHIR paths to match, and how to handle de-identification of matching fields.
           "action": "A String", # Deidentify action for one field.
diff --git a/docs/dyn/healthcare_v1.projects.locations.datasets.fhirStores.html b/docs/dyn/healthcare_v1.projects.locations.datasets.fhirStores.html
index 9ec334384bf..7566cc9b687 100644
--- a/docs/dyn/healthcare_v1.projects.locations.datasets.fhirStores.html
+++ b/docs/dyn/healthcare_v1.projects.locations.datasets.fhirStores.html
@@ -241,6 +241,7 @@ 
Method Details

       "skipIdRedaction": True or False, # If true, skip replacing StudyInstanceUID, SeriesInstanceUID, SOPInstanceUID, and MediaStorageSOPInstanceUID and leave them untouched. The Cloud Healthcare API regenerates these UIDs by default based on the DICOM Standard's reasoning: "Whilst these UIDs cannot be mapped directly to an individual out of context, given access to the original images, or to a database of the original images containing the UIDs, it would be possible to recover the individual's identity." http://dicom.nema.org/medical/dicom/current/output/chtml/part15/sect_E.3.9.html
     },
     "fhir": { # Specifies how to handle de-identification of a FHIR store. # Configures de-id of application/FHIR content.
+      "defaultKeepExtensions": True or False, # The behaviour for handling FHIR extensions that aren't otherwise specified for de-identification. If true, all extensions are preserved during de-identification by default. If false or unspecified, all extensions are removed during de-identification by default.
       "fieldMetadataList": [ # Specifies FHIR paths to match and how to transform them. Any field that is not matched by a FieldMetadata is passed through to the output dataset unmodified. All extensions will be processed according to `default_keep_extensions`.
         { # Specifies FHIR paths to match, and how to handle de-identification of matching fields.
           "action": "A String", # Deidentify action for one field.
diff --git a/docs/dyn/healthcare_v1.projects.locations.datasets.html b/docs/dyn/healthcare_v1.projects.locations.datasets.html
index 3fcb7a3f137..c0eb8db3135 100644
--- a/docs/dyn/healthcare_v1.projects.locations.datasets.html
+++ b/docs/dyn/healthcare_v1.projects.locations.datasets.html
@@ -208,6 +208,7 @@ 
Method Details

       "skipIdRedaction": True or False, # If true, skip replacing StudyInstanceUID, SeriesInstanceUID, SOPInstanceUID, and MediaStorageSOPInstanceUID and leave them untouched. The Cloud Healthcare API regenerates these UIDs by default based on the DICOM Standard's reasoning: "Whilst these UIDs cannot be mapped directly to an individual out of context, given access to the original images, or to a database of the original images containing the UIDs, it would be possible to recover the individual's identity." http://dicom.nema.org/medical/dicom/current/output/chtml/part15/sect_E.3.9.html
     },
     "fhir": { # Specifies how to handle de-identification of a FHIR store. # Configures de-id of application/FHIR content.
+      "defaultKeepExtensions": True or False, # The behaviour for handling FHIR extensions that aren't otherwise specified for de-identification. If true, all extensions are preserved during de-identification by default. If false or unspecified, all extensions are removed during de-identification by default.
       "fieldMetadataList": [ # Specifies FHIR paths to match and how to transform them. Any field that is not matched by a FieldMetadata is passed through to the output dataset unmodified. All extensions will be processed according to `default_keep_extensions`.
         { # Specifies FHIR paths to match, and how to handle de-identification of matching fields.
           "action": "A String", # Deidentify action for one field.
diff --git a/docs/dyn/healthcare_v1beta1.projects.locations.datasets.dicomStores.html b/docs/dyn/healthcare_v1beta1.projects.locations.datasets.dicomStores.html
index 88c983bf9ae..fda7970d533 100644
--- a/docs/dyn/healthcare_v1beta1.projects.locations.datasets.dicomStores.html
+++ b/docs/dyn/healthcare_v1beta1.projects.locations.datasets.dicomStores.html
@@ -225,6 +225,7 @@ 
Method Details

       "skipIdRedaction": True or False, # If true, skip replacing StudyInstanceUID, SeriesInstanceUID, SOPInstanceUID, and MediaStorageSOPInstanceUID and leave them untouched. The Cloud Healthcare API regenerates these UIDs by default based on the DICOM Standard's reasoning: "Whilst these UIDs cannot be mapped directly to an individual out of context, given access to the original images, or to a database of the original images containing the UIDs, it would be possible to recover the individual's identity." http://dicom.nema.org/medical/dicom/current/output/chtml/part15/sect_E.3.9.html
     },
     "fhir": { # Specifies how to handle de-identification of a FHIR store. # Configures de-id of application/FHIR content.
+      "defaultKeepExtensions": True or False, # The behaviour for handling FHIR extensions that aren't otherwise specified for de-identification. If true, all extensions are preserved during de-identification by default. If false or unspecified, all extensions are removed during de-identification by default.
       "fieldMetadataList": [ # Specifies FHIR paths to match and how to transform them. Any field that is not matched by a FieldMetadata is passed through to the output dataset unmodified. All extensions will be processed according to `default_keep_extensions`. If a field can be matched by more than one FieldMetadata, the first FieldMetadata.Action is applied.
         { # Specifies FHIR paths to match, and how to handle de-identification of matching fields.
           "action": "A String", # Deidentify action for one field.
diff --git a/docs/dyn/healthcare_v1beta1.projects.locations.datasets.fhirStores.html b/docs/dyn/healthcare_v1beta1.projects.locations.datasets.fhirStores.html
index cd36732497d..732ab80a03f 100644
--- a/docs/dyn/healthcare_v1beta1.projects.locations.datasets.fhirStores.html
+++ b/docs/dyn/healthcare_v1beta1.projects.locations.datasets.fhirStores.html
@@ -319,6 +319,7 @@ 
Method Details

       "skipIdRedaction": True or False, # If true, skip replacing StudyInstanceUID, SeriesInstanceUID, SOPInstanceUID, and MediaStorageSOPInstanceUID and leave them untouched. The Cloud Healthcare API regenerates these UIDs by default based on the DICOM Standard's reasoning: "Whilst these UIDs cannot be mapped directly to an individual out of context, given access to the original images, or to a database of the original images containing the UIDs, it would be possible to recover the individual's identity." http://dicom.nema.org/medical/dicom/current/output/chtml/part15/sect_E.3.9.html
     },
     "fhir": { # Specifies how to handle de-identification of a FHIR store. # Configures de-id of application/FHIR content.
+      "defaultKeepExtensions": True or False, # The behaviour for handling FHIR extensions that aren't otherwise specified for de-identification. If true, all extensions are preserved during de-identification by default. If false or unspecified, all extensions are removed during de-identification by default.
       "fieldMetadataList": [ # Specifies FHIR paths to match and how to transform them. Any field that is not matched by a FieldMetadata is passed through to the output dataset unmodified. All extensions will be processed according to `default_keep_extensions`. If a field can be matched by more than one FieldMetadata, the first FieldMetadata.Action is applied.
         { # Specifies FHIR paths to match, and how to handle de-identification of matching fields.
           "action": "A String", # Deidentify action for one field.
diff --git a/docs/dyn/healthcare_v1beta1.projects.locations.datasets.html b/docs/dyn/healthcare_v1beta1.projects.locations.datasets.html
index e31109c7c1a..b86cdcd10ab 100644
--- a/docs/dyn/healthcare_v1beta1.projects.locations.datasets.html
+++ b/docs/dyn/healthcare_v1beta1.projects.locations.datasets.html
@@ -217,6 +217,7 @@ 
Method Details

       "skipIdRedaction": True or False, # If true, skip replacing StudyInstanceUID, SeriesInstanceUID, SOPInstanceUID, and MediaStorageSOPInstanceUID and leave them untouched. The Cloud Healthcare API regenerates these UIDs by default based on the DICOM Standard's reasoning: "Whilst these UIDs cannot be mapped directly to an individual out of context, given access to the original images, or to a database of the original images containing the UIDs, it would be possible to recover the individual's identity." http://dicom.nema.org/medical/dicom/current/output/chtml/part15/sect_E.3.9.html
     },
     "fhir": { # Specifies how to handle de-identification of a FHIR store. # Configures de-id of application/FHIR content.
+      "defaultKeepExtensions": True or False, # The behaviour for handling FHIR extensions that aren't otherwise specified for de-identification. If true, all extensions are preserved during de-identification by default. If false or unspecified, all extensions are removed during de-identification by default.
       "fieldMetadataList": [ # Specifies FHIR paths to match and how to transform them. Any field that is not matched by a FieldMetadata is passed through to the output dataset unmodified. All extensions will be processed according to `default_keep_extensions`. If a field can be matched by more than one FieldMetadata, the first FieldMetadata.Action is applied.
         { # Specifies FHIR paths to match, and how to handle de-identification of matching fields.
           "action": "A String", # Deidentify action for one field.
diff --git a/docs/dyn/iam_v1.projects.serviceAccounts.html b/docs/dyn/iam_v1.projects.serviceAccounts.html
index 0155aa24f60..6b6d3af98f4 100644
--- a/docs/dyn/iam_v1.projects.serviceAccounts.html
+++ b/docs/dyn/iam_v1.projects.serviceAccounts.html
@@ -277,7 +277,7 @@ 
Method Details

 
 Args:
   resource: string, REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. (required)
-  options_requestedPolicyVersion: integer, Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  options_requestedPolicyVersion: integer, Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
diff --git a/docs/dyn/iap_v1.v1.html b/docs/dyn/iap_v1.v1.html
index 1da23e5b87d..7f165b7fdf5 100644
--- a/docs/dyn/iap_v1.v1.html
+++ b/docs/dyn/iap_v1.v1.html
@@ -109,7 +109,7 @@ 
Method Details

 
 { # Request message for `GetIamPolicy` method.
   "options": { # Encapsulates settings provided to GetIamPolicy. # OPTIONAL: A `GetPolicyOptions` object for specifying options to `GetIamPolicy`.
-    "requestedPolicyVersion": 42, # Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+    "requestedPolicyVersion": 42, # Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   },
 }
 
diff --git a/docs/dyn/iap_v1beta1.v1beta1.html b/docs/dyn/iap_v1beta1.v1beta1.html
index 2088e2df349..0925087bcd0 100644
--- a/docs/dyn/iap_v1beta1.v1beta1.html
+++ b/docs/dyn/iap_v1beta1.v1beta1.html
@@ -103,7 +103,7 @@ 
Method Details

 
 { # Request message for `GetIamPolicy` method.
   "options": { # Encapsulates settings provided to GetIamPolicy. # OPTIONAL: A `GetPolicyOptions` object for specifying options to `GetIamPolicy`.
-    "requestedPolicyVersion": 42, # Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+    "requestedPolicyVersion": 42, # Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   },
 }
 
diff --git a/docs/dyn/index.md b/docs/dyn/index.md
index c1b898ad666..cab18eb10d6 100644
--- a/docs/dyn/index.md
+++ b/docs/dyn/index.md
@@ -356,6 +356,7 @@
 
 
 ## datastream
+* [v1](http://googleapis.github.io/google-api-python-client/docs/dyn/datastream_v1.html)
 * [v1alpha1](http://googleapis.github.io/google-api-python-client/docs/dyn/datastream_v1alpha1.html)
 
 
@@ -1015,10 +1016,6 @@
 * [v1](http://googleapis.github.io/google-api-python-client/docs/dyn/webfonts_v1.html)
 
 
-## webmasters
-* [v3](http://googleapis.github.io/google-api-python-client/docs/dyn/webmasters_v3.html)
-
-
 ## webrisk
 * [v1](http://googleapis.github.io/google-api-python-client/docs/dyn/webrisk_v1.html)
 
diff --git a/docs/dyn/managedidentities_v1.projects.locations.global_.domains.html b/docs/dyn/managedidentities_v1.projects.locations.global_.domains.html
index e55f2f48930..36b4e8e2708 100644
--- a/docs/dyn/managedidentities_v1.projects.locations.global_.domains.html
+++ b/docs/dyn/managedidentities_v1.projects.locations.global_.domains.html
@@ -419,7 +419,7 @@ 
Method Details

 
 Args:
   resource: string, REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. (required)
-  options_requestedPolicyVersion: integer, Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  options_requestedPolicyVersion: integer, Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
@@ -428,19 +428,19 @@ 
Method Details

 Returns:
   An object of the form:
 
-    { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
-  "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.
-    { # Associates `members` with a `role`.
-      "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+    { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
+  "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+    { # Associates `members`, or principals, with a `role`.
+      "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
         "description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
         "expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
         "location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
         "title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
       },
-      "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+      "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
         "A String",
       ],
-      "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+      "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
     },
   ],
   "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
@@ -716,19 +716,19 @@ 
Method Details

     The object takes the form of:
 
 { # Request message for `SetIamPolicy` method.
-  "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.
-    "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.
-      { # Associates `members` with a `role`.
-        "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.
+    "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+      { # Associates `members`, or principals, with a `role`.
+        "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
           "description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
           "expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
           "location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
           "title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
         },
-        "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+        "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
           "A String",
         ],
-        "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+        "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
       },
     ],
     "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
@@ -744,19 +744,19 @@ 
Method Details

 Returns:
   An object of the form:
 
-    { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
-  "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.
-    { # Associates `members` with a `role`.
-      "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+    { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
+  "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+    { # Associates `members`, or principals, with a `role`.
+      "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
         "description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
         "expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
         "location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
         "title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
       },
-      "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+      "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
         "A String",
       ],
-      "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+      "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
     },
   ],
   "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
diff --git a/docs/dyn/managedidentities_v1.projects.locations.global_.peerings.html b/docs/dyn/managedidentities_v1.projects.locations.global_.peerings.html
index 8874f995d14..3f9a6b8dff5 100644
--- a/docs/dyn/managedidentities_v1.projects.locations.global_.peerings.html
+++ b/docs/dyn/managedidentities_v1.projects.locations.global_.peerings.html
@@ -231,7 +231,7 @@ 
Method Details

 
 Args:
   resource: string, REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. (required)
-  options_requestedPolicyVersion: integer, Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  options_requestedPolicyVersion: integer, Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
@@ -240,19 +240,19 @@ 
Method Details

 Returns:
   An object of the form:
 
-    { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
-  "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.
-    { # Associates `members` with a `role`.
-      "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+    { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
+  "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+    { # Associates `members`, or principals, with a `role`.
+      "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
         "description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
         "expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
         "location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
         "title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
       },
-      "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+      "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
         "A String",
       ],
-      "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+      "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
     },
   ],
   "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
@@ -376,19 +376,19 @@ 
Method Details

     The object takes the form of:
 
 { # Request message for `SetIamPolicy` method.
-  "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.
-    "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.
-      { # Associates `members` with a `role`.
-        "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.
+    "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+      { # Associates `members`, or principals, with a `role`.
+        "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
           "description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
           "expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
           "location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
           "title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
         },
-        "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+        "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
           "A String",
         ],
-        "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+        "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
       },
     ],
     "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
@@ -404,19 +404,19 @@ 
Method Details

 Returns:
   An object of the form:
 
-    { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
-  "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.
-    { # Associates `members` with a `role`.
-      "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+    { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
+  "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+    { # Associates `members`, or principals, with a `role`.
+      "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
         "description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
         "expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
         "location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
         "title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
       },
-      "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+      "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
         "A String",
       ],
-      "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+      "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
     },
   ],
   "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
diff --git a/docs/dyn/managedidentities_v1alpha1.projects.locations.global_.domains.backups.html b/docs/dyn/managedidentities_v1alpha1.projects.locations.global_.domains.backups.html
index f963895fdff..665071afdad 100644
--- a/docs/dyn/managedidentities_v1alpha1.projects.locations.global_.domains.backups.html
+++ b/docs/dyn/managedidentities_v1alpha1.projects.locations.global_.domains.backups.html
@@ -229,7 +229,7 @@ 
Method Details

 
 Args:
   resource: string, REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. (required)
-  options_requestedPolicyVersion: integer, Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  options_requestedPolicyVersion: integer, Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
@@ -238,19 +238,19 @@ 
Method Details

 Returns:
   An object of the form:
 
-    { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
-  "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.
-    { # Associates `members` with a `role`.
-      "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+    { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
+  "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+    { # Associates `members`, or principals, with a `role`.
+      "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
         "description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
         "expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
         "location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
         "title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
       },
-      "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+      "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
         "A String",
       ],
-      "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+      "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
     },
   ],
   "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
@@ -372,19 +372,19 @@ 
Method Details

     The object takes the form of:
 
 { # Request message for `SetIamPolicy` method.
-  "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.
-    "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.
-      { # Associates `members` with a `role`.
-        "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.
+    "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+      { # Associates `members`, or principals, with a `role`.
+        "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
           "description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
           "expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
           "location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
           "title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
         },
-        "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+        "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
           "A String",
         ],
-        "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+        "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
       },
     ],
     "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
@@ -400,19 +400,19 @@ 
Method Details

 Returns:
   An object of the form:
 
-    { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
-  "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.
-    { # Associates `members` with a `role`.
-      "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+    { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
+  "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+    { # Associates `members`, or principals, with a `role`.
+      "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
         "description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
         "expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
         "location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
         "title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
       },
-      "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+      "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
         "A String",
       ],
-      "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+      "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
     },
   ],
   "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
diff --git a/docs/dyn/managedidentities_v1alpha1.projects.locations.global_.domains.html b/docs/dyn/managedidentities_v1alpha1.projects.locations.global_.domains.html
index 7d1f27fd03f..b1ade2ca142 100644
--- a/docs/dyn/managedidentities_v1alpha1.projects.locations.global_.domains.html
+++ b/docs/dyn/managedidentities_v1alpha1.projects.locations.global_.domains.html
@@ -427,7 +427,7 @@ 
Method Details

 
 Args:
   resource: string, REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. (required)
-  options_requestedPolicyVersion: integer, Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  options_requestedPolicyVersion: integer, Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
@@ -436,19 +436,19 @@ 
Method Details

 Returns:
   An object of the form:
 
-    { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
-  "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.
-    { # Associates `members` with a `role`.
-      "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+    { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
+  "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+    { # Associates `members`, or principals, with a `role`.
+      "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
         "description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
         "expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
         "location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
         "title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
       },
-      "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+      "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
         "A String",
       ],
-      "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+      "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
     },
   ],
   "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
@@ -777,19 +777,19 @@ 
Method Details

     The object takes the form of:
 
 { # Request message for `SetIamPolicy` method.
-  "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.
-    "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.
-      { # Associates `members` with a `role`.
-        "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.
+    "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+      { # Associates `members`, or principals, with a `role`.
+        "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
           "description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
           "expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
           "location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
           "title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
         },
-        "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+        "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
           "A String",
         ],
-        "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+        "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
       },
     ],
     "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
@@ -805,19 +805,19 @@ 
Method Details

 Returns:
   An object of the form:
 
-    { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
-  "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.
-    { # Associates `members` with a `role`.
-      "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+    { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
+  "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+    { # Associates `members`, or principals, with a `role`.
+      "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
         "description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
         "expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
         "location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
         "title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
       },
-      "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+      "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
         "A String",
       ],
-      "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+      "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
     },
   ],
   "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
diff --git a/docs/dyn/managedidentities_v1alpha1.projects.locations.global_.peerings.html b/docs/dyn/managedidentities_v1alpha1.projects.locations.global_.peerings.html
index 011ed97b0ce..d815d413bf3 100644
--- a/docs/dyn/managedidentities_v1alpha1.projects.locations.global_.peerings.html
+++ b/docs/dyn/managedidentities_v1alpha1.projects.locations.global_.peerings.html
@@ -231,7 +231,7 @@ 
Method Details

 
 Args:
   resource: string, REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. (required)
-  options_requestedPolicyVersion: integer, Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  options_requestedPolicyVersion: integer, Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
@@ -240,19 +240,19 @@ 
Method Details

 Returns:
   An object of the form:
 
-    { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
-  "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.
-    { # Associates `members` with a `role`.
-      "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+    { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
+  "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+    { # Associates `members`, or principals, with a `role`.
+      "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
         "description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
         "expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
         "location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
         "title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
       },
-      "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+      "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
         "A String",
       ],
-      "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+      "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
     },
   ],
   "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
@@ -376,19 +376,19 @@ 
Method Details

     The object takes the form of:
 
 { # Request message for `SetIamPolicy` method.
-  "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.
-    "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.
-      { # Associates `members` with a `role`.
-        "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.
+    "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+      { # Associates `members`, or principals, with a `role`.
+        "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
           "description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
           "expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
           "location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
           "title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
         },
-        "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+        "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
           "A String",
         ],
-        "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+        "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
       },
     ],
     "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
@@ -404,19 +404,19 @@ 
Method Details

 Returns:
   An object of the form:
 
-    { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
-  "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.
-    { # Associates `members` with a `role`.
-      "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+    { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
+  "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+    { # Associates `members`, or principals, with a `role`.
+      "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
         "description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
         "expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
         "location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
         "title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
       },
-      "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+      "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
         "A String",
       ],
-      "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+      "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
     },
   ],
   "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
diff --git a/docs/dyn/managedidentities_v1beta1.projects.locations.global_.domains.backups.html b/docs/dyn/managedidentities_v1beta1.projects.locations.global_.domains.backups.html
index 399c5b20805..b01299da2ec 100644
--- a/docs/dyn/managedidentities_v1beta1.projects.locations.global_.domains.backups.html
+++ b/docs/dyn/managedidentities_v1beta1.projects.locations.global_.domains.backups.html
@@ -229,7 +229,7 @@ 
Method Details

 
 Args:
   resource: string, REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. (required)
-  options_requestedPolicyVersion: integer, Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  options_requestedPolicyVersion: integer, Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
@@ -238,19 +238,19 @@ 
Method Details

 Returns:
   An object of the form:
 
-    { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
-  "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.
-    { # Associates `members` with a `role`.
-      "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+    { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
+  "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+    { # Associates `members`, or principals, with a `role`.
+      "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
         "description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
         "expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
         "location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
         "title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
       },
-      "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+      "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
         "A String",
       ],
-      "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+      "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
     },
   ],
   "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
@@ -372,19 +372,19 @@ 
Method Details

     The object takes the form of:
 
 { # Request message for `SetIamPolicy` method.
-  "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.
-    "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.
-      { # Associates `members` with a `role`.
-        "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.
+    "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+      { # Associates `members`, or principals, with a `role`.
+        "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
           "description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
           "expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
           "location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
           "title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
         },
-        "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+        "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
           "A String",
         ],
-        "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+        "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
       },
     ],
     "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
@@ -400,19 +400,19 @@ 
Method Details

 Returns:
   An object of the form:
 
-    { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
-  "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.
-    { # Associates `members` with a `role`.
-      "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+    { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
+  "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+    { # Associates `members`, or principals, with a `role`.
+      "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
         "description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
         "expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
         "location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
         "title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
       },
-      "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+      "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
         "A String",
       ],
-      "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+      "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
     },
   ],
   "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
diff --git a/docs/dyn/managedidentities_v1beta1.projects.locations.global_.domains.html b/docs/dyn/managedidentities_v1beta1.projects.locations.global_.domains.html
index 60447888035..e3102f34163 100644
--- a/docs/dyn/managedidentities_v1beta1.projects.locations.global_.domains.html
+++ b/docs/dyn/managedidentities_v1beta1.projects.locations.global_.domains.html
@@ -427,7 +427,7 @@ 
Method Details

 
 Args:
   resource: string, REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. (required)
-  options_requestedPolicyVersion: integer, Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  options_requestedPolicyVersion: integer, Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
@@ -436,19 +436,19 @@ 
Method Details

 Returns:
   An object of the form:
 
-    { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
-  "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.
-    { # Associates `members` with a `role`.
-      "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+    { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
+  "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+    { # Associates `members`, or principals, with a `role`.
+      "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
         "description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
         "expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
         "location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
         "title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
       },
-      "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+      "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
         "A String",
       ],
-      "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+      "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
     },
   ],
   "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
@@ -766,19 +766,19 @@ 
Method Details

     The object takes the form of:
 
 { # Request message for `SetIamPolicy` method.
-  "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.
-    "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.
-      { # Associates `members` with a `role`.
-        "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.
+    "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+      { # Associates `members`, or principals, with a `role`.
+        "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
           "description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
           "expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
           "location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
           "title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
         },
-        "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+        "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
           "A String",
         ],
-        "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+        "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
       },
     ],
     "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
@@ -794,19 +794,19 @@ 
Method Details

 Returns:
   An object of the form:
 
-    { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
-  "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.
-    { # Associates `members` with a `role`.
-      "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+    { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
+  "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+    { # Associates `members`, or principals, with a `role`.
+      "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
         "description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
         "expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
         "location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
         "title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
       },
-      "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+      "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
         "A String",
       ],
-      "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+      "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
     },
   ],
   "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
diff --git a/docs/dyn/managedidentities_v1beta1.projects.locations.global_.peerings.html b/docs/dyn/managedidentities_v1beta1.projects.locations.global_.peerings.html
index f93f7cc106d..3d8dc1e9c75 100644
--- a/docs/dyn/managedidentities_v1beta1.projects.locations.global_.peerings.html
+++ b/docs/dyn/managedidentities_v1beta1.projects.locations.global_.peerings.html
@@ -231,7 +231,7 @@ 
Method Details

 
 Args:
   resource: string, REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. (required)
-  options_requestedPolicyVersion: integer, Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  options_requestedPolicyVersion: integer, Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
@@ -240,19 +240,19 @@ 
Method Details

 Returns:
   An object of the form:
 
-    { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
-  "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.
-    { # Associates `members` with a `role`.
-      "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+    { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
+  "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+    { # Associates `members`, or principals, with a `role`.
+      "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
         "description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
         "expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
         "location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
         "title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
       },
-      "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+      "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
         "A String",
       ],
-      "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+      "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
     },
   ],
   "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
@@ -376,19 +376,19 @@ 
Method Details

     The object takes the form of:
 
 { # Request message for `SetIamPolicy` method.
-  "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.
-    "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.
-      { # Associates `members` with a `role`.
-        "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.
+    "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+      { # Associates `members`, or principals, with a `role`.
+        "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
           "description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
           "expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
           "location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
           "title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
         },
-        "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+        "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
           "A String",
         ],
-        "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+        "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
       },
     ],
     "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
@@ -404,19 +404,19 @@ 
Method Details

 Returns:
   An object of the form:
 
-    { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
-  "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.
-    { # Associates `members` with a `role`.
-      "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+    { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
+  "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+    { # Associates `members`, or principals, with a `role`.
+      "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
         "description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
         "expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
         "location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
         "title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
       },
-      "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+      "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
         "A String",
       ],
-      "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+      "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
     },
   ],
   "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
diff --git a/docs/dyn/metastore_v1alpha.projects.locations.services.backups.html b/docs/dyn/metastore_v1alpha.projects.locations.services.backups.html
index 4921ac38310..481a3c5c376 100644
--- a/docs/dyn/metastore_v1alpha.projects.locations.services.backups.html
+++ b/docs/dyn/metastore_v1alpha.projects.locations.services.backups.html
@@ -187,6 +187,14 @@ 
Method Details

     },
     "name": "A String", # Immutable. The relative resource name of the metastore service, of the form:projects/{project_number}/locations/{location_id}/services/{service_id}.
     "network": "A String", # Immutable. The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form:projects/{project_number}/global/networks/{network_id}.
+    "networkConfig": { # Network configuration for the Dataproc Metastore service. # Immutable. The configuration specifying the network settings for the Dataproc Metastore service.
+      "consumers": [ # Immutable. The consumer-side network configuration for the Dataproc Metastore instance.
+        { # Contains information of the customer's network configurations.
+          "endpointUri": "A String", # Output only. The URI of the endpoint used to access the metastore service.
+          "subnetwork": "A String", # The subnetwork of the customer project from which an IP address is reserved and used as the Dataproc Metastore service's endpoint. It is accessible to hosts in the subnet and to all hosts in a subnet in the same region and same network. There must be at least one IP address available in the subnet's primary range. The subnet is specified in the following form:`projects/{project_number}/regions/{region_id}/subnetworks/{subnetwork_id}
+        },
+      ],
+    },
     "port": 42, # The TCP port at which the metastore service is reached. Default: 9083.
     "releaseChannel": "A String", # Immutable. The release channel of the service. If unspecified, defaults to STABLE.
     "state": "A String", # Output only. The current state of the metastore service.
@@ -350,6 +358,14 @@ 
Method Details

     },
     "name": "A String", # Immutable. The relative resource name of the metastore service, of the form:projects/{project_number}/locations/{location_id}/services/{service_id}.
     "network": "A String", # Immutable. The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form:projects/{project_number}/global/networks/{network_id}.
+    "networkConfig": { # Network configuration for the Dataproc Metastore service. # Immutable. The configuration specifying the network settings for the Dataproc Metastore service.
+      "consumers": [ # Immutable. The consumer-side network configuration for the Dataproc Metastore instance.
+        { # Contains information of the customer's network configurations.
+          "endpointUri": "A String", # Output only. The URI of the endpoint used to access the metastore service.
+          "subnetwork": "A String", # The subnetwork of the customer project from which an IP address is reserved and used as the Dataproc Metastore service's endpoint. It is accessible to hosts in the subnet and to all hosts in a subnet in the same region and same network. There must be at least one IP address available in the subnet's primary range. The subnet is specified in the following form:`projects/{project_number}/regions/{region_id}/subnetworks/{subnetwork_id}
+        },
+      ],
+    },
     "port": 42, # The TCP port at which the metastore service is reached. Default: 9083.
     "releaseChannel": "A String", # Immutable. The release channel of the service. If unspecified, defaults to STABLE.
     "state": "A String", # Output only. The current state of the metastore service.
@@ -368,7 +384,7 @@ 
Method Details

 
 Args:
   resource: string, REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. (required)
-  options_requestedPolicyVersion: integer, Optional. The policy format version to be returned.Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected.Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset.To learn which resources support conditions in their IAM policies, see the IAM documentation (https://cloud.google.com/iam/help/conditions/resource-policies).
+  options_requestedPolicyVersion: integer, Optional. The maximum policy version that will be used to format the policy.Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected.Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset.The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1.To learn which resources support conditions in their IAM policies, see the IAM documentation (https://cloud.google.com/iam/help/conditions/resource-policies).
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
@@ -501,6 +517,14 @@ 
Method Details

         },
         "name": "A String", # Immutable. The relative resource name of the metastore service, of the form:projects/{project_number}/locations/{location_id}/services/{service_id}.
         "network": "A String", # Immutable. The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form:projects/{project_number}/global/networks/{network_id}.
+        "networkConfig": { # Network configuration for the Dataproc Metastore service. # Immutable. The configuration specifying the network settings for the Dataproc Metastore service.
+          "consumers": [ # Immutable. The consumer-side network configuration for the Dataproc Metastore instance.
+            { # Contains information of the customer's network configurations.
+              "endpointUri": "A String", # Output only. The URI of the endpoint used to access the metastore service.
+              "subnetwork": "A String", # The subnetwork of the customer project from which an IP address is reserved and used as the Dataproc Metastore service's endpoint. It is accessible to hosts in the subnet and to all hosts in a subnet in the same region and same network. There must be at least one IP address available in the subnet's primary range. The subnet is specified in the following form:`projects/{project_number}/regions/{region_id}/subnetworks/{subnetwork_id}
+            },
+          ],
+        },
         "port": 42, # The TCP port at which the metastore service is reached. Default: 9083.
         "releaseChannel": "A String", # Immutable. The release channel of the service. If unspecified, defaults to STABLE.
         "state": "A String", # Output only. The current state of the metastore service.
diff --git a/docs/dyn/metastore_v1alpha.projects.locations.services.databases.html b/docs/dyn/metastore_v1alpha.projects.locations.services.databases.html
index 93a7ab87965..69ef50dc8fb 100644
--- a/docs/dyn/metastore_v1alpha.projects.locations.services.databases.html
+++ b/docs/dyn/metastore_v1alpha.projects.locations.services.databases.html
@@ -103,7 +103,7 @@ 
Method Details

 
 Args:
   resource: string, REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. (required)
-  options_requestedPolicyVersion: integer, Optional. The policy format version to be returned.Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected.Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset.To learn which resources support conditions in their IAM policies, see the IAM documentation (https://cloud.google.com/iam/help/conditions/resource-policies).
+  options_requestedPolicyVersion: integer, Optional. The maximum policy version that will be used to format the policy.Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected.Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset.The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1.To learn which resources support conditions in their IAM policies, see the IAM documentation (https://cloud.google.com/iam/help/conditions/resource-policies).
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
diff --git a/docs/dyn/metastore_v1alpha.projects.locations.services.databases.tables.html b/docs/dyn/metastore_v1alpha.projects.locations.services.databases.tables.html
index 5238a7074a4..e6f2d838818 100644
--- a/docs/dyn/metastore_v1alpha.projects.locations.services.databases.tables.html
+++ b/docs/dyn/metastore_v1alpha.projects.locations.services.databases.tables.html
@@ -98,7 +98,7 @@ 
Method Details

 
 Args:
   resource: string, REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. (required)
-  options_requestedPolicyVersion: integer, Optional. The policy format version to be returned.Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected.Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset.To learn which resources support conditions in their IAM policies, see the IAM documentation (https://cloud.google.com/iam/help/conditions/resource-policies).
+  options_requestedPolicyVersion: integer, Optional. The maximum policy version that will be used to format the policy.Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected.Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset.The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1.To learn which resources support conditions in their IAM policies, see the IAM documentation (https://cloud.google.com/iam/help/conditions/resource-policies).
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
diff --git a/docs/dyn/metastore_v1alpha.projects.locations.services.html b/docs/dyn/metastore_v1alpha.projects.locations.services.html
index 85bb0d64a49..8b4bf09afed 100644
--- a/docs/dyn/metastore_v1alpha.projects.locations.services.html
+++ b/docs/dyn/metastore_v1alpha.projects.locations.services.html
@@ -203,6 +203,14 @@ 
Method Details

   },
   "name": "A String", # Immutable. The relative resource name of the metastore service, of the form:projects/{project_number}/locations/{location_id}/services/{service_id}.
   "network": "A String", # Immutable. The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form:projects/{project_number}/global/networks/{network_id}.
+  "networkConfig": { # Network configuration for the Dataproc Metastore service. # Immutable. The configuration specifying the network settings for the Dataproc Metastore service.
+    "consumers": [ # Immutable. The consumer-side network configuration for the Dataproc Metastore instance.
+      { # Contains information of the customer's network configurations.
+        "endpointUri": "A String", # Output only. The URI of the endpoint used to access the metastore service.
+        "subnetwork": "A String", # The subnetwork of the customer project from which an IP address is reserved and used as the Dataproc Metastore service's endpoint. It is accessible to hosts in the subnet and to all hosts in a subnet in the same region and same network. There must be at least one IP address available in the subnet's primary range. The subnet is specified in the following form:`projects/{project_number}/regions/{region_id}/subnetworks/{subnetwork_id}
+      },
+    ],
+  },
   "port": 42, # The TCP port at which the metastore service is reached. Default: 9083.
   "releaseChannel": "A String", # Immutable. The release channel of the service. If unspecified, defaults to STABLE.
   "state": "A String", # Output only. The current state of the metastore service.
@@ -400,6 +408,14 @@ 
Method Details

   },
   "name": "A String", # Immutable. The relative resource name of the metastore service, of the form:projects/{project_number}/locations/{location_id}/services/{service_id}.
   "network": "A String", # Immutable. The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form:projects/{project_number}/global/networks/{network_id}.
+  "networkConfig": { # Network configuration for the Dataproc Metastore service. # Immutable. The configuration specifying the network settings for the Dataproc Metastore service.
+    "consumers": [ # Immutable. The consumer-side network configuration for the Dataproc Metastore instance.
+      { # Contains information of the customer's network configurations.
+        "endpointUri": "A String", # Output only. The URI of the endpoint used to access the metastore service.
+        "subnetwork": "A String", # The subnetwork of the customer project from which an IP address is reserved and used as the Dataproc Metastore service's endpoint. It is accessible to hosts in the subnet and to all hosts in a subnet in the same region and same network. There must be at least one IP address available in the subnet's primary range. The subnet is specified in the following form:`projects/{project_number}/regions/{region_id}/subnetworks/{subnetwork_id}
+      },
+    ],
+  },
   "port": 42, # The TCP port at which the metastore service is reached. Default: 9083.
   "releaseChannel": "A String", # Immutable. The release channel of the service. If unspecified, defaults to STABLE.
   "state": "A String", # Output only. The current state of the metastore service.
@@ -416,7 +432,7 @@ 
Method Details

 
 Args:
   resource: string, REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. (required)
-  options_requestedPolicyVersion: integer, Optional. The policy format version to be returned.Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected.Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset.To learn which resources support conditions in their IAM policies, see the IAM documentation (https://cloud.google.com/iam/help/conditions/resource-policies).
+  options_requestedPolicyVersion: integer, Optional. The maximum policy version that will be used to format the policy.Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected.Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset.The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1.To learn which resources support conditions in their IAM policies, see the IAM documentation (https://cloud.google.com/iam/help/conditions/resource-policies).
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
@@ -542,6 +558,14 @@ 
Method Details

       },
       "name": "A String", # Immutable. The relative resource name of the metastore service, of the form:projects/{project_number}/locations/{location_id}/services/{service_id}.
       "network": "A String", # Immutable. The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form:projects/{project_number}/global/networks/{network_id}.
+      "networkConfig": { # Network configuration for the Dataproc Metastore service. # Immutable. The configuration specifying the network settings for the Dataproc Metastore service.
+        "consumers": [ # Immutable. The consumer-side network configuration for the Dataproc Metastore instance.
+          { # Contains information of the customer's network configurations.
+            "endpointUri": "A String", # Output only. The URI of the endpoint used to access the metastore service.
+            "subnetwork": "A String", # The subnetwork of the customer project from which an IP address is reserved and used as the Dataproc Metastore service's endpoint. It is accessible to hosts in the subnet and to all hosts in a subnet in the same region and same network. There must be at least one IP address available in the subnet's primary range. The subnet is specified in the following form:`projects/{project_number}/regions/{region_id}/subnetworks/{subnetwork_id}
+          },
+        ],
+      },
       "port": 42, # The TCP port at which the metastore service is reached. Default: 9083.
       "releaseChannel": "A String", # Immutable. The release channel of the service. If unspecified, defaults to STABLE.
       "state": "A String", # Output only. The current state of the metastore service.
@@ -643,6 +667,14 @@ 
Method Details

   },
   "name": "A String", # Immutable. The relative resource name of the metastore service, of the form:projects/{project_number}/locations/{location_id}/services/{service_id}.
   "network": "A String", # Immutable. The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form:projects/{project_number}/global/networks/{network_id}.
+  "networkConfig": { # Network configuration for the Dataproc Metastore service. # Immutable. The configuration specifying the network settings for the Dataproc Metastore service.
+    "consumers": [ # Immutable. The consumer-side network configuration for the Dataproc Metastore instance.
+      { # Contains information of the customer's network configurations.
+        "endpointUri": "A String", # Output only. The URI of the endpoint used to access the metastore service.
+        "subnetwork": "A String", # The subnetwork of the customer project from which an IP address is reserved and used as the Dataproc Metastore service's endpoint. It is accessible to hosts in the subnet and to all hosts in a subnet in the same region and same network. There must be at least one IP address available in the subnet's primary range. The subnet is specified in the following form:`projects/{project_number}/regions/{region_id}/subnetworks/{subnetwork_id}
+      },
+    ],
+  },
   "port": 42, # The TCP port at which the metastore service is reached. Default: 9083.
   "releaseChannel": "A String", # Immutable. The release channel of the service. If unspecified, defaults to STABLE.
   "state": "A String", # Output only. The current state of the metastore service.
diff --git a/docs/dyn/metastore_v1beta.projects.locations.services.backups.html b/docs/dyn/metastore_v1beta.projects.locations.services.backups.html
index 46ec0e87842..e288d29168f 100644
--- a/docs/dyn/metastore_v1beta.projects.locations.services.backups.html
+++ b/docs/dyn/metastore_v1beta.projects.locations.services.backups.html
@@ -187,6 +187,14 @@ 
Method Details

     },
     "name": "A String", # Immutable. The relative resource name of the metastore service, of the form:projects/{project_number}/locations/{location_id}/services/{service_id}.
     "network": "A String", # Immutable. The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form:projects/{project_number}/global/networks/{network_id}.
+    "networkConfig": { # Network configuration for the Dataproc Metastore service. # Immutable. The configuration specifying the network settings for the Dataproc Metastore service.
+      "consumers": [ # Immutable. The consumer-side network configuration for the Dataproc Metastore instance.
+        { # Contains information of the customer's network configurations.
+          "endpointUri": "A String", # Output only. The URI of the endpoint used to access the metastore service.
+          "subnetwork": "A String", # The subnetwork of the customer project from which an IP address is reserved and used as the Dataproc Metastore service's endpoint. It is accessible to hosts in the subnet and to all hosts in a subnet in the same region and same network. There must be at least one IP address available in the subnet's primary range. The subnet is specified in the following form:`projects/{project_number}/regions/{region_id}/subnetworks/{subnetwork_id}
+        },
+      ],
+    },
     "port": 42, # The TCP port at which the metastore service is reached. Default: 9083.
     "releaseChannel": "A String", # Immutable. The release channel of the service. If unspecified, defaults to STABLE.
     "state": "A String", # Output only. The current state of the metastore service.
@@ -350,6 +358,14 @@ 
Method Details

     },
     "name": "A String", # Immutable. The relative resource name of the metastore service, of the form:projects/{project_number}/locations/{location_id}/services/{service_id}.
     "network": "A String", # Immutable. The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form:projects/{project_number}/global/networks/{network_id}.
+    "networkConfig": { # Network configuration for the Dataproc Metastore service. # Immutable. The configuration specifying the network settings for the Dataproc Metastore service.
+      "consumers": [ # Immutable. The consumer-side network configuration for the Dataproc Metastore instance.
+        { # Contains information of the customer's network configurations.
+          "endpointUri": "A String", # Output only. The URI of the endpoint used to access the metastore service.
+          "subnetwork": "A String", # The subnetwork of the customer project from which an IP address is reserved and used as the Dataproc Metastore service's endpoint. It is accessible to hosts in the subnet and to all hosts in a subnet in the same region and same network. There must be at least one IP address available in the subnet's primary range. The subnet is specified in the following form:`projects/{project_number}/regions/{region_id}/subnetworks/{subnetwork_id}
+        },
+      ],
+    },
     "port": 42, # The TCP port at which the metastore service is reached. Default: 9083.
     "releaseChannel": "A String", # Immutable. The release channel of the service. If unspecified, defaults to STABLE.
     "state": "A String", # Output only. The current state of the metastore service.
@@ -368,7 +384,7 @@ 
Method Details

 
 Args:
   resource: string, REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. (required)
-  options_requestedPolicyVersion: integer, Optional. The policy format version to be returned.Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected.Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset.To learn which resources support conditions in their IAM policies, see the IAM documentation (https://cloud.google.com/iam/help/conditions/resource-policies).
+  options_requestedPolicyVersion: integer, Optional. The maximum policy version that will be used to format the policy.Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected.Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset.The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1.To learn which resources support conditions in their IAM policies, see the IAM documentation (https://cloud.google.com/iam/help/conditions/resource-policies).
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
@@ -501,6 +517,14 @@ 
Method Details

         },
         "name": "A String", # Immutable. The relative resource name of the metastore service, of the form:projects/{project_number}/locations/{location_id}/services/{service_id}.
         "network": "A String", # Immutable. The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form:projects/{project_number}/global/networks/{network_id}.
+        "networkConfig": { # Network configuration for the Dataproc Metastore service. # Immutable. The configuration specifying the network settings for the Dataproc Metastore service.
+          "consumers": [ # Immutable. The consumer-side network configuration for the Dataproc Metastore instance.
+            { # Contains information of the customer's network configurations.
+              "endpointUri": "A String", # Output only. The URI of the endpoint used to access the metastore service.
+              "subnetwork": "A String", # The subnetwork of the customer project from which an IP address is reserved and used as the Dataproc Metastore service's endpoint. It is accessible to hosts in the subnet and to all hosts in a subnet in the same region and same network. There must be at least one IP address available in the subnet's primary range. The subnet is specified in the following form:`projects/{project_number}/regions/{region_id}/subnetworks/{subnetwork_id}
+            },
+          ],
+        },
         "port": 42, # The TCP port at which the metastore service is reached. Default: 9083.
         "releaseChannel": "A String", # Immutable. The release channel of the service. If unspecified, defaults to STABLE.
         "state": "A String", # Output only. The current state of the metastore service.
diff --git a/docs/dyn/metastore_v1beta.projects.locations.services.html b/docs/dyn/metastore_v1beta.projects.locations.services.html
index 9d46abbc2ef..4113fc1d858 100644
--- a/docs/dyn/metastore_v1beta.projects.locations.services.html
+++ b/docs/dyn/metastore_v1beta.projects.locations.services.html
@@ -198,6 +198,14 @@ 
Method Details

   },
   "name": "A String", # Immutable. The relative resource name of the metastore service, of the form:projects/{project_number}/locations/{location_id}/services/{service_id}.
   "network": "A String", # Immutable. The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form:projects/{project_number}/global/networks/{network_id}.
+  "networkConfig": { # Network configuration for the Dataproc Metastore service. # Immutable. The configuration specifying the network settings for the Dataproc Metastore service.
+    "consumers": [ # Immutable. The consumer-side network configuration for the Dataproc Metastore instance.
+      { # Contains information of the customer's network configurations.
+        "endpointUri": "A String", # Output only. The URI of the endpoint used to access the metastore service.
+        "subnetwork": "A String", # The subnetwork of the customer project from which an IP address is reserved and used as the Dataproc Metastore service's endpoint. It is accessible to hosts in the subnet and to all hosts in a subnet in the same region and same network. There must be at least one IP address available in the subnet's primary range. The subnet is specified in the following form:`projects/{project_number}/regions/{region_id}/subnetworks/{subnetwork_id}
+      },
+    ],
+  },
   "port": 42, # The TCP port at which the metastore service is reached. Default: 9083.
   "releaseChannel": "A String", # Immutable. The release channel of the service. If unspecified, defaults to STABLE.
   "state": "A String", # Output only. The current state of the metastore service.
@@ -395,6 +403,14 @@ 
Method Details

   },
   "name": "A String", # Immutable. The relative resource name of the metastore service, of the form:projects/{project_number}/locations/{location_id}/services/{service_id}.
   "network": "A String", # Immutable. The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form:projects/{project_number}/global/networks/{network_id}.
+  "networkConfig": { # Network configuration for the Dataproc Metastore service. # Immutable. The configuration specifying the network settings for the Dataproc Metastore service.
+    "consumers": [ # Immutable. The consumer-side network configuration for the Dataproc Metastore instance.
+      { # Contains information of the customer's network configurations.
+        "endpointUri": "A String", # Output only. The URI of the endpoint used to access the metastore service.
+        "subnetwork": "A String", # The subnetwork of the customer project from which an IP address is reserved and used as the Dataproc Metastore service's endpoint. It is accessible to hosts in the subnet and to all hosts in a subnet in the same region and same network. There must be at least one IP address available in the subnet's primary range. The subnet is specified in the following form:`projects/{project_number}/regions/{region_id}/subnetworks/{subnetwork_id}
+      },
+    ],
+  },
   "port": 42, # The TCP port at which the metastore service is reached. Default: 9083.
   "releaseChannel": "A String", # Immutable. The release channel of the service. If unspecified, defaults to STABLE.
   "state": "A String", # Output only. The current state of the metastore service.
@@ -411,7 +427,7 @@ 
Method Details

 
 Args:
   resource: string, REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. (required)
-  options_requestedPolicyVersion: integer, Optional. The policy format version to be returned.Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected.Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset.To learn which resources support conditions in their IAM policies, see the IAM documentation (https://cloud.google.com/iam/help/conditions/resource-policies).
+  options_requestedPolicyVersion: integer, Optional. The maximum policy version that will be used to format the policy.Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected.Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset.The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1.To learn which resources support conditions in their IAM policies, see the IAM documentation (https://cloud.google.com/iam/help/conditions/resource-policies).
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
@@ -537,6 +553,14 @@ 
Method Details

       },
       "name": "A String", # Immutable. The relative resource name of the metastore service, of the form:projects/{project_number}/locations/{location_id}/services/{service_id}.
       "network": "A String", # Immutable. The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form:projects/{project_number}/global/networks/{network_id}.
+      "networkConfig": { # Network configuration for the Dataproc Metastore service. # Immutable. The configuration specifying the network settings for the Dataproc Metastore service.
+        "consumers": [ # Immutable. The consumer-side network configuration for the Dataproc Metastore instance.
+          { # Contains information of the customer's network configurations.
+            "endpointUri": "A String", # Output only. The URI of the endpoint used to access the metastore service.
+            "subnetwork": "A String", # The subnetwork of the customer project from which an IP address is reserved and used as the Dataproc Metastore service's endpoint. It is accessible to hosts in the subnet and to all hosts in a subnet in the same region and same network. There must be at least one IP address available in the subnet's primary range. The subnet is specified in the following form:`projects/{project_number}/regions/{region_id}/subnetworks/{subnetwork_id}
+          },
+        ],
+      },
       "port": 42, # The TCP port at which the metastore service is reached. Default: 9083.
       "releaseChannel": "A String", # Immutable. The release channel of the service. If unspecified, defaults to STABLE.
       "state": "A String", # Output only. The current state of the metastore service.
@@ -638,6 +662,14 @@ 
Method Details

   },
   "name": "A String", # Immutable. The relative resource name of the metastore service, of the form:projects/{project_number}/locations/{location_id}/services/{service_id}.
   "network": "A String", # Immutable. The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form:projects/{project_number}/global/networks/{network_id}.
+  "networkConfig": { # Network configuration for the Dataproc Metastore service. # Immutable. The configuration specifying the network settings for the Dataproc Metastore service.
+    "consumers": [ # Immutable. The consumer-side network configuration for the Dataproc Metastore instance.
+      { # Contains information of the customer's network configurations.
+        "endpointUri": "A String", # Output only. The URI of the endpoint used to access the metastore service.
+        "subnetwork": "A String", # The subnetwork of the customer project from which an IP address is reserved and used as the Dataproc Metastore service's endpoint. It is accessible to hosts in the subnet and to all hosts in a subnet in the same region and same network. There must be at least one IP address available in the subnet's primary range. The subnet is specified in the following form:`projects/{project_number}/regions/{region_id}/subnetworks/{subnetwork_id}
+      },
+    ],
+  },
   "port": 42, # The TCP port at which the metastore service is reached. Default: 9083.
   "releaseChannel": "A String", # Immutable. The release channel of the service. If unspecified, defaults to STABLE.
   "state": "A String", # Output only. The current state of the metastore service.
diff --git a/docs/dyn/monitoring_v1.projects.dashboards.html b/docs/dyn/monitoring_v1.projects.dashboards.html
index 0ec4a833fcf..eae8ef1b153 100644
--- a/docs/dyn/monitoring_v1.projects.dashboards.html
+++ b/docs/dyn/monitoring_v1.projects.dashboards.html
@@ -122,6 +122,12 @@ 
Method Details

             },
             "blank": { # A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for Empty is empty JSON object {}. # A blank space.
             },
+            "logsPanel": { # A widget that displays a stream of log. # A widget that shows a stream of logs.
+              "filter": "A String", # A filter that chooses which log entries to return. See Advanced Logs Queries (https://cloud.google.com/logging/docs/view/advanced-queries). Only log entries that match the filter are returned. An empty filter matches all log entries.
+              "resourceNames": [ # The names of logging resources to collect logs for. Does not implicitly include the current host project. Currently only projects are supported. There must be at least one resource_name.
+                "A String",
+              ],
+            },
             "scorecard": { # A widget showing the latest value of a metric, and how this value relates to one or more thresholds. # A scorecard summarizing time series data.
               "gaugeView": { # A gauge chart shows where the current value sits within a pre-defined range. The upper and lower bounds should define the possible range of values for the scorecard's query (inclusive). # Will cause the scorecard to show a gauge chart.
                 "lowerBound": 3.14, # The lower bound for this gauge chart. The value of the chart should always be greater than or equal to this.
@@ -429,6 +435,12 @@ 
Method Details

         },
         "blank": { # A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for Empty is empty JSON object {}. # A blank space.
         },
+        "logsPanel": { # A widget that displays a stream of log. # A widget that shows a stream of logs.
+          "filter": "A String", # A filter that chooses which log entries to return. See Advanced Logs Queries (https://cloud.google.com/logging/docs/view/advanced-queries). Only log entries that match the filter are returned. An empty filter matches all log entries.
+          "resourceNames": [ # The names of logging resources to collect logs for. Does not implicitly include the current host project. Currently only projects are supported. There must be at least one resource_name.
+            "A String",
+          ],
+        },
         "scorecard": { # A widget showing the latest value of a metric, and how this value relates to one or more thresholds. # A scorecard summarizing time series data.
           "gaugeView": { # A gauge chart shows where the current value sits within a pre-defined range. The upper and lower bounds should define the possible range of values for the scorecard's query (inclusive). # Will cause the scorecard to show a gauge chart.
             "lowerBound": 3.14, # The lower bound for this gauge chart. The value of the chart should always be greater than or equal to this.
@@ -737,6 +749,12 @@ 
Method Details

           },
           "blank": { # A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for Empty is empty JSON object {}. # A blank space.
           },
+          "logsPanel": { # A widget that displays a stream of log. # A widget that shows a stream of logs.
+            "filter": "A String", # A filter that chooses which log entries to return. See Advanced Logs Queries (https://cloud.google.com/logging/docs/view/advanced-queries). Only log entries that match the filter are returned. An empty filter matches all log entries.
+            "resourceNames": [ # The names of logging resources to collect logs for. Does not implicitly include the current host project. Currently only projects are supported. There must be at least one resource_name.
+              "A String",
+            ],
+          },
           "scorecard": { # A widget showing the latest value of a metric, and how this value relates to one or more thresholds. # A scorecard summarizing time series data.
             "gaugeView": { # A gauge chart shows where the current value sits within a pre-defined range. The upper and lower bounds should define the possible range of values for the scorecard's query (inclusive). # Will cause the scorecard to show a gauge chart.
               "lowerBound": 3.14, # The lower bound for this gauge chart. The value of the chart should always be greater than or equal to this.
@@ -1047,6 +1065,12 @@ 
Method Details

             },
             "blank": { # A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for Empty is empty JSON object {}. # A blank space.
             },
+            "logsPanel": { # A widget that displays a stream of log. # A widget that shows a stream of logs.
+              "filter": "A String", # A filter that chooses which log entries to return. See Advanced Logs Queries (https://cloud.google.com/logging/docs/view/advanced-queries). Only log entries that match the filter are returned. An empty filter matches all log entries.
+              "resourceNames": [ # The names of logging resources to collect logs for. Does not implicitly include the current host project. Currently only projects are supported. There must be at least one resource_name.
+                "A String",
+              ],
+            },
             "scorecard": { # A widget showing the latest value of a metric, and how this value relates to one or more thresholds. # A scorecard summarizing time series data.
               "gaugeView": { # A gauge chart shows where the current value sits within a pre-defined range. The upper and lower bounds should define the possible range of values for the scorecard's query (inclusive). # Will cause the scorecard to show a gauge chart.
                 "lowerBound": 3.14, # The lower bound for this gauge chart. The value of the chart should always be greater than or equal to this.
@@ -1366,6 +1390,12 @@ 
Method Details

             },
             "blank": { # A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for Empty is empty JSON object {}. # A blank space.
             },
+            "logsPanel": { # A widget that displays a stream of log. # A widget that shows a stream of logs.
+              "filter": "A String", # A filter that chooses which log entries to return. See Advanced Logs Queries (https://cloud.google.com/logging/docs/view/advanced-queries). Only log entries that match the filter are returned. An empty filter matches all log entries.
+              "resourceNames": [ # The names of logging resources to collect logs for. Does not implicitly include the current host project. Currently only projects are supported. There must be at least one resource_name.
+                "A String",
+              ],
+            },
             "scorecard": { # A widget showing the latest value of a metric, and how this value relates to one or more thresholds. # A scorecard summarizing time series data.
               "gaugeView": { # A gauge chart shows where the current value sits within a pre-defined range. The upper and lower bounds should define the possible range of values for the scorecard's query (inclusive). # Will cause the scorecard to show a gauge chart.
                 "lowerBound": 3.14, # The lower bound for this gauge chart. The value of the chart should always be greater than or equal to this.
@@ -1673,6 +1703,12 @@ 
Method Details

         },
         "blank": { # A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for Empty is empty JSON object {}. # A blank space.
         },
+        "logsPanel": { # A widget that displays a stream of log. # A widget that shows a stream of logs.
+          "filter": "A String", # A filter that chooses which log entries to return. See Advanced Logs Queries (https://cloud.google.com/logging/docs/view/advanced-queries). Only log entries that match the filter are returned. An empty filter matches all log entries.
+          "resourceNames": [ # The names of logging resources to collect logs for. Does not implicitly include the current host project. Currently only projects are supported. There must be at least one resource_name.
+            "A String",
+          ],
+        },
         "scorecard": { # A widget showing the latest value of a metric, and how this value relates to one or more thresholds. # A scorecard summarizing time series data.
           "gaugeView": { # A gauge chart shows where the current value sits within a pre-defined range. The upper and lower bounds should define the possible range of values for the scorecard's query (inclusive). # Will cause the scorecard to show a gauge chart.
             "lowerBound": 3.14, # The lower bound for this gauge chart. The value of the chart should always be greater than or equal to this.
@@ -1981,6 +2017,12 @@ 
Method Details

           },
           "blank": { # A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for Empty is empty JSON object {}. # A blank space.
           },
+          "logsPanel": { # A widget that displays a stream of log. # A widget that shows a stream of logs.
+            "filter": "A String", # A filter that chooses which log entries to return. See Advanced Logs Queries (https://cloud.google.com/logging/docs/view/advanced-queries). Only log entries that match the filter are returned. An empty filter matches all log entries.
+            "resourceNames": [ # The names of logging resources to collect logs for. Does not implicitly include the current host project. Currently only projects are supported. There must be at least one resource_name.
+              "A String",
+            ],
+          },
           "scorecard": { # A widget showing the latest value of a metric, and how this value relates to one or more thresholds. # A scorecard summarizing time series data.
             "gaugeView": { # A gauge chart shows where the current value sits within a pre-defined range. The upper and lower bounds should define the possible range of values for the scorecard's query (inclusive). # Will cause the scorecard to show a gauge chart.
               "lowerBound": 3.14, # The lower bound for this gauge chart. The value of the chart should always be greater than or equal to this.
@@ -2291,6 +2333,12 @@ 
Method Details

             },
             "blank": { # A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for Empty is empty JSON object {}. # A blank space.
             },
+            "logsPanel": { # A widget that displays a stream of log. # A widget that shows a stream of logs.
+              "filter": "A String", # A filter that chooses which log entries to return. See Advanced Logs Queries (https://cloud.google.com/logging/docs/view/advanced-queries). Only log entries that match the filter are returned. An empty filter matches all log entries.
+              "resourceNames": [ # The names of logging resources to collect logs for. Does not implicitly include the current host project. Currently only projects are supported. There must be at least one resource_name.
+                "A String",
+              ],
+            },
             "scorecard": { # A widget showing the latest value of a metric, and how this value relates to one or more thresholds. # A scorecard summarizing time series data.
               "gaugeView": { # A gauge chart shows where the current value sits within a pre-defined range. The upper and lower bounds should define the possible range of values for the scorecard's query (inclusive). # Will cause the scorecard to show a gauge chart.
                 "lowerBound": 3.14, # The lower bound for this gauge chart. The value of the chart should always be greater than or equal to this.
@@ -2634,6 +2682,12 @@ 
Method Details

             },
             "blank": { # A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for Empty is empty JSON object {}. # A blank space.
             },
+            "logsPanel": { # A widget that displays a stream of log. # A widget that shows a stream of logs.
+              "filter": "A String", # A filter that chooses which log entries to return. See Advanced Logs Queries (https://cloud.google.com/logging/docs/view/advanced-queries). Only log entries that match the filter are returned. An empty filter matches all log entries.
+              "resourceNames": [ # The names of logging resources to collect logs for. Does not implicitly include the current host project. Currently only projects are supported. There must be at least one resource_name.
+                "A String",
+              ],
+            },
             "scorecard": { # A widget showing the latest value of a metric, and how this value relates to one or more thresholds. # A scorecard summarizing time series data.
               "gaugeView": { # A gauge chart shows where the current value sits within a pre-defined range. The upper and lower bounds should define the possible range of values for the scorecard's query (inclusive). # Will cause the scorecard to show a gauge chart.
                 "lowerBound": 3.14, # The lower bound for this gauge chart. The value of the chart should always be greater than or equal to this.
@@ -2941,6 +2995,12 @@ 
Method Details

         },
         "blank": { # A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for Empty is empty JSON object {}. # A blank space.
         },
+        "logsPanel": { # A widget that displays a stream of log. # A widget that shows a stream of logs.
+          "filter": "A String", # A filter that chooses which log entries to return. See Advanced Logs Queries (https://cloud.google.com/logging/docs/view/advanced-queries). Only log entries that match the filter are returned. An empty filter matches all log entries.
+          "resourceNames": [ # The names of logging resources to collect logs for. Does not implicitly include the current host project. Currently only projects are supported. There must be at least one resource_name.
+            "A String",
+          ],
+        },
         "scorecard": { # A widget showing the latest value of a metric, and how this value relates to one or more thresholds. # A scorecard summarizing time series data.
           "gaugeView": { # A gauge chart shows where the current value sits within a pre-defined range. The upper and lower bounds should define the possible range of values for the scorecard's query (inclusive). # Will cause the scorecard to show a gauge chart.
             "lowerBound": 3.14, # The lower bound for this gauge chart. The value of the chart should always be greater than or equal to this.
@@ -3249,6 +3309,12 @@ 
Method Details

           },
           "blank": { # A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for Empty is empty JSON object {}. # A blank space.
           },
+          "logsPanel": { # A widget that displays a stream of log. # A widget that shows a stream of logs.
+            "filter": "A String", # A filter that chooses which log entries to return. See Advanced Logs Queries (https://cloud.google.com/logging/docs/view/advanced-queries). Only log entries that match the filter are returned. An empty filter matches all log entries.
+            "resourceNames": [ # The names of logging resources to collect logs for. Does not implicitly include the current host project. Currently only projects are supported. There must be at least one resource_name.
+              "A String",
+            ],
+          },
           "scorecard": { # A widget showing the latest value of a metric, and how this value relates to one or more thresholds. # A scorecard summarizing time series data.
             "gaugeView": { # A gauge chart shows where the current value sits within a pre-defined range. The upper and lower bounds should define the possible range of values for the scorecard's query (inclusive). # Will cause the scorecard to show a gauge chart.
               "lowerBound": 3.14, # The lower bound for this gauge chart. The value of the chart should always be greater than or equal to this.
@@ -3559,6 +3625,12 @@ 
Method Details

             },
             "blank": { # A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for Empty is empty JSON object {}. # A blank space.
             },
+            "logsPanel": { # A widget that displays a stream of log. # A widget that shows a stream of logs.
+              "filter": "A String", # A filter that chooses which log entries to return. See Advanced Logs Queries (https://cloud.google.com/logging/docs/view/advanced-queries). Only log entries that match the filter are returned. An empty filter matches all log entries.
+              "resourceNames": [ # The names of logging resources to collect logs for. Does not implicitly include the current host project. Currently only projects are supported. There must be at least one resource_name.
+                "A String",
+              ],
+            },
             "scorecard": { # A widget showing the latest value of a metric, and how this value relates to one or more thresholds. # A scorecard summarizing time series data.
               "gaugeView": { # A gauge chart shows where the current value sits within a pre-defined range. The upper and lower bounds should define the possible range of values for the scorecard's query (inclusive). # Will cause the scorecard to show a gauge chart.
                 "lowerBound": 3.14, # The lower bound for this gauge chart. The value of the chart should always be greater than or equal to this.
@@ -3888,6 +3960,12 @@ 
Method Details

                 },
                 "blank": { # A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for Empty is empty JSON object {}. # A blank space.
                 },
+                "logsPanel": { # A widget that displays a stream of log. # A widget that shows a stream of logs.
+                  "filter": "A String", # A filter that chooses which log entries to return. See Advanced Logs Queries (https://cloud.google.com/logging/docs/view/advanced-queries). Only log entries that match the filter are returned. An empty filter matches all log entries.
+                  "resourceNames": [ # The names of logging resources to collect logs for. Does not implicitly include the current host project. Currently only projects are supported. There must be at least one resource_name.
+                    "A String",
+                  ],
+                },
                 "scorecard": { # A widget showing the latest value of a metric, and how this value relates to one or more thresholds. # A scorecard summarizing time series data.
                   "gaugeView": { # A gauge chart shows where the current value sits within a pre-defined range. The upper and lower bounds should define the possible range of values for the scorecard's query (inclusive). # Will cause the scorecard to show a gauge chart.
                     "lowerBound": 3.14, # The lower bound for this gauge chart. The value of the chart should always be greater than or equal to this.
@@ -4195,6 +4273,12 @@ 
Method Details

             },
             "blank": { # A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for Empty is empty JSON object {}. # A blank space.
             },
+            "logsPanel": { # A widget that displays a stream of log. # A widget that shows a stream of logs.
+              "filter": "A String", # A filter that chooses which log entries to return. See Advanced Logs Queries (https://cloud.google.com/logging/docs/view/advanced-queries). Only log entries that match the filter are returned. An empty filter matches all log entries.
+              "resourceNames": [ # The names of logging resources to collect logs for. Does not implicitly include the current host project. Currently only projects are supported. There must be at least one resource_name.
+                "A String",
+              ],
+            },
             "scorecard": { # A widget showing the latest value of a metric, and how this value relates to one or more thresholds. # A scorecard summarizing time series data.
               "gaugeView": { # A gauge chart shows where the current value sits within a pre-defined range. The upper and lower bounds should define the possible range of values for the scorecard's query (inclusive). # Will cause the scorecard to show a gauge chart.
                 "lowerBound": 3.14, # The lower bound for this gauge chart. The value of the chart should always be greater than or equal to this.
@@ -4503,6 +4587,12 @@ 
Method Details

               },
               "blank": { # A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for Empty is empty JSON object {}. # A blank space.
               },
+              "logsPanel": { # A widget that displays a stream of log. # A widget that shows a stream of logs.
+                "filter": "A String", # A filter that chooses which log entries to return. See Advanced Logs Queries (https://cloud.google.com/logging/docs/view/advanced-queries). Only log entries that match the filter are returned. An empty filter matches all log entries.
+                "resourceNames": [ # The names of logging resources to collect logs for. Does not implicitly include the current host project. Currently only projects are supported. There must be at least one resource_name.
+                  "A String",
+                ],
+              },
               "scorecard": { # A widget showing the latest value of a metric, and how this value relates to one or more thresholds. # A scorecard summarizing time series data.
                 "gaugeView": { # A gauge chart shows where the current value sits within a pre-defined range. The upper and lower bounds should define the possible range of values for the scorecard's query (inclusive). # Will cause the scorecard to show a gauge chart.
                   "lowerBound": 3.14, # The lower bound for this gauge chart. The value of the chart should always be greater than or equal to this.
@@ -4813,6 +4903,12 @@ 
Method Details

                 },
                 "blank": { # A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for Empty is empty JSON object {}. # A blank space.
                 },
+                "logsPanel": { # A widget that displays a stream of log. # A widget that shows a stream of logs.
+                  "filter": "A String", # A filter that chooses which log entries to return. See Advanced Logs Queries (https://cloud.google.com/logging/docs/view/advanced-queries). Only log entries that match the filter are returned. An empty filter matches all log entries.
+                  "resourceNames": [ # The names of logging resources to collect logs for. Does not implicitly include the current host project. Currently only projects are supported. There must be at least one resource_name.
+                    "A String",
+                  ],
+                },
                 "scorecard": { # A widget showing the latest value of a metric, and how this value relates to one or more thresholds. # A scorecard summarizing time series data.
                   "gaugeView": { # A gauge chart shows where the current value sits within a pre-defined range. The upper and lower bounds should define the possible range of values for the scorecard's query (inclusive). # Will cause the scorecard to show a gauge chart.
                     "lowerBound": 3.14, # The lower bound for this gauge chart. The value of the chart should always be greater than or equal to this.
@@ -5150,6 +5246,12 @@ 
Method Details

             },
             "blank": { # A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for Empty is empty JSON object {}. # A blank space.
             },
+            "logsPanel": { # A widget that displays a stream of log. # A widget that shows a stream of logs.
+              "filter": "A String", # A filter that chooses which log entries to return. See Advanced Logs Queries (https://cloud.google.com/logging/docs/view/advanced-queries). Only log entries that match the filter are returned. An empty filter matches all log entries.
+              "resourceNames": [ # The names of logging resources to collect logs for. Does not implicitly include the current host project. Currently only projects are supported. There must be at least one resource_name.
+                "A String",
+              ],
+            },
             "scorecard": { # A widget showing the latest value of a metric, and how this value relates to one or more thresholds. # A scorecard summarizing time series data.
               "gaugeView": { # A gauge chart shows where the current value sits within a pre-defined range. The upper and lower bounds should define the possible range of values for the scorecard's query (inclusive). # Will cause the scorecard to show a gauge chart.
                 "lowerBound": 3.14, # The lower bound for this gauge chart. The value of the chart should always be greater than or equal to this.
@@ -5457,6 +5559,12 @@ 
Method Details

         },
         "blank": { # A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for Empty is empty JSON object {}. # A blank space.
         },
+        "logsPanel": { # A widget that displays a stream of log. # A widget that shows a stream of logs.
+          "filter": "A String", # A filter that chooses which log entries to return. See Advanced Logs Queries (https://cloud.google.com/logging/docs/view/advanced-queries). Only log entries that match the filter are returned. An empty filter matches all log entries.
+          "resourceNames": [ # The names of logging resources to collect logs for. Does not implicitly include the current host project. Currently only projects are supported. There must be at least one resource_name.
+            "A String",
+          ],
+        },
         "scorecard": { # A widget showing the latest value of a metric, and how this value relates to one or more thresholds. # A scorecard summarizing time series data.
           "gaugeView": { # A gauge chart shows where the current value sits within a pre-defined range. The upper and lower bounds should define the possible range of values for the scorecard's query (inclusive). # Will cause the scorecard to show a gauge chart.
             "lowerBound": 3.14, # The lower bound for this gauge chart. The value of the chart should always be greater than or equal to this.
@@ -5765,6 +5873,12 @@ 
Method Details

           },
           "blank": { # A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for Empty is empty JSON object {}. # A blank space.
           },
+          "logsPanel": { # A widget that displays a stream of log. # A widget that shows a stream of logs.
+            "filter": "A String", # A filter that chooses which log entries to return. See Advanced Logs Queries (https://cloud.google.com/logging/docs/view/advanced-queries). Only log entries that match the filter are returned. An empty filter matches all log entries.
+            "resourceNames": [ # The names of logging resources to collect logs for. Does not implicitly include the current host project. Currently only projects are supported. There must be at least one resource_name.
+              "A String",
+            ],
+          },
           "scorecard": { # A widget showing the latest value of a metric, and how this value relates to one or more thresholds. # A scorecard summarizing time series data.
             "gaugeView": { # A gauge chart shows where the current value sits within a pre-defined range. The upper and lower bounds should define the possible range of values for the scorecard's query (inclusive). # Will cause the scorecard to show a gauge chart.
               "lowerBound": 3.14, # The lower bound for this gauge chart. The value of the chart should always be greater than or equal to this.
@@ -6075,6 +6189,12 @@ 
Method Details

             },
             "blank": { # A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for Empty is empty JSON object {}. # A blank space.
             },
+            "logsPanel": { # A widget that displays a stream of log. # A widget that shows a stream of logs.
+              "filter": "A String", # A filter that chooses which log entries to return. See Advanced Logs Queries (https://cloud.google.com/logging/docs/view/advanced-queries). Only log entries that match the filter are returned. An empty filter matches all log entries.
+              "resourceNames": [ # The names of logging resources to collect logs for. Does not implicitly include the current host project. Currently only projects are supported. There must be at least one resource_name.
+                "A String",
+              ],
+            },
             "scorecard": { # A widget showing the latest value of a metric, and how this value relates to one or more thresholds. # A scorecard summarizing time series data.
               "gaugeView": { # A gauge chart shows where the current value sits within a pre-defined range. The upper and lower bounds should define the possible range of values for the scorecard's query (inclusive). # Will cause the scorecard to show a gauge chart.
                 "lowerBound": 3.14, # The lower bound for this gauge chart. The value of the chart should always be greater than or equal to this.
@@ -6394,6 +6514,12 @@ 
Method Details

             },
             "blank": { # A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for Empty is empty JSON object {}. # A blank space.
             },
+            "logsPanel": { # A widget that displays a stream of log. # A widget that shows a stream of logs.
+              "filter": "A String", # A filter that chooses which log entries to return. See Advanced Logs Queries (https://cloud.google.com/logging/docs/view/advanced-queries). Only log entries that match the filter are returned. An empty filter matches all log entries.
+              "resourceNames": [ # The names of logging resources to collect logs for. Does not implicitly include the current host project. Currently only projects are supported. There must be at least one resource_name.
+                "A String",
+              ],
+            },
             "scorecard": { # A widget showing the latest value of a metric, and how this value relates to one or more thresholds. # A scorecard summarizing time series data.
               "gaugeView": { # A gauge chart shows where the current value sits within a pre-defined range. The upper and lower bounds should define the possible range of values for the scorecard's query (inclusive). # Will cause the scorecard to show a gauge chart.
                 "lowerBound": 3.14, # The lower bound for this gauge chart. The value of the chart should always be greater than or equal to this.
@@ -6701,6 +6827,12 @@ 
Method Details

         },
         "blank": { # A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for Empty is empty JSON object {}. # A blank space.
         },
+        "logsPanel": { # A widget that displays a stream of log. # A widget that shows a stream of logs.
+          "filter": "A String", # A filter that chooses which log entries to return. See Advanced Logs Queries (https://cloud.google.com/logging/docs/view/advanced-queries). Only log entries that match the filter are returned. An empty filter matches all log entries.
+          "resourceNames": [ # The names of logging resources to collect logs for. Does not implicitly include the current host project. Currently only projects are supported. There must be at least one resource_name.
+            "A String",
+          ],
+        },
         "scorecard": { # A widget showing the latest value of a metric, and how this value relates to one or more thresholds. # A scorecard summarizing time series data.
           "gaugeView": { # A gauge chart shows where the current value sits within a pre-defined range. The upper and lower bounds should define the possible range of values for the scorecard's query (inclusive). # Will cause the scorecard to show a gauge chart.
             "lowerBound": 3.14, # The lower bound for this gauge chart. The value of the chart should always be greater than or equal to this.
@@ -7009,6 +7141,12 @@ 
Method Details

           },
           "blank": { # A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for Empty is empty JSON object {}. # A blank space.
           },
+          "logsPanel": { # A widget that displays a stream of log. # A widget that shows a stream of logs.
+            "filter": "A String", # A filter that chooses which log entries to return. See Advanced Logs Queries (https://cloud.google.com/logging/docs/view/advanced-queries). Only log entries that match the filter are returned. An empty filter matches all log entries.
+            "resourceNames": [ # The names of logging resources to collect logs for. Does not implicitly include the current host project. Currently only projects are supported. There must be at least one resource_name.
+              "A String",
+            ],
+          },
           "scorecard": { # A widget showing the latest value of a metric, and how this value relates to one or more thresholds. # A scorecard summarizing time series data.
             "gaugeView": { # A gauge chart shows where the current value sits within a pre-defined range. The upper and lower bounds should define the possible range of values for the scorecard's query (inclusive). # Will cause the scorecard to show a gauge chart.
               "lowerBound": 3.14, # The lower bound for this gauge chart. The value of the chart should always be greater than or equal to this.
@@ -7319,6 +7457,12 @@ 
Method Details

             },
             "blank": { # A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for Empty is empty JSON object {}. # A blank space.
             },
+            "logsPanel": { # A widget that displays a stream of log. # A widget that shows a stream of logs.
+              "filter": "A String", # A filter that chooses which log entries to return. See Advanced Logs Queries (https://cloud.google.com/logging/docs/view/advanced-queries). Only log entries that match the filter are returned. An empty filter matches all log entries.
+              "resourceNames": [ # The names of logging resources to collect logs for. Does not implicitly include the current host project. Currently only projects are supported. There must be at least one resource_name.
+                "A String",
+              ],
+            },
             "scorecard": { # A widget showing the latest value of a metric, and how this value relates to one or more thresholds. # A scorecard summarizing time series data.
               "gaugeView": { # A gauge chart shows where the current value sits within a pre-defined range. The upper and lower bounds should define the possible range of values for the scorecard's query (inclusive). # Will cause the scorecard to show a gauge chart.
                 "lowerBound": 3.14, # The lower bound for this gauge chart. The value of the chart should always be greater than or equal to this.
diff --git a/docs/dyn/mybusinessbusinessinformation_v1.accounts.locations.html b/docs/dyn/mybusinessbusinessinformation_v1.accounts.locations.html
index d4dbc1b49be..eae9d325a21 100644
--- a/docs/dyn/mybusinessbusinessinformation_v1.accounts.locations.html
+++ b/docs/dyn/mybusinessbusinessinformation_v1.accounts.locations.html
@@ -153,6 +153,7 @@ 
Method Details

   },
   "metadata": { # Additional non-user-editable information about the location. # Output only. Additional non-user-editable information.
     "canDelete": True or False, # Output only. Indicates whether the location can be deleted using the API.
+    "canHaveBusinessCalls": True or False, # Output only. Indicates if the listing is eligible for business calls.
     "canHaveFoodMenus": True or False, # Output only. Indicates if the listing is eligible for food menu.
     "canModifyServiceList": True or False, # Output only. Indicates if the listing can modify the service list.
     "canOperateHealthData": True or False, # Output only. Indicates whether the location can operate on Health data.
@@ -386,6 +387,7 @@ 
Method Details

   },
   "metadata": { # Additional non-user-editable information about the location. # Output only. Additional non-user-editable information.
     "canDelete": True or False, # Output only. Indicates whether the location can be deleted using the API.
+    "canHaveBusinessCalls": True or False, # Output only. Indicates if the listing is eligible for business calls.
     "canHaveFoodMenus": True or False, # Output only. Indicates if the listing is eligible for food menu.
     "canModifyServiceList": True or False, # Output only. Indicates if the listing can modify the service list.
     "canOperateHealthData": True or False, # Output only. Indicates whether the location can operate on Health data.
@@ -631,6 +633,7 @@ 
Method Details

       },
       "metadata": { # Additional non-user-editable information about the location. # Output only. Additional non-user-editable information.
         "canDelete": True or False, # Output only. Indicates whether the location can be deleted using the API.
+        "canHaveBusinessCalls": True or False, # Output only. Indicates if the listing is eligible for business calls.
         "canHaveFoodMenus": True or False, # Output only. Indicates if the listing is eligible for food menu.
         "canModifyServiceList": True or False, # Output only. Indicates if the listing can modify the service list.
         "canOperateHealthData": True or False, # Output only. Indicates whether the location can operate on Health data.
diff --git a/docs/dyn/mybusinessbusinessinformation_v1.googleLocations.html b/docs/dyn/mybusinessbusinessinformation_v1.googleLocations.html
index f1dc6fc3c03..b060302d5f5 100644
--- a/docs/dyn/mybusinessbusinessinformation_v1.googleLocations.html
+++ b/docs/dyn/mybusinessbusinessinformation_v1.googleLocations.html
@@ -147,6 +147,7 @@ 
Method Details

     },
     "metadata": { # Additional non-user-editable information about the location. # Output only. Additional non-user-editable information.
       "canDelete": True or False, # Output only. Indicates whether the location can be deleted using the API.
+      "canHaveBusinessCalls": True or False, # Output only. Indicates if the listing is eligible for business calls.
       "canHaveFoodMenus": True or False, # Output only. Indicates if the listing is eligible for food menu.
       "canModifyServiceList": True or False, # Output only. Indicates if the listing can modify the service list.
       "canOperateHealthData": True or False, # Output only. Indicates whether the location can operate on Health data.
@@ -384,6 +385,7 @@ 
Method Details

         },
         "metadata": { # Additional non-user-editable information about the location. # Output only. Additional non-user-editable information.
           "canDelete": True or False, # Output only. Indicates whether the location can be deleted using the API.
+          "canHaveBusinessCalls": True or False, # Output only. Indicates if the listing is eligible for business calls.
           "canHaveFoodMenus": True or False, # Output only. Indicates if the listing is eligible for food menu.
           "canModifyServiceList": True or False, # Output only. Indicates if the listing can modify the service list.
           "canOperateHealthData": True or False, # Output only. Indicates whether the location can operate on Health data.
diff --git a/docs/dyn/mybusinessbusinessinformation_v1.locations.html b/docs/dyn/mybusinessbusinessinformation_v1.locations.html
index 70293cc94fa..fe41ffda718 100644
--- a/docs/dyn/mybusinessbusinessinformation_v1.locations.html
+++ b/docs/dyn/mybusinessbusinessinformation_v1.locations.html
@@ -246,6 +246,7 @@ 
Method Details

   },
   "metadata": { # Additional non-user-editable information about the location. # Output only. Additional non-user-editable information.
     "canDelete": True or False, # Output only. Indicates whether the location can be deleted using the API.
+    "canHaveBusinessCalls": True or False, # Output only. Indicates if the listing is eligible for business calls.
     "canHaveFoodMenus": True or False, # Output only. Indicates if the listing is eligible for food menu.
     "canModifyServiceList": True or False, # Output only. Indicates if the listing can modify the service list.
     "canOperateHealthData": True or False, # Output only. Indicates whether the location can operate on Health data.
@@ -528,6 +529,7 @@ 
Method Details

     },
     "metadata": { # Additional non-user-editable information about the location. # Output only. Additional non-user-editable information.
       "canDelete": True or False, # Output only. Indicates whether the location can be deleted using the API.
+      "canHaveBusinessCalls": True or False, # Output only. Indicates if the listing is eligible for business calls.
       "canHaveFoodMenus": True or False, # Output only. Indicates if the listing is eligible for food menu.
       "canModifyServiceList": True or False, # Output only. Indicates if the listing can modify the service list.
       "canOperateHealthData": True or False, # Output only. Indicates whether the location can operate on Health data.
@@ -763,6 +765,7 @@ 
Method Details

   },
   "metadata": { # Additional non-user-editable information about the location. # Output only. Additional non-user-editable information.
     "canDelete": True or False, # Output only. Indicates whether the location can be deleted using the API.
+    "canHaveBusinessCalls": True or False, # Output only. Indicates if the listing is eligible for business calls.
     "canHaveFoodMenus": True or False, # Output only. Indicates if the listing is eligible for food menu.
     "canModifyServiceList": True or False, # Output only. Indicates if the listing can modify the service list.
     "canOperateHealthData": True or False, # Output only. Indicates whether the location can operate on Health data.
@@ -996,6 +999,7 @@ 
Method Details

   },
   "metadata": { # Additional non-user-editable information about the location. # Output only. Additional non-user-editable information.
     "canDelete": True or False, # Output only. Indicates whether the location can be deleted using the API.
+    "canHaveBusinessCalls": True or False, # Output only. Indicates if the listing is eligible for business calls.
     "canHaveFoodMenus": True or False, # Output only. Indicates if the listing is eligible for food menu.
     "canModifyServiceList": True or False, # Output only. Indicates if the listing can modify the service list.
     "canOperateHealthData": True or False, # Output only. Indicates whether the location can operate on Health data.
diff --git a/docs/dyn/networkmanagement_v1.projects.locations.global_.connectivityTests.html b/docs/dyn/networkmanagement_v1.projects.locations.global_.connectivityTests.html
index ba8c6d8a95c..519fafb7d40 100644
--- a/docs/dyn/networkmanagement_v1.projects.locations.global_.connectivityTests.html
+++ b/docs/dyn/networkmanagement_v1.projects.locations.global_.connectivityTests.html
@@ -610,7 +610,7 @@ 
Method Details

 
 Args:
   resource: string, REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. (required)
-  options_requestedPolicyVersion: integer, Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  options_requestedPolicyVersion: integer, Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
diff --git a/docs/dyn/networkmanagement_v1beta1.projects.locations.global_.connectivityTests.html b/docs/dyn/networkmanagement_v1beta1.projects.locations.global_.connectivityTests.html
index 89837aa1246..636e2bfabf3 100644
--- a/docs/dyn/networkmanagement_v1beta1.projects.locations.global_.connectivityTests.html
+++ b/docs/dyn/networkmanagement_v1beta1.projects.locations.global_.connectivityTests.html
@@ -694,7 +694,7 @@ 
Method Details

 
 Args:
   resource: string, REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. (required)
-  options_requestedPolicyVersion: integer, Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  options_requestedPolicyVersion: integer, Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
diff --git a/docs/dyn/networkservices_v1.projects.locations.edgeCacheKeysets.html b/docs/dyn/networkservices_v1.projects.locations.edgeCacheKeysets.html
index f3448d9a03f..c6673d3dca3 100644
--- a/docs/dyn/networkservices_v1.projects.locations.edgeCacheKeysets.html
+++ b/docs/dyn/networkservices_v1.projects.locations.edgeCacheKeysets.html
@@ -98,7 +98,7 @@ 
Method Details

 
 Args:
   resource: string, REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. (required)
-  options_requestedPolicyVersion: integer, Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  options_requestedPolicyVersion: integer, Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
diff --git a/docs/dyn/networkservices_v1.projects.locations.edgeCacheOrigins.html b/docs/dyn/networkservices_v1.projects.locations.edgeCacheOrigins.html
index 674d0b08997..b6e025ef0f9 100644
--- a/docs/dyn/networkservices_v1.projects.locations.edgeCacheOrigins.html
+++ b/docs/dyn/networkservices_v1.projects.locations.edgeCacheOrigins.html
@@ -98,7 +98,7 @@ 
Method Details

 
 Args:
   resource: string, REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. (required)
-  options_requestedPolicyVersion: integer, Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  options_requestedPolicyVersion: integer, Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
diff --git a/docs/dyn/networkservices_v1.projects.locations.edgeCacheServices.html b/docs/dyn/networkservices_v1.projects.locations.edgeCacheServices.html
index 586b77136cd..2750ed64893 100644
--- a/docs/dyn/networkservices_v1.projects.locations.edgeCacheServices.html
+++ b/docs/dyn/networkservices_v1.projects.locations.edgeCacheServices.html
@@ -98,7 +98,7 @@ 
Method Details

 
 Args:
   resource: string, REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. (required)
-  options_requestedPolicyVersion: integer, Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  options_requestedPolicyVersion: integer, Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
diff --git a/docs/dyn/networkservices_v1.projects.locations.endpointPolicies.html b/docs/dyn/networkservices_v1.projects.locations.endpointPolicies.html
index bf53a760578..20f3fbb803a 100644
--- a/docs/dyn/networkservices_v1.projects.locations.endpointPolicies.html
+++ b/docs/dyn/networkservices_v1.projects.locations.endpointPolicies.html
@@ -120,7 +120,7 @@ 
Method Details

     The object takes the form of:
 
 { # EndpointPolicy is a resource that helps apply desired configuration on the endpoints that match specific criteria. For example, this resource can be used to apply "authentication config" an all endpoints that serve on port 8080.
-  "authorizationPolicy": "A String", # Optional. This field specifies the URL of AuthorizationPolicy resource that applies authorization policies to the inbound traffic at the matched endpoints. Refer to Authorization. If this field is not specified, authorization is disabled(no authz checks) for this endpoint. Applicable only when EndpointPolicyType is SIDECAR_PROXY.
+  "authorizationPolicy": "A String", # Optional. This field specifies the URL of AuthorizationPolicy resource that applies authorization policies to the inbound traffic at the matched endpoints. Refer to Authorization. If this field is not specified, authorization is disabled(no authz checks) for this endpoint.
   "clientTlsPolicy": "A String", # Optional. A URL referring to a ClientTlsPolicy resource. ClientTlsPolicy can be set to specify the authentication for traffic from the proxy to the actual endpoints. More specifically, it is applied to the outgoing traffic from the proxy to the endpoint. This is typically used for sidecar model where the proxy identifies itself as endpoint to the control plane, with the connection between sidecar and endpoint requiring authentication. If this field is not set, authentication is disabled(open). Applicable only when EndpointPolicyType is SIDECAR_PROXY.
   "createTime": "A String", # Output only. The timestamp when the resource was created.
   "description": "A String", # Optional. A free-text description of the resource. Max length 1024 characters.
@@ -229,7 +229,7 @@ 
Method Details

   An object of the form:
 
     { # EndpointPolicy is a resource that helps apply desired configuration on the endpoints that match specific criteria. For example, this resource can be used to apply "authentication config" an all endpoints that serve on port 8080.
-  "authorizationPolicy": "A String", # Optional. This field specifies the URL of AuthorizationPolicy resource that applies authorization policies to the inbound traffic at the matched endpoints. Refer to Authorization. If this field is not specified, authorization is disabled(no authz checks) for this endpoint. Applicable only when EndpointPolicyType is SIDECAR_PROXY.
+  "authorizationPolicy": "A String", # Optional. This field specifies the URL of AuthorizationPolicy resource that applies authorization policies to the inbound traffic at the matched endpoints. Refer to Authorization. If this field is not specified, authorization is disabled(no authz checks) for this endpoint.
   "clientTlsPolicy": "A String", # Optional. A URL referring to a ClientTlsPolicy resource. ClientTlsPolicy can be set to specify the authentication for traffic from the proxy to the actual endpoints. More specifically, it is applied to the outgoing traffic from the proxy to the endpoint. This is typically used for sidecar model where the proxy identifies itself as endpoint to the control plane, with the connection between sidecar and endpoint requiring authentication. If this field is not set, authentication is disabled(open). Applicable only when EndpointPolicyType is SIDECAR_PROXY.
   "createTime": "A String", # Output only. The timestamp when the resource was created.
   "description": "A String", # Optional. A free-text description of the resource. Max length 1024 characters.
@@ -265,7 +265,7 @@ 
Method Details

 
 Args:
   resource: string, REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. (required)
-  options_requestedPolicyVersion: integer, Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  options_requestedPolicyVersion: integer, Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
@@ -326,7 +326,7 @@ 
Method Details

     { # Response returned by the ListEndpointPolicies method.
   "endpointPolicies": [ # List of EndpointPolicy resources.
     { # EndpointPolicy is a resource that helps apply desired configuration on the endpoints that match specific criteria. For example, this resource can be used to apply "authentication config" an all endpoints that serve on port 8080.
-      "authorizationPolicy": "A String", # Optional. This field specifies the URL of AuthorizationPolicy resource that applies authorization policies to the inbound traffic at the matched endpoints. Refer to Authorization. If this field is not specified, authorization is disabled(no authz checks) for this endpoint. Applicable only when EndpointPolicyType is SIDECAR_PROXY.
+      "authorizationPolicy": "A String", # Optional. This field specifies the URL of AuthorizationPolicy resource that applies authorization policies to the inbound traffic at the matched endpoints. Refer to Authorization. If this field is not specified, authorization is disabled(no authz checks) for this endpoint.
       "clientTlsPolicy": "A String", # Optional. A URL referring to a ClientTlsPolicy resource. ClientTlsPolicy can be set to specify the authentication for traffic from the proxy to the actual endpoints. More specifically, it is applied to the outgoing traffic from the proxy to the endpoint. This is typically used for sidecar model where the proxy identifies itself as endpoint to the control plane, with the connection between sidecar and endpoint requiring authentication. If this field is not set, authentication is disabled(open). Applicable only when EndpointPolicyType is SIDECAR_PROXY.
       "createTime": "A String", # Output only. The timestamp when the resource was created.
       "description": "A String", # Optional. A free-text description of the resource. Max length 1024 characters.
@@ -383,7 +383,7 @@ 
Method Details

     The object takes the form of:
 
 { # EndpointPolicy is a resource that helps apply desired configuration on the endpoints that match specific criteria. For example, this resource can be used to apply "authentication config" an all endpoints that serve on port 8080.
-  "authorizationPolicy": "A String", # Optional. This field specifies the URL of AuthorizationPolicy resource that applies authorization policies to the inbound traffic at the matched endpoints. Refer to Authorization. If this field is not specified, authorization is disabled(no authz checks) for this endpoint. Applicable only when EndpointPolicyType is SIDECAR_PROXY.
+  "authorizationPolicy": "A String", # Optional. This field specifies the URL of AuthorizationPolicy resource that applies authorization policies to the inbound traffic at the matched endpoints. Refer to Authorization. If this field is not specified, authorization is disabled(no authz checks) for this endpoint.
   "clientTlsPolicy": "A String", # Optional. A URL referring to a ClientTlsPolicy resource. ClientTlsPolicy can be set to specify the authentication for traffic from the proxy to the actual endpoints. More specifically, it is applied to the outgoing traffic from the proxy to the endpoint. This is typically used for sidecar model where the proxy identifies itself as endpoint to the control plane, with the connection between sidecar and endpoint requiring authentication. If this field is not set, authentication is disabled(open). Applicable only when EndpointPolicyType is SIDECAR_PROXY.
   "createTime": "A String", # Output only. The timestamp when the resource was created.
   "description": "A String", # Optional. A free-text description of the resource. Max length 1024 characters.
diff --git a/docs/dyn/networkservices_v1beta1.projects.locations.endpointPolicies.html b/docs/dyn/networkservices_v1beta1.projects.locations.endpointPolicies.html
index a411d8dd62d..d38129419a2 100644
--- a/docs/dyn/networkservices_v1beta1.projects.locations.endpointPolicies.html
+++ b/docs/dyn/networkservices_v1beta1.projects.locations.endpointPolicies.html
@@ -120,7 +120,7 @@ 
Method Details

     The object takes the form of:
 
 { # EndpointPolicy is a resource that helps apply desired configuration on the endpoints that match specific criteria. For example, this resource can be used to apply "authentication config" an all endpoints that serve on port 8080.
-  "authorizationPolicy": "A String", # Optional. This field specifies the URL of AuthorizationPolicy resource that applies authorization policies to the inbound traffic at the matched endpoints. Refer to Authorization. If this field is not specified, authorization is disabled(no authz checks) for this endpoint. Applicable only when EndpointPolicyType is SIDECAR_PROXY.
+  "authorizationPolicy": "A String", # Optional. This field specifies the URL of AuthorizationPolicy resource that applies authorization policies to the inbound traffic at the matched endpoints. Refer to Authorization. If this field is not specified, authorization is disabled(no authz checks) for this endpoint.
   "clientTlsPolicy": "A String", # Optional. A URL referring to a ClientTlsPolicy resource. ClientTlsPolicy can be set to specify the authentication for traffic from the proxy to the actual endpoints. More specifically, it is applied to the outgoing traffic from the proxy to the endpoint. This is typically used for sidecar model where the proxy identifies itself as endpoint to the control plane, with the connection between sidecar and endpoint requiring authentication. If this field is not set, authentication is disabled(open). Applicable only when EndpointPolicyType is SIDECAR_PROXY.
   "createTime": "A String", # Output only. The timestamp when the resource was created.
   "description": "A String", # Optional. A free-text description of the resource. Max length 1024 characters.
@@ -229,7 +229,7 @@ 
Method Details

   An object of the form:
 
     { # EndpointPolicy is a resource that helps apply desired configuration on the endpoints that match specific criteria. For example, this resource can be used to apply "authentication config" an all endpoints that serve on port 8080.
-  "authorizationPolicy": "A String", # Optional. This field specifies the URL of AuthorizationPolicy resource that applies authorization policies to the inbound traffic at the matched endpoints. Refer to Authorization. If this field is not specified, authorization is disabled(no authz checks) for this endpoint. Applicable only when EndpointPolicyType is SIDECAR_PROXY.
+  "authorizationPolicy": "A String", # Optional. This field specifies the URL of AuthorizationPolicy resource that applies authorization policies to the inbound traffic at the matched endpoints. Refer to Authorization. If this field is not specified, authorization is disabled(no authz checks) for this endpoint.
   "clientTlsPolicy": "A String", # Optional. A URL referring to a ClientTlsPolicy resource. ClientTlsPolicy can be set to specify the authentication for traffic from the proxy to the actual endpoints. More specifically, it is applied to the outgoing traffic from the proxy to the endpoint. This is typically used for sidecar model where the proxy identifies itself as endpoint to the control plane, with the connection between sidecar and endpoint requiring authentication. If this field is not set, authentication is disabled(open). Applicable only when EndpointPolicyType is SIDECAR_PROXY.
   "createTime": "A String", # Output only. The timestamp when the resource was created.
   "description": "A String", # Optional. A free-text description of the resource. Max length 1024 characters.
@@ -265,7 +265,7 @@ 
Method Details

 
 Args:
   resource: string, REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. (required)
-  options_requestedPolicyVersion: integer, Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  options_requestedPolicyVersion: integer, Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
@@ -326,7 +326,7 @@ 
Method Details

     { # Response returned by the ListEndpointPolicies method.
   "endpointPolicies": [ # List of EndpointPolicy resources.
     { # EndpointPolicy is a resource that helps apply desired configuration on the endpoints that match specific criteria. For example, this resource can be used to apply "authentication config" an all endpoints that serve on port 8080.
-      "authorizationPolicy": "A String", # Optional. This field specifies the URL of AuthorizationPolicy resource that applies authorization policies to the inbound traffic at the matched endpoints. Refer to Authorization. If this field is not specified, authorization is disabled(no authz checks) for this endpoint. Applicable only when EndpointPolicyType is SIDECAR_PROXY.
+      "authorizationPolicy": "A String", # Optional. This field specifies the URL of AuthorizationPolicy resource that applies authorization policies to the inbound traffic at the matched endpoints. Refer to Authorization. If this field is not specified, authorization is disabled(no authz checks) for this endpoint.
       "clientTlsPolicy": "A String", # Optional. A URL referring to a ClientTlsPolicy resource. ClientTlsPolicy can be set to specify the authentication for traffic from the proxy to the actual endpoints. More specifically, it is applied to the outgoing traffic from the proxy to the endpoint. This is typically used for sidecar model where the proxy identifies itself as endpoint to the control plane, with the connection between sidecar and endpoint requiring authentication. If this field is not set, authentication is disabled(open). Applicable only when EndpointPolicyType is SIDECAR_PROXY.
       "createTime": "A String", # Output only. The timestamp when the resource was created.
       "description": "A String", # Optional. A free-text description of the resource. Max length 1024 characters.
@@ -383,7 +383,7 @@ 
Method Details

     The object takes the form of:
 
 { # EndpointPolicy is a resource that helps apply desired configuration on the endpoints that match specific criteria. For example, this resource can be used to apply "authentication config" an all endpoints that serve on port 8080.
-  "authorizationPolicy": "A String", # Optional. This field specifies the URL of AuthorizationPolicy resource that applies authorization policies to the inbound traffic at the matched endpoints. Refer to Authorization. If this field is not specified, authorization is disabled(no authz checks) for this endpoint. Applicable only when EndpointPolicyType is SIDECAR_PROXY.
+  "authorizationPolicy": "A String", # Optional. This field specifies the URL of AuthorizationPolicy resource that applies authorization policies to the inbound traffic at the matched endpoints. Refer to Authorization. If this field is not specified, authorization is disabled(no authz checks) for this endpoint.
   "clientTlsPolicy": "A String", # Optional. A URL referring to a ClientTlsPolicy resource. ClientTlsPolicy can be set to specify the authentication for traffic from the proxy to the actual endpoints. More specifically, it is applied to the outgoing traffic from the proxy to the endpoint. This is typically used for sidecar model where the proxy identifies itself as endpoint to the control plane, with the connection between sidecar and endpoint requiring authentication. If this field is not set, authentication is disabled(open). Applicable only when EndpointPolicyType is SIDECAR_PROXY.
   "createTime": "A String", # Output only. The timestamp when the resource was created.
   "description": "A String", # Optional. A free-text description of the resource. Max length 1024 characters.
diff --git a/docs/dyn/paymentsresellersubscription_v1.partners.subscriptions.html b/docs/dyn/paymentsresellersubscription_v1.partners.subscriptions.html
index e76f98c5751..e072b6a8114 100644
--- a/docs/dyn/paymentsresellersubscription_v1.partners.subscriptions.html
+++ b/docs/dyn/paymentsresellersubscription_v1.partners.subscriptions.html
@@ -140,6 +140,7 @@ 
Method Details

       "A String",
     ],
     "redirectUri": "A String", # Output only. The place where partners should redirect the end-user to after creation. This field might also be populated when creation failed. However, Partners should always prepare a default URL to redirect the user in case this field is empty.
+    "renewalTime": "A String", # Output only. The time at which the subscription is expected to be renewed by Google - a new charge will be incurred and the service entitlement will be renewed. A non-immediate cancellation will take place at this time too, before which, the service entitlement for the end user will remain valid. UTC timezone in ISO 8061 format. For example: "2019-08-31T17:28:54.564Z"
     "serviceLocation": { # Describes a location of an end user. # Required. The location that the service is provided as indicated by the partner.
       "postalCode": "A String", # The postal code this location refers to. Ex. "94043"
       "regionCode": "A String", # 2-letter ISO region code for current content region. Ex. “US” Please refers to: https://en.wikipedia.org/wiki/ISO_3166-1
@@ -186,6 +187,7 @@ 
Method Details

     "A String",
   ],
   "redirectUri": "A String", # Output only. The place where partners should redirect the end-user to after creation. This field might also be populated when creation failed. However, Partners should always prepare a default URL to redirect the user in case this field is empty.
+  "renewalTime": "A String", # Output only. The time at which the subscription is expected to be renewed by Google - a new charge will be incurred and the service entitlement will be renewed. A non-immediate cancellation will take place at this time too, before which, the service entitlement for the end user will remain valid. UTC timezone in ISO 8061 format. For example: "2019-08-31T17:28:54.564Z"
   "serviceLocation": { # Describes a location of an end user. # Required. The location that the service is provided as indicated by the partner.
     "postalCode": "A String", # The postal code this location refers to. Ex. "94043"
     "regionCode": "A String", # 2-letter ISO region code for current content region. Ex. “US” Please refers to: https://en.wikipedia.org/wiki/ISO_3166-1
@@ -225,6 +227,7 @@ 
Method Details

     "A String",
   ],
   "redirectUri": "A String", # Output only. The place where partners should redirect the end-user to after creation. This field might also be populated when creation failed. However, Partners should always prepare a default URL to redirect the user in case this field is empty.
+  "renewalTime": "A String", # Output only. The time at which the subscription is expected to be renewed by Google - a new charge will be incurred and the service entitlement will be renewed. A non-immediate cancellation will take place at this time too, before which, the service entitlement for the end user will remain valid. UTC timezone in ISO 8061 format. For example: "2019-08-31T17:28:54.564Z"
   "serviceLocation": { # Describes a location of an end user. # Required. The location that the service is provided as indicated by the partner.
     "postalCode": "A String", # The postal code this location refers to. Ex. "94043"
     "regionCode": "A String", # 2-letter ISO region code for current content region. Ex. “US” Please refers to: https://en.wikipedia.org/wiki/ISO_3166-1
@@ -277,6 +280,7 @@ 
Method Details

       "A String",
     ],
     "redirectUri": "A String", # Output only. The place where partners should redirect the end-user to after creation. This field might also be populated when creation failed. However, Partners should always prepare a default URL to redirect the user in case this field is empty.
+    "renewalTime": "A String", # Output only. The time at which the subscription is expected to be renewed by Google - a new charge will be incurred and the service entitlement will be renewed. A non-immediate cancellation will take place at this time too, before which, the service entitlement for the end user will remain valid. UTC timezone in ISO 8061 format. For example: "2019-08-31T17:28:54.564Z"
     "serviceLocation": { # Describes a location of an end user. # Required. The location that the service is provided as indicated by the partner.
       "postalCode": "A String", # The postal code this location refers to. Ex. "94043"
       "regionCode": "A String", # 2-letter ISO region code for current content region. Ex. “US” Please refers to: https://en.wikipedia.org/wiki/ISO_3166-1
@@ -358,6 +362,7 @@ 
Method Details

     "A String",
   ],
   "redirectUri": "A String", # Output only. The place where partners should redirect the end-user to after creation. This field might also be populated when creation failed. However, Partners should always prepare a default URL to redirect the user in case this field is empty.
+  "renewalTime": "A String", # Output only. The time at which the subscription is expected to be renewed by Google - a new charge will be incurred and the service entitlement will be renewed. A non-immediate cancellation will take place at this time too, before which, the service entitlement for the end user will remain valid. UTC timezone in ISO 8061 format. For example: "2019-08-31T17:28:54.564Z"
   "serviceLocation": { # Describes a location of an end user. # Required. The location that the service is provided as indicated by the partner.
     "postalCode": "A String", # The postal code this location refers to. Ex. "94043"
     "regionCode": "A String", # 2-letter ISO region code for current content region. Ex. “US” Please refers to: https://en.wikipedia.org/wiki/ISO_3166-1
@@ -398,6 +403,7 @@ 
Method Details

     "A String",
   ],
   "redirectUri": "A String", # Output only. The place where partners should redirect the end-user to after creation. This field might also be populated when creation failed. However, Partners should always prepare a default URL to redirect the user in case this field is empty.
+  "renewalTime": "A String", # Output only. The time at which the subscription is expected to be renewed by Google - a new charge will be incurred and the service entitlement will be renewed. A non-immediate cancellation will take place at this time too, before which, the service entitlement for the end user will remain valid. UTC timezone in ISO 8061 format. For example: "2019-08-31T17:28:54.564Z"
   "serviceLocation": { # Describes a location of an end user. # Required. The location that the service is provided as indicated by the partner.
     "postalCode": "A String", # The postal code this location refers to. Ex. "94043"
     "regionCode": "A String", # 2-letter ISO region code for current content region. Ex. “US” Please refers to: https://en.wikipedia.org/wiki/ISO_3166-1
@@ -437,6 +443,7 @@ 
Method Details

     "A String",
   ],
   "redirectUri": "A String", # Output only. The place where partners should redirect the end-user to after creation. This field might also be populated when creation failed. However, Partners should always prepare a default URL to redirect the user in case this field is empty.
+  "renewalTime": "A String", # Output only. The time at which the subscription is expected to be renewed by Google - a new charge will be incurred and the service entitlement will be renewed. A non-immediate cancellation will take place at this time too, before which, the service entitlement for the end user will remain valid. UTC timezone in ISO 8061 format. For example: "2019-08-31T17:28:54.564Z"
   "serviceLocation": { # Describes a location of an end user. # Required. The location that the service is provided as indicated by the partner.
     "postalCode": "A String", # The postal code this location refers to. Ex. "94043"
     "regionCode": "A String", # 2-letter ISO region code for current content region. Ex. “US” Please refers to: https://en.wikipedia.org/wiki/ISO_3166-1
@@ -489,6 +496,7 @@ 
Method Details

       "A String",
     ],
     "redirectUri": "A String", # Output only. The place where partners should redirect the end-user to after creation. This field might also be populated when creation failed. However, Partners should always prepare a default URL to redirect the user in case this field is empty.
+    "renewalTime": "A String", # Output only. The time at which the subscription is expected to be renewed by Google - a new charge will be incurred and the service entitlement will be renewed. A non-immediate cancellation will take place at this time too, before which, the service entitlement for the end user will remain valid. UTC timezone in ISO 8061 format. For example: "2019-08-31T17:28:54.564Z"
     "serviceLocation": { # Describes a location of an end user. # Required. The location that the service is provided as indicated by the partner.
       "postalCode": "A String", # The postal code this location refers to. Ex. "94043"
       "regionCode": "A String", # 2-letter ISO region code for current content region. Ex. “US” Please refers to: https://en.wikipedia.org/wiki/ISO_3166-1
diff --git a/docs/dyn/privateca_v1.projects.locations.caPools.certificateAuthorities.certificateRevocationLists.html b/docs/dyn/privateca_v1.projects.locations.caPools.certificateAuthorities.certificateRevocationLists.html
index 6e5d53714ce..20eb88efac6 100644
--- a/docs/dyn/privateca_v1.projects.locations.caPools.certificateAuthorities.certificateRevocationLists.html
+++ b/docs/dyn/privateca_v1.projects.locations.caPools.certificateAuthorities.certificateRevocationLists.html
@@ -146,7 +146,7 @@ 
Method Details

 
 Args:
   resource: string, REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. (required)
-  options_requestedPolicyVersion: integer, Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  options_requestedPolicyVersion: integer, Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
diff --git a/docs/dyn/privateca_v1.projects.locations.caPools.html b/docs/dyn/privateca_v1.projects.locations.caPools.html
index 35a4c1708e3..f174b699b28 100644
--- a/docs/dyn/privateca_v1.projects.locations.caPools.html
+++ b/docs/dyn/privateca_v1.projects.locations.caPools.html
@@ -466,7 +466,7 @@ 
Method Details

 
 Args:
   resource: string, REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. (required)
-  options_requestedPolicyVersion: integer, Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  options_requestedPolicyVersion: integer, Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
diff --git a/docs/dyn/privateca_v1.projects.locations.certificateTemplates.html b/docs/dyn/privateca_v1.projects.locations.certificateTemplates.html
index 39ba33db59e..86efd5001b5 100644
--- a/docs/dyn/privateca_v1.projects.locations.certificateTemplates.html
+++ b/docs/dyn/privateca_v1.projects.locations.certificateTemplates.html
@@ -381,7 +381,7 @@ 
Method Details

 
 Args:
   resource: string, REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. (required)
-  options_requestedPolicyVersion: integer, Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  options_requestedPolicyVersion: integer, Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
diff --git a/docs/dyn/privateca_v1beta1.projects.locations.certificateAuthorities.certificateRevocationLists.html b/docs/dyn/privateca_v1beta1.projects.locations.certificateAuthorities.certificateRevocationLists.html
index ea2531eebb4..60428e67d0a 100644
--- a/docs/dyn/privateca_v1beta1.projects.locations.certificateAuthorities.certificateRevocationLists.html
+++ b/docs/dyn/privateca_v1beta1.projects.locations.certificateAuthorities.certificateRevocationLists.html
@@ -145,7 +145,7 @@ 
Method Details

 
 Args:
   resource: string, REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. (required)
-  options_requestedPolicyVersion: integer, Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  options_requestedPolicyVersion: integer, Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
diff --git a/docs/dyn/privateca_v1beta1.projects.locations.certificateAuthorities.html b/docs/dyn/privateca_v1beta1.projects.locations.certificateAuthorities.html
index 8bd5a0ef63d..34abc695485 100644
--- a/docs/dyn/privateca_v1beta1.projects.locations.certificateAuthorities.html
+++ b/docs/dyn/privateca_v1beta1.projects.locations.certificateAuthorities.html
@@ -1180,7 +1180,7 @@ 
Method Details

 
 Args:
   resource: string, REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. (required)
-  options_requestedPolicyVersion: integer, Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  options_requestedPolicyVersion: integer, Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
diff --git a/docs/dyn/privateca_v1beta1.projects.locations.reusableConfigs.html b/docs/dyn/privateca_v1beta1.projects.locations.reusableConfigs.html
index 5b390e18024..7bff369b7a4 100644
--- a/docs/dyn/privateca_v1beta1.projects.locations.reusableConfigs.html
+++ b/docs/dyn/privateca_v1beta1.projects.locations.reusableConfigs.html
@@ -187,7 +187,7 @@ 
Method Details

 
 Args:
   resource: string, REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. (required)
-  options_requestedPolicyVersion: integer, Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  options_requestedPolicyVersion: integer, Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
diff --git a/docs/dyn/recaptchaenterprise_v1.projects.assessments.html b/docs/dyn/recaptchaenterprise_v1.projects.assessments.html
index 94c1e343c3b..20e68244481 100644
--- a/docs/dyn/recaptchaenterprise_v1.projects.assessments.html
+++ b/docs/dyn/recaptchaenterprise_v1.projects.assessments.html
@@ -95,6 +95,7 @@ 
Method Details

 
 { # The request message to annotate an Assessment.
   "annotation": "A String", # Optional. The annotation that will be assigned to the Event. This field can be left empty to provide reasons that apply to an event without concluding whether the event is legitimate or fraudulent.
+  "hashedAccountId": "A String", # Optional. Optional unique stable hashed user identifier to apply to the assessment. This is an alternative to setting the hashed_account_id in CreateAssessment, for example when the account identifier is not yet known in the initial request. It is recommended that the identifier is hashed using hmac-sha256 with stable secret.
   "reasons": [ # Optional. Optional reasons for the annotation that will be assigned to the Event.
     "A String",
   ],
@@ -127,6 +128,11 @@ 
Method Details

     The object takes the form of:
 
 { # A recaptcha assessment resource.
+  "accountDefenderAssessment": { # Account Defender risk assessment. # Assessment returned by Account Defender when a hashed_account_id is provided.
+    "labels": [ # Labels for this request.
+      "A String",
+    ],
+  },
   "event": { # The event being assessed.
     "expectedAction": "A String", # Optional. The expected action for this type of event. This should be the same action provided at token generation time on client-side platforms already integrated with recaptcha enterprise.
     "siteKey": "A String", # Optional. The site key that was used to invoke reCAPTCHA on your site and generate the token.
@@ -159,6 +165,11 @@ 
Method Details

   An object of the form:
 
     { # A recaptcha assessment resource.
+  "accountDefenderAssessment": { # Account Defender risk assessment. # Assessment returned by Account Defender when a hashed_account_id is provided.
+    "labels": [ # Labels for this request.
+      "A String",
+    ],
+  },
   "event": { # The event being assessed.
     "expectedAction": "A String", # Optional. The expected action for this type of event. This should be the same action provided at token generation time on client-side platforms already integrated with recaptcha enterprise.
     "siteKey": "A String", # Optional. The site key that was used to invoke reCAPTCHA on your site and generate the token.
diff --git a/docs/dyn/recaptchaenterprise_v1.projects.html b/docs/dyn/recaptchaenterprise_v1.projects.html
index f5f91124814..fb4bb0051bd 100644
--- a/docs/dyn/recaptchaenterprise_v1.projects.html
+++ b/docs/dyn/recaptchaenterprise_v1.projects.html
@@ -84,6 +84,16 @@ 
Instance Methods

 

 
Returns the keys Resource.

 
+

+  relatedaccountgroupmemberships()
+

+
Returns the relatedaccountgroupmemberships Resource.

+
+

+  relatedaccountgroups()
+

+
Returns the relatedaccountgroups Resource.

+
 

   close()

 
Close httplib2 connections.

diff --git a/docs/dyn/recommender_v1beta1.organizations.locations.insightTypes.html b/docs/dyn/recommender_v1beta1.organizations.locations.insightTypes.html
index bde1e8f2425..f7203884c42 100644
--- a/docs/dyn/recommender_v1beta1.organizations.locations.insightTypes.html
+++ b/docs/dyn/recommender_v1beta1.organizations.locations.insightTypes.html
@@ -82,10 +82,99 @@ 
Instance Methods

 

   close()

 
Close httplib2 connections.

+

+  config(name, body, updateMask=None, validateOnly=None, x__xgafv=None)

+
Updates an InsightTypeConfig change. This will create a new revision of the config.

+

+  getConfig(name, x__xgafv=None)

+
Gets the requested InsightTypeConfig. There is only one instance of the config for each InsightType.

 
Method Details

 

     close()
   
Close httplib2 connections.

 

 
+

+    config(name, body, updateMask=None, validateOnly=None, x__xgafv=None)
+  
Updates an InsightTypeConfig change. This will create a new revision of the config.
+
+Args:
+  name: string, Name of insight type config. Eg, projects/[PROJECT_NUMBER]/locations/[LOCATION]/insightTypes/[INSIGHT_TYPE_ID]/config (required)
+  body: object, The request body.
+    The object takes the form of:
+
+{ # Configuration for an InsightType.
+  "annotations": { # Allows clients to store small amounts of arbitrary data. Annotations must follow the Kubernetes syntax. The total size of all keys and values combined is limited to 256k. Key can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between.
+    "a_key": "A String",
+  },
+  "displayName": "A String", # A user-settable field to provide a human-readable name to be used in user interfaces.
+  "etag": "A String", # Fingerprint of the InsightTypeConfig. Provides optimistic locking when updating.
+  "insightTypeGenerationConfig": { # A configuration to customize the generation of insights. Eg, customizing the lookback period considered when generating a insight. # InsightTypeGenerationConfig which configures the generation of insights for this insight type.
+    "params": { # Parameters for this InsightTypeGenerationConfig. These configs can be used by or are applied to all subtypes.
+      "a_key": "", # Properties of the object.
+    },
+  },
+  "name": "A String", # Name of insight type config. Eg, projects/[PROJECT_NUMBER]/locations/[LOCATION]/insightTypes/[INSIGHT_TYPE_ID]/config
+  "revisionId": "A String", # Output only. Immutable. The revision ID of the config. A new revision is committed whenever the config is changed in any way. The format is an 8-character hexadecimal string.
+  "updateTime": "A String", # Last time when the config was updated.
+}
+
+  updateMask: string, The list of fields to be updated.
+  validateOnly: boolean, If true, validate the request and preview the change, but do not actually update it.
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # Configuration for an InsightType.
+  "annotations": { # Allows clients to store small amounts of arbitrary data. Annotations must follow the Kubernetes syntax. The total size of all keys and values combined is limited to 256k. Key can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between.
+    "a_key": "A String",
+  },
+  "displayName": "A String", # A user-settable field to provide a human-readable name to be used in user interfaces.
+  "etag": "A String", # Fingerprint of the InsightTypeConfig. Provides optimistic locking when updating.
+  "insightTypeGenerationConfig": { # A configuration to customize the generation of insights. Eg, customizing the lookback period considered when generating a insight. # InsightTypeGenerationConfig which configures the generation of insights for this insight type.
+    "params": { # Parameters for this InsightTypeGenerationConfig. These configs can be used by or are applied to all subtypes.
+      "a_key": "", # Properties of the object.
+    },
+  },
+  "name": "A String", # Name of insight type config. Eg, projects/[PROJECT_NUMBER]/locations/[LOCATION]/insightTypes/[INSIGHT_TYPE_ID]/config
+  "revisionId": "A String", # Output only. Immutable. The revision ID of the config. A new revision is committed whenever the config is changed in any way. The format is an 8-character hexadecimal string.
+  "updateTime": "A String", # Last time when the config was updated.
+}

+

+
+

+    getConfig(name, x__xgafv=None)
+  
Gets the requested InsightTypeConfig. There is only one instance of the config for each InsightType.
+
+Args:
+  name: string, Required. Name of the InsightTypeConfig to get. Acceptable formats: * `projects/[PROJECT_NUMBER]/locations/global/recommenders/[INSIGHT_TYPE_ID]/config` * `projects/[PROJECT_ID]/locations/global/recommenders/[INSIGHT_TYPE_ID]/config` (required)
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # Configuration for an InsightType.
+  "annotations": { # Allows clients to store small amounts of arbitrary data. Annotations must follow the Kubernetes syntax. The total size of all keys and values combined is limited to 256k. Key can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between.
+    "a_key": "A String",
+  },
+  "displayName": "A String", # A user-settable field to provide a human-readable name to be used in user interfaces.
+  "etag": "A String", # Fingerprint of the InsightTypeConfig. Provides optimistic locking when updating.
+  "insightTypeGenerationConfig": { # A configuration to customize the generation of insights. Eg, customizing the lookback period considered when generating a insight. # InsightTypeGenerationConfig which configures the generation of insights for this insight type.
+    "params": { # Parameters for this InsightTypeGenerationConfig. These configs can be used by or are applied to all subtypes.
+      "a_key": "", # Properties of the object.
+    },
+  },
+  "name": "A String", # Name of insight type config. Eg, projects/[PROJECT_NUMBER]/locations/[LOCATION]/insightTypes/[INSIGHT_TYPE_ID]/config
+  "revisionId": "A String", # Output only. Immutable. The revision ID of the config. A new revision is committed whenever the config is changed in any way. The format is an 8-character hexadecimal string.
+  "updateTime": "A String", # Last time when the config was updated.
+}

+

+
 
\ No newline at end of file
diff --git a/docs/dyn/recommender_v1beta1.organizations.locations.recommenders.html b/docs/dyn/recommender_v1beta1.organizations.locations.recommenders.html
index 17455fda779..fb245eb91b6 100644
--- a/docs/dyn/recommender_v1beta1.organizations.locations.recommenders.html
+++ b/docs/dyn/recommender_v1beta1.organizations.locations.recommenders.html
@@ -82,10 +82,99 @@ 
Instance Methods

 

   close()

 
Close httplib2 connections.

+

+  config(name, body, updateMask=None, validateOnly=None, x__xgafv=None)

+
Updates a Recommender Config. This will create a new revision of the config.

+

+  getConfig(name, x__xgafv=None)

+
Gets the requested Recommender Config. There is only one instance of the config for each Recommender.

 
Method Details

 

     close()
   
Close httplib2 connections.

 

 
+

+    config(name, body, updateMask=None, validateOnly=None, x__xgafv=None)
+  
Updates a Recommender Config. This will create a new revision of the config.
+
+Args:
+  name: string, Name of recommender config. Eg, projects/[PROJECT_NUMBER]/locations/[LOCATION]/recommenders/[RECOMMENDER_ID]/config (required)
+  body: object, The request body.
+    The object takes the form of:
+
+{ # Configuration for a Recommender.
+  "annotations": { # Allows clients to store small amounts of arbitrary data. Annotations must follow the Kubernetes syntax. The total size of all keys and values combined is limited to 256k. Key can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between.
+    "a_key": "A String",
+  },
+  "displayName": "A String", # A user-settable field to provide a human-readable name to be used in user interfaces.
+  "etag": "A String", # Fingerprint of the RecommenderConfig. Provides optimistic locking when updating.
+  "name": "A String", # Name of recommender config. Eg, projects/[PROJECT_NUMBER]/locations/[LOCATION]/recommenders/[RECOMMENDER_ID]/config
+  "recommenderGenerationConfig": { # A Configuration to customize the generation of recommendations. Eg, customizing the lookback period considered when generating a recommendation. # RecommenderGenerationConfig which configures the Generation of recommendations for this recommender.
+    "params": { # Parameters for this RecommenderGenerationConfig. These configs can be used by or are applied to all subtypes.
+      "a_key": "", # Properties of the object.
+    },
+  },
+  "revisionId": "A String", # Output only. Immutable. The revision ID of the config. A new revision is committed whenever the config is changed in any way. The format is an 8-character hexadecimal string.
+  "updateTime": "A String", # Last time when the config was updated.
+}
+
+  updateMask: string, The list of fields to be updated.
+  validateOnly: boolean, If true, validate the request and preview the change, but do not actually update it.
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # Configuration for a Recommender.
+  "annotations": { # Allows clients to store small amounts of arbitrary data. Annotations must follow the Kubernetes syntax. The total size of all keys and values combined is limited to 256k. Key can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between.
+    "a_key": "A String",
+  },
+  "displayName": "A String", # A user-settable field to provide a human-readable name to be used in user interfaces.
+  "etag": "A String", # Fingerprint of the RecommenderConfig. Provides optimistic locking when updating.
+  "name": "A String", # Name of recommender config. Eg, projects/[PROJECT_NUMBER]/locations/[LOCATION]/recommenders/[RECOMMENDER_ID]/config
+  "recommenderGenerationConfig": { # A Configuration to customize the generation of recommendations. Eg, customizing the lookback period considered when generating a recommendation. # RecommenderGenerationConfig which configures the Generation of recommendations for this recommender.
+    "params": { # Parameters for this RecommenderGenerationConfig. These configs can be used by or are applied to all subtypes.
+      "a_key": "", # Properties of the object.
+    },
+  },
+  "revisionId": "A String", # Output only. Immutable. The revision ID of the config. A new revision is committed whenever the config is changed in any way. The format is an 8-character hexadecimal string.
+  "updateTime": "A String", # Last time when the config was updated.
+}

+

+
+

+    getConfig(name, x__xgafv=None)
+  
Gets the requested Recommender Config. There is only one instance of the config for each Recommender.
+
+Args:
+  name: string, Required. Name of the Recommendation Config to get. Acceptable formats: * `projects/[PROJECT_NUMBER]/locations/global/recommenders/[RECOMMENDER_ID]/config` * `projects/[PROJECT_ID]/locations/global/recommenders/[RECOMMENDER_ID]/config` (required)
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # Configuration for a Recommender.
+  "annotations": { # Allows clients to store small amounts of arbitrary data. Annotations must follow the Kubernetes syntax. The total size of all keys and values combined is limited to 256k. Key can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between.
+    "a_key": "A String",
+  },
+  "displayName": "A String", # A user-settable field to provide a human-readable name to be used in user interfaces.
+  "etag": "A String", # Fingerprint of the RecommenderConfig. Provides optimistic locking when updating.
+  "name": "A String", # Name of recommender config. Eg, projects/[PROJECT_NUMBER]/locations/[LOCATION]/recommenders/[RECOMMENDER_ID]/config
+  "recommenderGenerationConfig": { # A Configuration to customize the generation of recommendations. Eg, customizing the lookback period considered when generating a recommendation. # RecommenderGenerationConfig which configures the Generation of recommendations for this recommender.
+    "params": { # Parameters for this RecommenderGenerationConfig. These configs can be used by or are applied to all subtypes.
+      "a_key": "", # Properties of the object.
+    },
+  },
+  "revisionId": "A String", # Output only. Immutable. The revision ID of the config. A new revision is committed whenever the config is changed in any way. The format is an 8-character hexadecimal string.
+  "updateTime": "A String", # Last time when the config was updated.
+}

+

+
 
\ No newline at end of file
diff --git a/docs/dyn/recommender_v1beta1.projects.locations.insightTypes.html b/docs/dyn/recommender_v1beta1.projects.locations.insightTypes.html
index c78586b8103..1e5d9409921 100644
--- a/docs/dyn/recommender_v1beta1.projects.locations.insightTypes.html
+++ b/docs/dyn/recommender_v1beta1.projects.locations.insightTypes.html
@@ -82,10 +82,99 @@ 
Instance Methods

 

   close()

 
Close httplib2 connections.

+

+  getConfig(name, x__xgafv=None)

+
Gets the requested InsightTypeConfig. There is only one instance of the config for each InsightType.

+

+  updateConfig(name, body, updateMask=None, validateOnly=None, x__xgafv=None)

+
Updates an InsightTypeConfig change. This will create a new revision of the config.

 
Method Details

 

     close()
   
Close httplib2 connections.

 

 
+

+    getConfig(name, x__xgafv=None)
+  
Gets the requested InsightTypeConfig. There is only one instance of the config for each InsightType.
+
+Args:
+  name: string, Required. Name of the InsightTypeConfig to get. Acceptable formats: * `projects/[PROJECT_NUMBER]/locations/global/recommenders/[INSIGHT_TYPE_ID]/config` * `projects/[PROJECT_ID]/locations/global/recommenders/[INSIGHT_TYPE_ID]/config` (required)
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # Configuration for an InsightType.
+  "annotations": { # Allows clients to store small amounts of arbitrary data. Annotations must follow the Kubernetes syntax. The total size of all keys and values combined is limited to 256k. Key can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between.
+    "a_key": "A String",
+  },
+  "displayName": "A String", # A user-settable field to provide a human-readable name to be used in user interfaces.
+  "etag": "A String", # Fingerprint of the InsightTypeConfig. Provides optimistic locking when updating.
+  "insightTypeGenerationConfig": { # A configuration to customize the generation of insights. Eg, customizing the lookback period considered when generating a insight. # InsightTypeGenerationConfig which configures the generation of insights for this insight type.
+    "params": { # Parameters for this InsightTypeGenerationConfig. These configs can be used by or are applied to all subtypes.
+      "a_key": "", # Properties of the object.
+    },
+  },
+  "name": "A String", # Name of insight type config. Eg, projects/[PROJECT_NUMBER]/locations/[LOCATION]/insightTypes/[INSIGHT_TYPE_ID]/config
+  "revisionId": "A String", # Output only. Immutable. The revision ID of the config. A new revision is committed whenever the config is changed in any way. The format is an 8-character hexadecimal string.
+  "updateTime": "A String", # Last time when the config was updated.
+}

+

+
+

+    updateConfig(name, body, updateMask=None, validateOnly=None, x__xgafv=None)
+  
Updates an InsightTypeConfig change. This will create a new revision of the config.
+
+Args:
+  name: string, Name of insight type config. Eg, projects/[PROJECT_NUMBER]/locations/[LOCATION]/insightTypes/[INSIGHT_TYPE_ID]/config (required)
+  body: object, The request body.
+    The object takes the form of:
+
+{ # Configuration for an InsightType.
+  "annotations": { # Allows clients to store small amounts of arbitrary data. Annotations must follow the Kubernetes syntax. The total size of all keys and values combined is limited to 256k. Key can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between.
+    "a_key": "A String",
+  },
+  "displayName": "A String", # A user-settable field to provide a human-readable name to be used in user interfaces.
+  "etag": "A String", # Fingerprint of the InsightTypeConfig. Provides optimistic locking when updating.
+  "insightTypeGenerationConfig": { # A configuration to customize the generation of insights. Eg, customizing the lookback period considered when generating a insight. # InsightTypeGenerationConfig which configures the generation of insights for this insight type.
+    "params": { # Parameters for this InsightTypeGenerationConfig. These configs can be used by or are applied to all subtypes.
+      "a_key": "", # Properties of the object.
+    },
+  },
+  "name": "A String", # Name of insight type config. Eg, projects/[PROJECT_NUMBER]/locations/[LOCATION]/insightTypes/[INSIGHT_TYPE_ID]/config
+  "revisionId": "A String", # Output only. Immutable. The revision ID of the config. A new revision is committed whenever the config is changed in any way. The format is an 8-character hexadecimal string.
+  "updateTime": "A String", # Last time when the config was updated.
+}
+
+  updateMask: string, The list of fields to be updated.
+  validateOnly: boolean, If true, validate the request and preview the change, but do not actually update it.
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # Configuration for an InsightType.
+  "annotations": { # Allows clients to store small amounts of arbitrary data. Annotations must follow the Kubernetes syntax. The total size of all keys and values combined is limited to 256k. Key can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between.
+    "a_key": "A String",
+  },
+  "displayName": "A String", # A user-settable field to provide a human-readable name to be used in user interfaces.
+  "etag": "A String", # Fingerprint of the InsightTypeConfig. Provides optimistic locking when updating.
+  "insightTypeGenerationConfig": { # A configuration to customize the generation of insights. Eg, customizing the lookback period considered when generating a insight. # InsightTypeGenerationConfig which configures the generation of insights for this insight type.
+    "params": { # Parameters for this InsightTypeGenerationConfig. These configs can be used by or are applied to all subtypes.
+      "a_key": "", # Properties of the object.
+    },
+  },
+  "name": "A String", # Name of insight type config. Eg, projects/[PROJECT_NUMBER]/locations/[LOCATION]/insightTypes/[INSIGHT_TYPE_ID]/config
+  "revisionId": "A String", # Output only. Immutable. The revision ID of the config. A new revision is committed whenever the config is changed in any way. The format is an 8-character hexadecimal string.
+  "updateTime": "A String", # Last time when the config was updated.
+}

+

+
 
\ No newline at end of file
diff --git a/docs/dyn/recommender_v1beta1.projects.locations.recommenders.html b/docs/dyn/recommender_v1beta1.projects.locations.recommenders.html
index ab646d23b1d..f5752c87f1b 100644
--- a/docs/dyn/recommender_v1beta1.projects.locations.recommenders.html
+++ b/docs/dyn/recommender_v1beta1.projects.locations.recommenders.html
@@ -82,10 +82,99 @@ 
Instance Methods

 

   close()

 
Close httplib2 connections.

+

+  getConfig(name, x__xgafv=None)

+
Gets the requested Recommender Config. There is only one instance of the config for each Recommender.

+

+  updateConfig(name, body, updateMask=None, validateOnly=None, x__xgafv=None)

+
Updates a Recommender Config. This will create a new revision of the config.

 
Method Details

 

     close()
   
Close httplib2 connections.

 

 
+

+    getConfig(name, x__xgafv=None)
+  
Gets the requested Recommender Config. There is only one instance of the config for each Recommender.
+
+Args:
+  name: string, Required. Name of the Recommendation Config to get. Acceptable formats: * `projects/[PROJECT_NUMBER]/locations/global/recommenders/[RECOMMENDER_ID]/config` * `projects/[PROJECT_ID]/locations/global/recommenders/[RECOMMENDER_ID]/config` (required)
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # Configuration for a Recommender.
+  "annotations": { # Allows clients to store small amounts of arbitrary data. Annotations must follow the Kubernetes syntax. The total size of all keys and values combined is limited to 256k. Key can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between.
+    "a_key": "A String",
+  },
+  "displayName": "A String", # A user-settable field to provide a human-readable name to be used in user interfaces.
+  "etag": "A String", # Fingerprint of the RecommenderConfig. Provides optimistic locking when updating.
+  "name": "A String", # Name of recommender config. Eg, projects/[PROJECT_NUMBER]/locations/[LOCATION]/recommenders/[RECOMMENDER_ID]/config
+  "recommenderGenerationConfig": { # A Configuration to customize the generation of recommendations. Eg, customizing the lookback period considered when generating a recommendation. # RecommenderGenerationConfig which configures the Generation of recommendations for this recommender.
+    "params": { # Parameters for this RecommenderGenerationConfig. These configs can be used by or are applied to all subtypes.
+      "a_key": "", # Properties of the object.
+    },
+  },
+  "revisionId": "A String", # Output only. Immutable. The revision ID of the config. A new revision is committed whenever the config is changed in any way. The format is an 8-character hexadecimal string.
+  "updateTime": "A String", # Last time when the config was updated.
+}

+

+
+

+    updateConfig(name, body, updateMask=None, validateOnly=None, x__xgafv=None)
+  
Updates a Recommender Config. This will create a new revision of the config.
+
+Args:
+  name: string, Name of recommender config. Eg, projects/[PROJECT_NUMBER]/locations/[LOCATION]/recommenders/[RECOMMENDER_ID]/config (required)
+  body: object, The request body.
+    The object takes the form of:
+
+{ # Configuration for a Recommender.
+  "annotations": { # Allows clients to store small amounts of arbitrary data. Annotations must follow the Kubernetes syntax. The total size of all keys and values combined is limited to 256k. Key can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between.
+    "a_key": "A String",
+  },
+  "displayName": "A String", # A user-settable field to provide a human-readable name to be used in user interfaces.
+  "etag": "A String", # Fingerprint of the RecommenderConfig. Provides optimistic locking when updating.
+  "name": "A String", # Name of recommender config. Eg, projects/[PROJECT_NUMBER]/locations/[LOCATION]/recommenders/[RECOMMENDER_ID]/config
+  "recommenderGenerationConfig": { # A Configuration to customize the generation of recommendations. Eg, customizing the lookback period considered when generating a recommendation. # RecommenderGenerationConfig which configures the Generation of recommendations for this recommender.
+    "params": { # Parameters for this RecommenderGenerationConfig. These configs can be used by or are applied to all subtypes.
+      "a_key": "", # Properties of the object.
+    },
+  },
+  "revisionId": "A String", # Output only. Immutable. The revision ID of the config. A new revision is committed whenever the config is changed in any way. The format is an 8-character hexadecimal string.
+  "updateTime": "A String", # Last time when the config was updated.
+}
+
+  updateMask: string, The list of fields to be updated.
+  validateOnly: boolean, If true, validate the request and preview the change, but do not actually update it.
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # Configuration for a Recommender.
+  "annotations": { # Allows clients to store small amounts of arbitrary data. Annotations must follow the Kubernetes syntax. The total size of all keys and values combined is limited to 256k. Key can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between.
+    "a_key": "A String",
+  },
+  "displayName": "A String", # A user-settable field to provide a human-readable name to be used in user interfaces.
+  "etag": "A String", # Fingerprint of the RecommenderConfig. Provides optimistic locking when updating.
+  "name": "A String", # Name of recommender config. Eg, projects/[PROJECT_NUMBER]/locations/[LOCATION]/recommenders/[RECOMMENDER_ID]/config
+  "recommenderGenerationConfig": { # A Configuration to customize the generation of recommendations. Eg, customizing the lookback period considered when generating a recommendation. # RecommenderGenerationConfig which configures the Generation of recommendations for this recommender.
+    "params": { # Parameters for this RecommenderGenerationConfig. These configs can be used by or are applied to all subtypes.
+      "a_key": "", # Properties of the object.
+    },
+  },
+  "revisionId": "A String", # Output only. Immutable. The revision ID of the config. A new revision is committed whenever the config is changed in any way. The format is an 8-character hexadecimal string.
+  "updateTime": "A String", # Last time when the config was updated.
+}

+

+
 
\ No newline at end of file
diff --git a/docs/dyn/redis_v1.projects.locations.instances.html b/docs/dyn/redis_v1.projects.locations.instances.html
index 1ba6aeec651..99ddef2ad10 100644
--- a/docs/dyn/redis_v1.projects.locations.instances.html
+++ b/docs/dyn/redis_v1.projects.locations.instances.html
@@ -128,7 +128,7 @@ 
Method Details

   body: object, The request body.
     The object takes the form of:
 
-{ # A Google Cloud Redis instance. next id = 38
+{ # A Google Cloud Redis instance.
   "alternativeLocationId": "A String", # Optional. If specified, at least one node will be provisioned in this zone in addition to the zone specified in location_id. Only applicable to standard tier. If provided, it must be a different zone from the one provided in [location_id]. Additional nodes beyond the first 2 will be placed in zones selected by the service.
   "authEnabled": True or False, # Optional. Indicates whether OSS Redis AUTH is enabled for the instance. If set to "true" AUTH is enabled on the instance. Default value is "false" meaning AUTH is disabled.
   "authorizedNetwork": "A String", # Optional. The full name of the Google Compute Engine [network](https://cloud.google.com/vpc/docs/vpc) to which the instance is connected. If left unspecified, the `default` network will be used.
@@ -182,12 +182,12 @@ 
Method Details

   "port": 42, # Output only. The port number of the exposed Redis endpoint.
   "readEndpoint": "A String", # Output only. Hostname or IP address of the exposed readonly Redis endpoint. Standard tier only. Targets all healthy replica nodes in instance. Replication is asynchronous and replica nodes will exhibit some lag behind the primary. Write requests must target 'host'.
   "readEndpointPort": 42, # Output only. The port number of the exposed readonly redis endpoint. Standard tier only. Write requests should target 'port'.
-  "readReplicasMode": "A String", # Optional. Read replica mode.
+  "readReplicasMode": "A String", # Optional. Read replica mode. Can only be specified when trying to create the instance.
   "redisConfigs": { # Optional. Redis configuration parameters, according to http://redis.io/topics/config. Currently, the only supported parameters are: Redis version 3.2 and newer: * maxmemory-policy * notify-keyspace-events Redis version 4.0 and newer: * activedefrag * lfu-decay-time * lfu-log-factor * maxmemory-gb Redis version 5.0 and newer: * stream-node-max-bytes * stream-node-max-entries
     "a_key": "A String",
   },
   "redisVersion": "A String", # Optional. The version of Redis software. If not provided, latest supported version will be used. Currently, the supported values are: * `REDIS_3_2` for Redis 3.2 compatibility * `REDIS_4_0` for Redis 4.0 compatibility (default) * `REDIS_5_0` for Redis 5.0 compatibility * `REDIS_6_X` for Redis 6.x compatibility
-  "replicaCount": 42, # Optional. The number of replica nodes. Valid range for standard tier is [1-5] and defaults to 2. Valid value for basic tier is 0 and defaults to 0.
+  "replicaCount": 42, # Optional. The number of replica nodes. The valid range for the Standard Tier with read replicas enabled is [1-5] and defaults to 2. If read replicas are not enabled for a Standard Tier instance, the only valid value is 1 and the default is 1. The valid value for basic tier is 0 and the default is also 0.
   "reservedIpRange": "A String", # Optional. For DIRECT_PEERING mode, the CIDR range of internal addresses that are reserved for this instance. Range must be unique and non-overlapping with existing subnets in an authorized network. For PRIVATE_SERVICE_ACCESS mode, the name of one allocated IP address ranges associated with this private service access connection. If not provided, the service will choose an unused /29 block, for example, 10.0.0.0/29 or 192.168.0.0/29. For READ_REPLICAS_ENABLED the default block size is /28.
   "serverCaCerts": [ # Output only. List of server CA certificates for the instance.
     { # TlsCertificate Resource
@@ -371,7 +371,7 @@ 
Method Details

 Returns:
   An object of the form:
 
-    { # A Google Cloud Redis instance. next id = 38
+    { # A Google Cloud Redis instance.
   "alternativeLocationId": "A String", # Optional. If specified, at least one node will be provisioned in this zone in addition to the zone specified in location_id. Only applicable to standard tier. If provided, it must be a different zone from the one provided in [location_id]. Additional nodes beyond the first 2 will be placed in zones selected by the service.
   "authEnabled": True or False, # Optional. Indicates whether OSS Redis AUTH is enabled for the instance. If set to "true" AUTH is enabled on the instance. Default value is "false" meaning AUTH is disabled.
   "authorizedNetwork": "A String", # Optional. The full name of the Google Compute Engine [network](https://cloud.google.com/vpc/docs/vpc) to which the instance is connected. If left unspecified, the `default` network will be used.
@@ -425,12 +425,12 @@ 
Method Details

   "port": 42, # Output only. The port number of the exposed Redis endpoint.
   "readEndpoint": "A String", # Output only. Hostname or IP address of the exposed readonly Redis endpoint. Standard tier only. Targets all healthy replica nodes in instance. Replication is asynchronous and replica nodes will exhibit some lag behind the primary. Write requests must target 'host'.
   "readEndpointPort": 42, # Output only. The port number of the exposed readonly redis endpoint. Standard tier only. Write requests should target 'port'.
-  "readReplicasMode": "A String", # Optional. Read replica mode.
+  "readReplicasMode": "A String", # Optional. Read replica mode. Can only be specified when trying to create the instance.
   "redisConfigs": { # Optional. Redis configuration parameters, according to http://redis.io/topics/config. Currently, the only supported parameters are: Redis version 3.2 and newer: * maxmemory-policy * notify-keyspace-events Redis version 4.0 and newer: * activedefrag * lfu-decay-time * lfu-log-factor * maxmemory-gb Redis version 5.0 and newer: * stream-node-max-bytes * stream-node-max-entries
     "a_key": "A String",
   },
   "redisVersion": "A String", # Optional. The version of Redis software. If not provided, latest supported version will be used. Currently, the supported values are: * `REDIS_3_2` for Redis 3.2 compatibility * `REDIS_4_0` for Redis 4.0 compatibility (default) * `REDIS_5_0` for Redis 5.0 compatibility * `REDIS_6_X` for Redis 6.x compatibility
-  "replicaCount": 42, # Optional. The number of replica nodes. Valid range for standard tier is [1-5] and defaults to 2. Valid value for basic tier is 0 and defaults to 0.
+  "replicaCount": 42, # Optional. The number of replica nodes. The valid range for the Standard Tier with read replicas enabled is [1-5] and defaults to 2. If read replicas are not enabled for a Standard Tier instance, the only valid value is 1 and the default is 1. The valid value for basic tier is 0 and the default is also 0.
   "reservedIpRange": "A String", # Optional. For DIRECT_PEERING mode, the CIDR range of internal addresses that are reserved for this instance. Range must be unique and non-overlapping with existing subnets in an authorized network. For PRIVATE_SERVICE_ACCESS mode, the name of one allocated IP address ranges associated with this private service access connection. If not provided, the service will choose an unused /29 block, for example, 10.0.0.0/29 or 192.168.0.0/29. For READ_REPLICAS_ENABLED the default block size is /28.
   "serverCaCerts": [ # Output only. List of server CA certificates for the instance.
     { # TlsCertificate Resource
@@ -531,7 +531,7 @@ 
Method Details

 
     { # Response for ListInstances.
   "instances": [ # A list of Redis instances in the project in the specified location, or across all locations. If the `location_id` in the parent field of the request is "-", all regions available to the project are queried, and the results aggregated. If in such an aggregated query a location is unavailable, a placeholder Redis entry is included in the response with the `name` field set to a value of the form `projects/{project_id}/locations/{location_id}/instances/`- and the `status` field set to ERROR and `status_message` field set to "location not available for ListInstances".
-    { # A Google Cloud Redis instance. next id = 38
+    { # A Google Cloud Redis instance.
       "alternativeLocationId": "A String", # Optional. If specified, at least one node will be provisioned in this zone in addition to the zone specified in location_id. Only applicable to standard tier. If provided, it must be a different zone from the one provided in [location_id]. Additional nodes beyond the first 2 will be placed in zones selected by the service.
       "authEnabled": True or False, # Optional. Indicates whether OSS Redis AUTH is enabled for the instance. If set to "true" AUTH is enabled on the instance. Default value is "false" meaning AUTH is disabled.
       "authorizedNetwork": "A String", # Optional. The full name of the Google Compute Engine [network](https://cloud.google.com/vpc/docs/vpc) to which the instance is connected. If left unspecified, the `default` network will be used.
@@ -585,12 +585,12 @@ 
Method Details

       "port": 42, # Output only. The port number of the exposed Redis endpoint.
       "readEndpoint": "A String", # Output only. Hostname or IP address of the exposed readonly Redis endpoint. Standard tier only. Targets all healthy replica nodes in instance. Replication is asynchronous and replica nodes will exhibit some lag behind the primary. Write requests must target 'host'.
       "readEndpointPort": 42, # Output only. The port number of the exposed readonly redis endpoint. Standard tier only. Write requests should target 'port'.
-      "readReplicasMode": "A String", # Optional. Read replica mode.
+      "readReplicasMode": "A String", # Optional. Read replica mode. Can only be specified when trying to create the instance.
       "redisConfigs": { # Optional. Redis configuration parameters, according to http://redis.io/topics/config. Currently, the only supported parameters are: Redis version 3.2 and newer: * maxmemory-policy * notify-keyspace-events Redis version 4.0 and newer: * activedefrag * lfu-decay-time * lfu-log-factor * maxmemory-gb Redis version 5.0 and newer: * stream-node-max-bytes * stream-node-max-entries
         "a_key": "A String",
       },
       "redisVersion": "A String", # Optional. The version of Redis software. If not provided, latest supported version will be used. Currently, the supported values are: * `REDIS_3_2` for Redis 3.2 compatibility * `REDIS_4_0` for Redis 4.0 compatibility (default) * `REDIS_5_0` for Redis 5.0 compatibility * `REDIS_6_X` for Redis 6.x compatibility
-      "replicaCount": 42, # Optional. The number of replica nodes. Valid range for standard tier is [1-5] and defaults to 2. Valid value for basic tier is 0 and defaults to 0.
+      "replicaCount": 42, # Optional. The number of replica nodes. The valid range for the Standard Tier with read replicas enabled is [1-5] and defaults to 2. If read replicas are not enabled for a Standard Tier instance, the only valid value is 1 and the default is 1. The valid value for basic tier is 0 and the default is also 0.
       "reservedIpRange": "A String", # Optional. For DIRECT_PEERING mode, the CIDR range of internal addresses that are reserved for this instance. Range must be unique and non-overlapping with existing subnets in an authorized network. For PRIVATE_SERVICE_ACCESS mode, the name of one allocated IP address ranges associated with this private service access connection. If not provided, the service will choose an unused /29 block, for example, 10.0.0.0/29 or 192.168.0.0/29. For READ_REPLICAS_ENABLED the default block size is /28.
       "serverCaCerts": [ # Output only. List of server CA certificates for the instance.
         { # TlsCertificate Resource
@@ -637,7 +637,7 @@ 
Method Details

   body: object, The request body.
     The object takes the form of:
 
-{ # A Google Cloud Redis instance. next id = 38
+{ # A Google Cloud Redis instance.
   "alternativeLocationId": "A String", # Optional. If specified, at least one node will be provisioned in this zone in addition to the zone specified in location_id. Only applicable to standard tier. If provided, it must be a different zone from the one provided in [location_id]. Additional nodes beyond the first 2 will be placed in zones selected by the service.
   "authEnabled": True or False, # Optional. Indicates whether OSS Redis AUTH is enabled for the instance. If set to "true" AUTH is enabled on the instance. Default value is "false" meaning AUTH is disabled.
   "authorizedNetwork": "A String", # Optional. The full name of the Google Compute Engine [network](https://cloud.google.com/vpc/docs/vpc) to which the instance is connected. If left unspecified, the `default` network will be used.
@@ -691,12 +691,12 @@ 
Method Details

   "port": 42, # Output only. The port number of the exposed Redis endpoint.
   "readEndpoint": "A String", # Output only. Hostname or IP address of the exposed readonly Redis endpoint. Standard tier only. Targets all healthy replica nodes in instance. Replication is asynchronous and replica nodes will exhibit some lag behind the primary. Write requests must target 'host'.
   "readEndpointPort": 42, # Output only. The port number of the exposed readonly redis endpoint. Standard tier only. Write requests should target 'port'.
-  "readReplicasMode": "A String", # Optional. Read replica mode.
+  "readReplicasMode": "A String", # Optional. Read replica mode. Can only be specified when trying to create the instance.
   "redisConfigs": { # Optional. Redis configuration parameters, according to http://redis.io/topics/config. Currently, the only supported parameters are: Redis version 3.2 and newer: * maxmemory-policy * notify-keyspace-events Redis version 4.0 and newer: * activedefrag * lfu-decay-time * lfu-log-factor * maxmemory-gb Redis version 5.0 and newer: * stream-node-max-bytes * stream-node-max-entries
     "a_key": "A String",
   },
   "redisVersion": "A String", # Optional. The version of Redis software. If not provided, latest supported version will be used. Currently, the supported values are: * `REDIS_3_2` for Redis 3.2 compatibility * `REDIS_4_0` for Redis 4.0 compatibility (default) * `REDIS_5_0` for Redis 5.0 compatibility * `REDIS_6_X` for Redis 6.x compatibility
-  "replicaCount": 42, # Optional. The number of replica nodes. Valid range for standard tier is [1-5] and defaults to 2. Valid value for basic tier is 0 and defaults to 0.
+  "replicaCount": 42, # Optional. The number of replica nodes. The valid range for the Standard Tier with read replicas enabled is [1-5] and defaults to 2. If read replicas are not enabled for a Standard Tier instance, the only valid value is 1 and the default is 1. The valid value for basic tier is 0 and the default is also 0.
   "reservedIpRange": "A String", # Optional. For DIRECT_PEERING mode, the CIDR range of internal addresses that are reserved for this instance. Range must be unique and non-overlapping with existing subnets in an authorized network. For PRIVATE_SERVICE_ACCESS mode, the name of one allocated IP address ranges associated with this private service access connection. If not provided, the service will choose an unused /29 block, for example, 10.0.0.0/29 or 192.168.0.0/29. For READ_REPLICAS_ENABLED the default block size is /28.
   "serverCaCerts": [ # Output only. List of server CA certificates for the instance.
     { # TlsCertificate Resource
diff --git a/docs/dyn/redis_v1beta1.projects.locations.instances.html b/docs/dyn/redis_v1beta1.projects.locations.instances.html
index 430c61369de..86754266ad3 100644
--- a/docs/dyn/redis_v1beta1.projects.locations.instances.html
+++ b/docs/dyn/redis_v1beta1.projects.locations.instances.html
@@ -128,7 +128,7 @@ 
Method Details

   body: object, The request body.
     The object takes the form of:
 
-{ # A Google Cloud Redis instance. next id = 38
+{ # A Google Cloud Redis instance.
   "alternativeLocationId": "A String", # Optional. If specified, at least one node will be provisioned in this zone in addition to the zone specified in location_id. Only applicable to standard tier. If provided, it must be a different zone from the one provided in [location_id]. Additional nodes beyond the first 2 will be placed in zones selected by the service.
   "authEnabled": True or False, # Optional. Indicates whether OSS Redis AUTH is enabled for the instance. If set to "true" AUTH is enabled on the instance. Default value is "false" meaning AUTH is disabled.
   "authorizedNetwork": "A String", # Optional. The full name of the Google Compute Engine [network](https://cloud.google.com/vpc/docs/vpc) to which the instance is connected. If left unspecified, the `default` network will be used.
@@ -182,12 +182,12 @@ 
Method Details

   "port": 42, # Output only. The port number of the exposed Redis endpoint.
   "readEndpoint": "A String", # Output only. Hostname or IP address of the exposed readonly Redis endpoint. Standard tier only. Targets all healthy replica nodes in instance. Replication is asynchronous and replica nodes will exhibit some lag behind the primary. Write requests must target 'host'.
   "readEndpointPort": 42, # Output only. The port number of the exposed readonly redis endpoint. Standard tier only. Write requests should target 'port'.
-  "readReplicasMode": "A String", # Optional. Read replica mode.
+  "readReplicasMode": "A String", # Optional. Read replica mode. Can only be specified when trying to create the instance.
   "redisConfigs": { # Optional. Redis configuration parameters, according to http://redis.io/topics/config. Currently, the only supported parameters are: Redis version 3.2 and newer: * maxmemory-policy * notify-keyspace-events Redis version 4.0 and newer: * activedefrag * lfu-decay-time * lfu-log-factor * maxmemory-gb Redis version 5.0 and newer: * stream-node-max-bytes * stream-node-max-entries
     "a_key": "A String",
   },
   "redisVersion": "A String", # Optional. The version of Redis software. If not provided, latest supported version will be used. Currently, the supported values are: * `REDIS_3_2` for Redis 3.2 compatibility * `REDIS_4_0` for Redis 4.0 compatibility (default) * `REDIS_5_0` for Redis 5.0 compatibility * `REDIS_6_X` for Redis 6.x compatibility
-  "replicaCount": 42, # Optional. The number of replica nodes. Valid range for standard tier is [1-5] and defaults to 2. Valid value for basic tier is 0 and defaults to 0.
+  "replicaCount": 42, # Optional. The number of replica nodes. The valid range for the Standard Tier with read replicas enabled is [1-5] and defaults to 2. If read replicas are not enabled for a Standard Tier instance, the only valid value is 1 and the default is 1. The valid value for basic tier is 0 and the default is also 0.
   "reservedIpRange": "A String", # Optional. For DIRECT_PEERING mode, the CIDR range of internal addresses that are reserved for this instance. Range must be unique and non-overlapping with existing subnets in an authorized network. For PRIVATE_SERVICE_ACCESS mode, the name of one allocated IP address ranges associated with this private service access connection. If not provided, the service will choose an unused /29 block, for example, 10.0.0.0/29 or 192.168.0.0/29. For READ_REPLICAS_ENABLED the default block size is /28.
   "serverCaCerts": [ # Output only. List of server CA certificates for the instance.
     { # TlsCertificate Resource
@@ -371,7 +371,7 @@ 
Method Details

 Returns:
   An object of the form:
 
-    { # A Google Cloud Redis instance. next id = 38
+    { # A Google Cloud Redis instance.
   "alternativeLocationId": "A String", # Optional. If specified, at least one node will be provisioned in this zone in addition to the zone specified in location_id. Only applicable to standard tier. If provided, it must be a different zone from the one provided in [location_id]. Additional nodes beyond the first 2 will be placed in zones selected by the service.
   "authEnabled": True or False, # Optional. Indicates whether OSS Redis AUTH is enabled for the instance. If set to "true" AUTH is enabled on the instance. Default value is "false" meaning AUTH is disabled.
   "authorizedNetwork": "A String", # Optional. The full name of the Google Compute Engine [network](https://cloud.google.com/vpc/docs/vpc) to which the instance is connected. If left unspecified, the `default` network will be used.
@@ -425,12 +425,12 @@ 
Method Details

   "port": 42, # Output only. The port number of the exposed Redis endpoint.
   "readEndpoint": "A String", # Output only. Hostname or IP address of the exposed readonly Redis endpoint. Standard tier only. Targets all healthy replica nodes in instance. Replication is asynchronous and replica nodes will exhibit some lag behind the primary. Write requests must target 'host'.
   "readEndpointPort": 42, # Output only. The port number of the exposed readonly redis endpoint. Standard tier only. Write requests should target 'port'.
-  "readReplicasMode": "A String", # Optional. Read replica mode.
+  "readReplicasMode": "A String", # Optional. Read replica mode. Can only be specified when trying to create the instance.
   "redisConfigs": { # Optional. Redis configuration parameters, according to http://redis.io/topics/config. Currently, the only supported parameters are: Redis version 3.2 and newer: * maxmemory-policy * notify-keyspace-events Redis version 4.0 and newer: * activedefrag * lfu-decay-time * lfu-log-factor * maxmemory-gb Redis version 5.0 and newer: * stream-node-max-bytes * stream-node-max-entries
     "a_key": "A String",
   },
   "redisVersion": "A String", # Optional. The version of Redis software. If not provided, latest supported version will be used. Currently, the supported values are: * `REDIS_3_2` for Redis 3.2 compatibility * `REDIS_4_0` for Redis 4.0 compatibility (default) * `REDIS_5_0` for Redis 5.0 compatibility * `REDIS_6_X` for Redis 6.x compatibility
-  "replicaCount": 42, # Optional. The number of replica nodes. Valid range for standard tier is [1-5] and defaults to 2. Valid value for basic tier is 0 and defaults to 0.
+  "replicaCount": 42, # Optional. The number of replica nodes. The valid range for the Standard Tier with read replicas enabled is [1-5] and defaults to 2. If read replicas are not enabled for a Standard Tier instance, the only valid value is 1 and the default is 1. The valid value for basic tier is 0 and the default is also 0.
   "reservedIpRange": "A String", # Optional. For DIRECT_PEERING mode, the CIDR range of internal addresses that are reserved for this instance. Range must be unique and non-overlapping with existing subnets in an authorized network. For PRIVATE_SERVICE_ACCESS mode, the name of one allocated IP address ranges associated with this private service access connection. If not provided, the service will choose an unused /29 block, for example, 10.0.0.0/29 or 192.168.0.0/29. For READ_REPLICAS_ENABLED the default block size is /28.
   "serverCaCerts": [ # Output only. List of server CA certificates for the instance.
     { # TlsCertificate Resource
@@ -531,7 +531,7 @@ 
Method Details

 
     { # Response for ListInstances.
   "instances": [ # A list of Redis instances in the project in the specified location, or across all locations. If the `location_id` in the parent field of the request is "-", all regions available to the project are queried, and the results aggregated. If in such an aggregated query a location is unavailable, a placeholder Redis entry is included in the response with the `name` field set to a value of the form `projects/{project_id}/locations/{location_id}/instances/`- and the `status` field set to ERROR and `status_message` field set to "location not available for ListInstances".
-    { # A Google Cloud Redis instance. next id = 38
+    { # A Google Cloud Redis instance.
       "alternativeLocationId": "A String", # Optional. If specified, at least one node will be provisioned in this zone in addition to the zone specified in location_id. Only applicable to standard tier. If provided, it must be a different zone from the one provided in [location_id]. Additional nodes beyond the first 2 will be placed in zones selected by the service.
       "authEnabled": True or False, # Optional. Indicates whether OSS Redis AUTH is enabled for the instance. If set to "true" AUTH is enabled on the instance. Default value is "false" meaning AUTH is disabled.
       "authorizedNetwork": "A String", # Optional. The full name of the Google Compute Engine [network](https://cloud.google.com/vpc/docs/vpc) to which the instance is connected. If left unspecified, the `default` network will be used.
@@ -585,12 +585,12 @@ 
Method Details

       "port": 42, # Output only. The port number of the exposed Redis endpoint.
       "readEndpoint": "A String", # Output only. Hostname or IP address of the exposed readonly Redis endpoint. Standard tier only. Targets all healthy replica nodes in instance. Replication is asynchronous and replica nodes will exhibit some lag behind the primary. Write requests must target 'host'.
       "readEndpointPort": 42, # Output only. The port number of the exposed readonly redis endpoint. Standard tier only. Write requests should target 'port'.
-      "readReplicasMode": "A String", # Optional. Read replica mode.
+      "readReplicasMode": "A String", # Optional. Read replica mode. Can only be specified when trying to create the instance.
       "redisConfigs": { # Optional. Redis configuration parameters, according to http://redis.io/topics/config. Currently, the only supported parameters are: Redis version 3.2 and newer: * maxmemory-policy * notify-keyspace-events Redis version 4.0 and newer: * activedefrag * lfu-decay-time * lfu-log-factor * maxmemory-gb Redis version 5.0 and newer: * stream-node-max-bytes * stream-node-max-entries
         "a_key": "A String",
       },
       "redisVersion": "A String", # Optional. The version of Redis software. If not provided, latest supported version will be used. Currently, the supported values are: * `REDIS_3_2` for Redis 3.2 compatibility * `REDIS_4_0` for Redis 4.0 compatibility (default) * `REDIS_5_0` for Redis 5.0 compatibility * `REDIS_6_X` for Redis 6.x compatibility
-      "replicaCount": 42, # Optional. The number of replica nodes. Valid range for standard tier is [1-5] and defaults to 2. Valid value for basic tier is 0 and defaults to 0.
+      "replicaCount": 42, # Optional. The number of replica nodes. The valid range for the Standard Tier with read replicas enabled is [1-5] and defaults to 2. If read replicas are not enabled for a Standard Tier instance, the only valid value is 1 and the default is 1. The valid value for basic tier is 0 and the default is also 0.
       "reservedIpRange": "A String", # Optional. For DIRECT_PEERING mode, the CIDR range of internal addresses that are reserved for this instance. Range must be unique and non-overlapping with existing subnets in an authorized network. For PRIVATE_SERVICE_ACCESS mode, the name of one allocated IP address ranges associated with this private service access connection. If not provided, the service will choose an unused /29 block, for example, 10.0.0.0/29 or 192.168.0.0/29. For READ_REPLICAS_ENABLED the default block size is /28.
       "serverCaCerts": [ # Output only. List of server CA certificates for the instance.
         { # TlsCertificate Resource
@@ -637,7 +637,7 @@ 
Method Details

   body: object, The request body.
     The object takes the form of:
 
-{ # A Google Cloud Redis instance. next id = 38
+{ # A Google Cloud Redis instance.
   "alternativeLocationId": "A String", # Optional. If specified, at least one node will be provisioned in this zone in addition to the zone specified in location_id. Only applicable to standard tier. If provided, it must be a different zone from the one provided in [location_id]. Additional nodes beyond the first 2 will be placed in zones selected by the service.
   "authEnabled": True or False, # Optional. Indicates whether OSS Redis AUTH is enabled for the instance. If set to "true" AUTH is enabled on the instance. Default value is "false" meaning AUTH is disabled.
   "authorizedNetwork": "A String", # Optional. The full name of the Google Compute Engine [network](https://cloud.google.com/vpc/docs/vpc) to which the instance is connected. If left unspecified, the `default` network will be used.
@@ -691,12 +691,12 @@ 
Method Details

   "port": 42, # Output only. The port number of the exposed Redis endpoint.
   "readEndpoint": "A String", # Output only. Hostname or IP address of the exposed readonly Redis endpoint. Standard tier only. Targets all healthy replica nodes in instance. Replication is asynchronous and replica nodes will exhibit some lag behind the primary. Write requests must target 'host'.
   "readEndpointPort": 42, # Output only. The port number of the exposed readonly redis endpoint. Standard tier only. Write requests should target 'port'.
-  "readReplicasMode": "A String", # Optional. Read replica mode.
+  "readReplicasMode": "A String", # Optional. Read replica mode. Can only be specified when trying to create the instance.
   "redisConfigs": { # Optional. Redis configuration parameters, according to http://redis.io/topics/config. Currently, the only supported parameters are: Redis version 3.2 and newer: * maxmemory-policy * notify-keyspace-events Redis version 4.0 and newer: * activedefrag * lfu-decay-time * lfu-log-factor * maxmemory-gb Redis version 5.0 and newer: * stream-node-max-bytes * stream-node-max-entries
     "a_key": "A String",
   },
   "redisVersion": "A String", # Optional. The version of Redis software. If not provided, latest supported version will be used. Currently, the supported values are: * `REDIS_3_2` for Redis 3.2 compatibility * `REDIS_4_0` for Redis 4.0 compatibility (default) * `REDIS_5_0` for Redis 5.0 compatibility * `REDIS_6_X` for Redis 6.x compatibility
-  "replicaCount": 42, # Optional. The number of replica nodes. Valid range for standard tier is [1-5] and defaults to 2. Valid value for basic tier is 0 and defaults to 0.
+  "replicaCount": 42, # Optional. The number of replica nodes. The valid range for the Standard Tier with read replicas enabled is [1-5] and defaults to 2. If read replicas are not enabled for a Standard Tier instance, the only valid value is 1 and the default is 1. The valid value for basic tier is 0 and the default is also 0.
   "reservedIpRange": "A String", # Optional. For DIRECT_PEERING mode, the CIDR range of internal addresses that are reserved for this instance. Range must be unique and non-overlapping with existing subnets in an authorized network. For PRIVATE_SERVICE_ACCESS mode, the name of one allocated IP address ranges associated with this private service access connection. If not provided, the service will choose an unused /29 block, for example, 10.0.0.0/29 or 192.168.0.0/29. For READ_REPLICAS_ENABLED the default block size is /28.
   "serverCaCerts": [ # Output only. List of server CA certificates for the instance.
     { # TlsCertificate Resource
diff --git a/docs/dyn/retail_v2.projects.locations.catalogs.html b/docs/dyn/retail_v2.projects.locations.catalogs.html
index 2de38136082..6b4430a2670 100644
--- a/docs/dyn/retail_v2.projects.locations.catalogs.html
+++ b/docs/dyn/retail_v2.projects.locations.catalogs.html
@@ -216,7 +216,7 @@ 
Method Details

       "displayName": "A String", # Required. Immutable. The catalog display name. This field must be a UTF-8 encoded string with a length limit of 128 characters. Otherwise, an INVALID_ARGUMENT error is returned.
       "name": "A String", # Required. Immutable. The fully qualified resource name of the catalog.
       "productLevelConfig": { # Configures what level the product should be uploaded with regards to how users will be send events and how predictions will be made. # Required. The product level configuration.
-        "ingestionProductType": "A String", # The type of Products allowed to be ingested into the catalog. Acceptable values are: * `primary` (default): You can only ingest Product.Type.PRIMARY Products. This means Product.primary_product_id can only be empty or set to the same value as Product.id. * `variant`: You can only ingest Product.Type.VARIANT Products. This means Product.primary_product_id cannot be empty. If this field is set to an invalid value other than these, an INVALID_ARGUMENT error is returned. If this field is `variant` and merchant_center_product_id_field is `itemGroupId`, an INVALID_ARGUMENT error is returned. See [Using product levels](https://cloud.google.com/retail/recommendations-ai/docs/catalog#product-levels) for more details.
+        "ingestionProductType": "A String", # The type of Products allowed to be ingested into the catalog. Acceptable values are: * `primary` (default): You can ingest Products of all types. When ingesting a Product, its type will default to Product.Type.PRIMARY if unset. * `variant`: You can only ingest Product.Type.VARIANT Products. This means Product.primary_product_id cannot be empty. If this field is set to an invalid value other than these, an INVALID_ARGUMENT error is returned. If this field is `variant` and merchant_center_product_id_field is `itemGroupId`, an INVALID_ARGUMENT error is returned. See [Using product levels](https://cloud.google.com/retail/recommendations-ai/docs/catalog#product-levels) for more details.
         "merchantCenterProductIdField": "A String", # Which field of [Merchant Center Product](/bigquery-transfer/docs/merchant-center-products-schema) should be imported as Product.id. Acceptable values are: * `offerId` (default): Import `offerId` as the product ID. * `itemGroupId`: Import `itemGroupId` as the product ID. Notice that Retail API will choose one item from the ones with the same `itemGroupId`, and use it to represent the item group. If this field is set to an invalid value other than these, an INVALID_ARGUMENT error is returned. If this field is `itemGroupId` and ingestion_product_type is `variant`, an INVALID_ARGUMENT error is returned. See [Using product levels](https://cloud.google.com/retail/recommendations-ai/docs/catalog#product-levels) for more details.
       },
     },
@@ -252,7 +252,7 @@ 
Method Details

   "displayName": "A String", # Required. Immutable. The catalog display name. This field must be a UTF-8 encoded string with a length limit of 128 characters. Otherwise, an INVALID_ARGUMENT error is returned.
   "name": "A String", # Required. Immutable. The fully qualified resource name of the catalog.
   "productLevelConfig": { # Configures what level the product should be uploaded with regards to how users will be send events and how predictions will be made. # Required. The product level configuration.
-    "ingestionProductType": "A String", # The type of Products allowed to be ingested into the catalog. Acceptable values are: * `primary` (default): You can only ingest Product.Type.PRIMARY Products. This means Product.primary_product_id can only be empty or set to the same value as Product.id. * `variant`: You can only ingest Product.Type.VARIANT Products. This means Product.primary_product_id cannot be empty. If this field is set to an invalid value other than these, an INVALID_ARGUMENT error is returned. If this field is `variant` and merchant_center_product_id_field is `itemGroupId`, an INVALID_ARGUMENT error is returned. See [Using product levels](https://cloud.google.com/retail/recommendations-ai/docs/catalog#product-levels) for more details.
+    "ingestionProductType": "A String", # The type of Products allowed to be ingested into the catalog. Acceptable values are: * `primary` (default): You can ingest Products of all types. When ingesting a Product, its type will default to Product.Type.PRIMARY if unset. * `variant`: You can only ingest Product.Type.VARIANT Products. This means Product.primary_product_id cannot be empty. If this field is set to an invalid value other than these, an INVALID_ARGUMENT error is returned. If this field is `variant` and merchant_center_product_id_field is `itemGroupId`, an INVALID_ARGUMENT error is returned. See [Using product levels](https://cloud.google.com/retail/recommendations-ai/docs/catalog#product-levels) for more details.
     "merchantCenterProductIdField": "A String", # Which field of [Merchant Center Product](/bigquery-transfer/docs/merchant-center-products-schema) should be imported as Product.id. Acceptable values are: * `offerId` (default): Import `offerId` as the product ID. * `itemGroupId`: Import `itemGroupId` as the product ID. Notice that Retail API will choose one item from the ones with the same `itemGroupId`, and use it to represent the item group. If this field is set to an invalid value other than these, an INVALID_ARGUMENT error is returned. If this field is `itemGroupId` and ingestion_product_type is `variant`, an INVALID_ARGUMENT error is returned. See [Using product levels](https://cloud.google.com/retail/recommendations-ai/docs/catalog#product-levels) for more details.
   },
 }
@@ -270,7 +270,7 @@ 
Method Details

   "displayName": "A String", # Required. Immutable. The catalog display name. This field must be a UTF-8 encoded string with a length limit of 128 characters. Otherwise, an INVALID_ARGUMENT error is returned.
   "name": "A String", # Required. Immutable. The fully qualified resource name of the catalog.
   "productLevelConfig": { # Configures what level the product should be uploaded with regards to how users will be send events and how predictions will be made. # Required. The product level configuration.
-    "ingestionProductType": "A String", # The type of Products allowed to be ingested into the catalog. Acceptable values are: * `primary` (default): You can only ingest Product.Type.PRIMARY Products. This means Product.primary_product_id can only be empty or set to the same value as Product.id. * `variant`: You can only ingest Product.Type.VARIANT Products. This means Product.primary_product_id cannot be empty. If this field is set to an invalid value other than these, an INVALID_ARGUMENT error is returned. If this field is `variant` and merchant_center_product_id_field is `itemGroupId`, an INVALID_ARGUMENT error is returned. See [Using product levels](https://cloud.google.com/retail/recommendations-ai/docs/catalog#product-levels) for more details.
+    "ingestionProductType": "A String", # The type of Products allowed to be ingested into the catalog. Acceptable values are: * `primary` (default): You can ingest Products of all types. When ingesting a Product, its type will default to Product.Type.PRIMARY if unset. * `variant`: You can only ingest Product.Type.VARIANT Products. This means Product.primary_product_id cannot be empty. If this field is set to an invalid value other than these, an INVALID_ARGUMENT error is returned. If this field is `variant` and merchant_center_product_id_field is `itemGroupId`, an INVALID_ARGUMENT error is returned. See [Using product levels](https://cloud.google.com/retail/recommendations-ai/docs/catalog#product-levels) for more details.
     "merchantCenterProductIdField": "A String", # Which field of [Merchant Center Product](/bigquery-transfer/docs/merchant-center-products-schema) should be imported as Product.id. Acceptable values are: * `offerId` (default): Import `offerId` as the product ID. * `itemGroupId`: Import `itemGroupId` as the product ID. Notice that Retail API will choose one item from the ones with the same `itemGroupId`, and use it to represent the item group. If this field is set to an invalid value other than these, an INVALID_ARGUMENT error is returned. If this field is `itemGroupId` and ingestion_product_type is `variant`, an INVALID_ARGUMENT error is returned. See [Using product levels](https://cloud.google.com/retail/recommendations-ai/docs/catalog#product-levels) for more details.
   },
 }

diff --git a/docs/dyn/retail_v2alpha.projects.locations.catalogs.branches.products.html b/docs/dyn/retail_v2alpha.projects.locations.catalogs.branches.products.html
index 933d750a22a..75b6ca6eab6 100644
--- a/docs/dyn/retail_v2alpha.projects.locations.catalogs.branches.products.html
+++ b/docs/dyn/retail_v2alpha.projects.locations.catalogs.branches.products.html
@@ -173,10 +173,10 @@ 
Method Details

 { # Request message for AddLocalInventories method.
   "addMask": "A String", # Indicates which inventory fields in the provided list of LocalInventory to update. The field is updated to the provided value. If a field is set while the place does not have a previous local inventory, the local inventory at that store is created. If a field is set while the value of that field is not provided, the original field value, if it exists, is deleted. If the mask is not set or set with empty paths, all inventory fields will be updated. If an unsupported or unknown field is provided, an INVALID_ARGUMENT error is returned and the entire update will be ignored.
   "addTime": "A String", # The time when the inventory updates are issued. Used to prevent out-of-order updates on local inventory fields. If not provided, the internal system time will be used.
-  "allowMissing": True or False, # If set to true, and the Product is not found, the local inventory will still be processed and retained for at most 1 day and processed once the Product is created. If set to false, an INVALID_ARGUMENT error is returned if the Product is not found.
+  "allowMissing": True or False, # If set to true, and the Product is not found, the local inventory will still be processed and retained for at most 1 day and processed once the Product is created. If set to false, a NOT_FOUND error is returned if the Product is not found.
   "localInventories": [ # Required. A list of inventory information at difference places. Each place is identified by its place ID. At most 1000 inventories are allowed per request.
     { # The inventory information at a place (e.g. a store) identified by a place ID.
-      "attributes": { # Additional local inventory attributes, for example, store name, promotion tags, etc. * At most 5 values are allowed. Otherwise, an INVALID_ARGUMENT error is returned. * The key must be a UTF-8 encoded string with a length limit of 10 characters. * The key must match the pattern: `a-zA-Z0-9*`. For example, key0LikeThis or KEY_1_LIKE_THIS. * The attribute values must be of the same type (text or number). * The max number of values per attribute is 10. * For text values, the length limit is 10 UTF-8 characters.
+      "attributes": { # Additional local inventory attributes, for example, store name, promotion tags, etc. * At most 5 values are allowed. Otherwise, an INVALID_ARGUMENT error is returned. * The key must be a UTF-8 encoded string with a length limit of 10 characters. * The key must match the pattern: `a-zA-Z0-9*`. For example, key0LikeThis or KEY_1_LIKE_THIS. * The attribute values must be of the same type (text or number). * The max number of values per attribute is 10. * For text values, the length limit is 10 UTF-8 characters. * The attribute does not support search. The `searchable` field should be unset or set to false.
         "a_key": { # A custom attribute that is not explicitly modeled in Product.
           "indexable": True or False, # If true, custom attribute values are indexed, so that it can be filtered, faceted or boosted in SearchService.Search. This field is ignored in a UserEvent. See SearchRequest.filter, SearchRequest.facet_specs and SearchRequest.boost_spec for more details.
           "numbers": [ # The numerical values of this custom attribute. For example, `[2.3, 15.4]` when the key is "lengths_cm". At most 400 values are allowed.Otherwise, an INVALID_ARGUMENT error is returned. Exactly one of text or numbers should be set. Otherwise, an INVALID_ARGUMENT error is returned.
diff --git a/docs/dyn/retail_v2alpha.projects.locations.catalogs.html b/docs/dyn/retail_v2alpha.projects.locations.catalogs.html
index e813729f3c6..452b9e1c055 100644
--- a/docs/dyn/retail_v2alpha.projects.locations.catalogs.html
+++ b/docs/dyn/retail_v2alpha.projects.locations.catalogs.html
@@ -227,7 +227,7 @@ 
Method Details

       },
       "name": "A String", # Required. Immutable. The fully qualified resource name of the catalog.
       "productLevelConfig": { # Configures what level the product should be uploaded with regards to how users will be send events and how predictions will be made. # Required. The product level configuration.
-        "ingestionProductType": "A String", # The type of Products allowed to be ingested into the catalog. Acceptable values are: * `primary` (default): You can only ingest Product.Type.PRIMARY Products. This means Product.primary_product_id can only be empty or set to the same value as Product.id. * `variant`: You can only ingest Product.Type.VARIANT Products. This means Product.primary_product_id cannot be empty. If this field is set to an invalid value other than these, an INVALID_ARGUMENT error is returned. If this field is `variant` and merchant_center_product_id_field is `itemGroupId`, an INVALID_ARGUMENT error is returned. See [Using product levels](https://cloud.google.com/retail/recommendations-ai/docs/catalog#product-levels) for more details.
+        "ingestionProductType": "A String", # The type of Products allowed to be ingested into the catalog. Acceptable values are: * `primary` (default): You can ingest Products of all types. When ingesting a Product, its type will default to Product.Type.PRIMARY if unset. * `variant`: You can only ingest Product.Type.VARIANT Products. This means Product.primary_product_id cannot be empty. If this field is set to an invalid value other than these, an INVALID_ARGUMENT error is returned. If this field is `variant` and merchant_center_product_id_field is `itemGroupId`, an INVALID_ARGUMENT error is returned. See [Using product levels](https://cloud.google.com/retail/recommendations-ai/docs/catalog#product-levels) for more details.
         "merchantCenterProductIdField": "A String", # Which field of [Merchant Center Product](/bigquery-transfer/docs/merchant-center-products-schema) should be imported as Product.id. Acceptable values are: * `offerId` (default): Import `offerId` as the product ID. * `itemGroupId`: Import `itemGroupId` as the product ID. Notice that Retail API will choose one item from the ones with the same `itemGroupId`, and use it to represent the item group. If this field is set to an invalid value other than these, an INVALID_ARGUMENT error is returned. If this field is `itemGroupId` and ingestion_product_type is `variant`, an INVALID_ARGUMENT error is returned. See [Using product levels](https://cloud.google.com/retail/recommendations-ai/docs/catalog#product-levels) for more details.
       },
     },
@@ -274,7 +274,7 @@ 
Method Details

   },
   "name": "A String", # Required. Immutable. The fully qualified resource name of the catalog.
   "productLevelConfig": { # Configures what level the product should be uploaded with regards to how users will be send events and how predictions will be made. # Required. The product level configuration.
-    "ingestionProductType": "A String", # The type of Products allowed to be ingested into the catalog. Acceptable values are: * `primary` (default): You can only ingest Product.Type.PRIMARY Products. This means Product.primary_product_id can only be empty or set to the same value as Product.id. * `variant`: You can only ingest Product.Type.VARIANT Products. This means Product.primary_product_id cannot be empty. If this field is set to an invalid value other than these, an INVALID_ARGUMENT error is returned. If this field is `variant` and merchant_center_product_id_field is `itemGroupId`, an INVALID_ARGUMENT error is returned. See [Using product levels](https://cloud.google.com/retail/recommendations-ai/docs/catalog#product-levels) for more details.
+    "ingestionProductType": "A String", # The type of Products allowed to be ingested into the catalog. Acceptable values are: * `primary` (default): You can ingest Products of all types. When ingesting a Product, its type will default to Product.Type.PRIMARY if unset. * `variant`: You can only ingest Product.Type.VARIANT Products. This means Product.primary_product_id cannot be empty. If this field is set to an invalid value other than these, an INVALID_ARGUMENT error is returned. If this field is `variant` and merchant_center_product_id_field is `itemGroupId`, an INVALID_ARGUMENT error is returned. See [Using product levels](https://cloud.google.com/retail/recommendations-ai/docs/catalog#product-levels) for more details.
     "merchantCenterProductIdField": "A String", # Which field of [Merchant Center Product](/bigquery-transfer/docs/merchant-center-products-schema) should be imported as Product.id. Acceptable values are: * `offerId` (default): Import `offerId` as the product ID. * `itemGroupId`: Import `itemGroupId` as the product ID. Notice that Retail API will choose one item from the ones with the same `itemGroupId`, and use it to represent the item group. If this field is set to an invalid value other than these, an INVALID_ARGUMENT error is returned. If this field is `itemGroupId` and ingestion_product_type is `variant`, an INVALID_ARGUMENT error is returned. See [Using product levels](https://cloud.google.com/retail/recommendations-ai/docs/catalog#product-levels) for more details.
   },
 }
@@ -303,7 +303,7 @@ 
Method Details

   },
   "name": "A String", # Required. Immutable. The fully qualified resource name of the catalog.
   "productLevelConfig": { # Configures what level the product should be uploaded with regards to how users will be send events and how predictions will be made. # Required. The product level configuration.
-    "ingestionProductType": "A String", # The type of Products allowed to be ingested into the catalog. Acceptable values are: * `primary` (default): You can only ingest Product.Type.PRIMARY Products. This means Product.primary_product_id can only be empty or set to the same value as Product.id. * `variant`: You can only ingest Product.Type.VARIANT Products. This means Product.primary_product_id cannot be empty. If this field is set to an invalid value other than these, an INVALID_ARGUMENT error is returned. If this field is `variant` and merchant_center_product_id_field is `itemGroupId`, an INVALID_ARGUMENT error is returned. See [Using product levels](https://cloud.google.com/retail/recommendations-ai/docs/catalog#product-levels) for more details.
+    "ingestionProductType": "A String", # The type of Products allowed to be ingested into the catalog. Acceptable values are: * `primary` (default): You can ingest Products of all types. When ingesting a Product, its type will default to Product.Type.PRIMARY if unset. * `variant`: You can only ingest Product.Type.VARIANT Products. This means Product.primary_product_id cannot be empty. If this field is set to an invalid value other than these, an INVALID_ARGUMENT error is returned. If this field is `variant` and merchant_center_product_id_field is `itemGroupId`, an INVALID_ARGUMENT error is returned. See [Using product levels](https://cloud.google.com/retail/recommendations-ai/docs/catalog#product-levels) for more details.
     "merchantCenterProductIdField": "A String", # Which field of [Merchant Center Product](/bigquery-transfer/docs/merchant-center-products-schema) should be imported as Product.id. Acceptable values are: * `offerId` (default): Import `offerId` as the product ID. * `itemGroupId`: Import `itemGroupId` as the product ID. Notice that Retail API will choose one item from the ones with the same `itemGroupId`, and use it to represent the item group. If this field is set to an invalid value other than these, an INVALID_ARGUMENT error is returned. If this field is `itemGroupId` and ingestion_product_type is `variant`, an INVALID_ARGUMENT error is returned. See [Using product levels](https://cloud.google.com/retail/recommendations-ai/docs/catalog#product-levels) for more details.
   },
 }

diff --git a/docs/dyn/retail_v2beta.projects.locations.catalogs.html b/docs/dyn/retail_v2beta.projects.locations.catalogs.html
index 147d713319e..9ee8a7f1657 100644
--- a/docs/dyn/retail_v2beta.projects.locations.catalogs.html
+++ b/docs/dyn/retail_v2beta.projects.locations.catalogs.html
@@ -216,7 +216,7 @@ 
Method Details

       "displayName": "A String", # Required. Immutable. The catalog display name. This field must be a UTF-8 encoded string with a length limit of 128 characters. Otherwise, an INVALID_ARGUMENT error is returned.
       "name": "A String", # Required. Immutable. The fully qualified resource name of the catalog.
       "productLevelConfig": { # Configures what level the product should be uploaded with regards to how users will be send events and how predictions will be made. # Required. The product level configuration.
-        "ingestionProductType": "A String", # The type of Products allowed to be ingested into the catalog. Acceptable values are: * `primary` (default): You can only ingest Product.Type.PRIMARY Products. This means Product.primary_product_id can only be empty or set to the same value as Product.id. * `variant`: You can only ingest Product.Type.VARIANT Products. This means Product.primary_product_id cannot be empty. If this field is set to an invalid value other than these, an INVALID_ARGUMENT error is returned. If this field is `variant` and merchant_center_product_id_field is `itemGroupId`, an INVALID_ARGUMENT error is returned. See [Using product levels](https://cloud.google.com/retail/recommendations-ai/docs/catalog#product-levels) for more details.
+        "ingestionProductType": "A String", # The type of Products allowed to be ingested into the catalog. Acceptable values are: * `primary` (default): You can ingest Products of all types. When ingesting a Product, its type will default to Product.Type.PRIMARY if unset. * `variant`: You can only ingest Product.Type.VARIANT Products. This means Product.primary_product_id cannot be empty. If this field is set to an invalid value other than these, an INVALID_ARGUMENT error is returned. If this field is `variant` and merchant_center_product_id_field is `itemGroupId`, an INVALID_ARGUMENT error is returned. See [Using product levels](https://cloud.google.com/retail/recommendations-ai/docs/catalog#product-levels) for more details.
         "merchantCenterProductIdField": "A String", # Which field of [Merchant Center Product](/bigquery-transfer/docs/merchant-center-products-schema) should be imported as Product.id. Acceptable values are: * `offerId` (default): Import `offerId` as the product ID. * `itemGroupId`: Import `itemGroupId` as the product ID. Notice that Retail API will choose one item from the ones with the same `itemGroupId`, and use it to represent the item group. If this field is set to an invalid value other than these, an INVALID_ARGUMENT error is returned. If this field is `itemGroupId` and ingestion_product_type is `variant`, an INVALID_ARGUMENT error is returned. See [Using product levels](https://cloud.google.com/retail/recommendations-ai/docs/catalog#product-levels) for more details.
       },
     },
@@ -252,7 +252,7 @@ 
Method Details

   "displayName": "A String", # Required. Immutable. The catalog display name. This field must be a UTF-8 encoded string with a length limit of 128 characters. Otherwise, an INVALID_ARGUMENT error is returned.
   "name": "A String", # Required. Immutable. The fully qualified resource name of the catalog.
   "productLevelConfig": { # Configures what level the product should be uploaded with regards to how users will be send events and how predictions will be made. # Required. The product level configuration.
-    "ingestionProductType": "A String", # The type of Products allowed to be ingested into the catalog. Acceptable values are: * `primary` (default): You can only ingest Product.Type.PRIMARY Products. This means Product.primary_product_id can only be empty or set to the same value as Product.id. * `variant`: You can only ingest Product.Type.VARIANT Products. This means Product.primary_product_id cannot be empty. If this field is set to an invalid value other than these, an INVALID_ARGUMENT error is returned. If this field is `variant` and merchant_center_product_id_field is `itemGroupId`, an INVALID_ARGUMENT error is returned. See [Using product levels](https://cloud.google.com/retail/recommendations-ai/docs/catalog#product-levels) for more details.
+    "ingestionProductType": "A String", # The type of Products allowed to be ingested into the catalog. Acceptable values are: * `primary` (default): You can ingest Products of all types. When ingesting a Product, its type will default to Product.Type.PRIMARY if unset. * `variant`: You can only ingest Product.Type.VARIANT Products. This means Product.primary_product_id cannot be empty. If this field is set to an invalid value other than these, an INVALID_ARGUMENT error is returned. If this field is `variant` and merchant_center_product_id_field is `itemGroupId`, an INVALID_ARGUMENT error is returned. See [Using product levels](https://cloud.google.com/retail/recommendations-ai/docs/catalog#product-levels) for more details.
     "merchantCenterProductIdField": "A String", # Which field of [Merchant Center Product](/bigquery-transfer/docs/merchant-center-products-schema) should be imported as Product.id. Acceptable values are: * `offerId` (default): Import `offerId` as the product ID. * `itemGroupId`: Import `itemGroupId` as the product ID. Notice that Retail API will choose one item from the ones with the same `itemGroupId`, and use it to represent the item group. If this field is set to an invalid value other than these, an INVALID_ARGUMENT error is returned. If this field is `itemGroupId` and ingestion_product_type is `variant`, an INVALID_ARGUMENT error is returned. See [Using product levels](https://cloud.google.com/retail/recommendations-ai/docs/catalog#product-levels) for more details.
   },
 }
@@ -270,7 +270,7 @@ 
Method Details

   "displayName": "A String", # Required. Immutable. The catalog display name. This field must be a UTF-8 encoded string with a length limit of 128 characters. Otherwise, an INVALID_ARGUMENT error is returned.
   "name": "A String", # Required. Immutable. The fully qualified resource name of the catalog.
   "productLevelConfig": { # Configures what level the product should be uploaded with regards to how users will be send events and how predictions will be made. # Required. The product level configuration.
-    "ingestionProductType": "A String", # The type of Products allowed to be ingested into the catalog. Acceptable values are: * `primary` (default): You can only ingest Product.Type.PRIMARY Products. This means Product.primary_product_id can only be empty or set to the same value as Product.id. * `variant`: You can only ingest Product.Type.VARIANT Products. This means Product.primary_product_id cannot be empty. If this field is set to an invalid value other than these, an INVALID_ARGUMENT error is returned. If this field is `variant` and merchant_center_product_id_field is `itemGroupId`, an INVALID_ARGUMENT error is returned. See [Using product levels](https://cloud.google.com/retail/recommendations-ai/docs/catalog#product-levels) for more details.
+    "ingestionProductType": "A String", # The type of Products allowed to be ingested into the catalog. Acceptable values are: * `primary` (default): You can ingest Products of all types. When ingesting a Product, its type will default to Product.Type.PRIMARY if unset. * `variant`: You can only ingest Product.Type.VARIANT Products. This means Product.primary_product_id cannot be empty. If this field is set to an invalid value other than these, an INVALID_ARGUMENT error is returned. If this field is `variant` and merchant_center_product_id_field is `itemGroupId`, an INVALID_ARGUMENT error is returned. See [Using product levels](https://cloud.google.com/retail/recommendations-ai/docs/catalog#product-levels) for more details.
     "merchantCenterProductIdField": "A String", # Which field of [Merchant Center Product](/bigquery-transfer/docs/merchant-center-products-schema) should be imported as Product.id. Acceptable values are: * `offerId` (default): Import `offerId` as the product ID. * `itemGroupId`: Import `itemGroupId` as the product ID. Notice that Retail API will choose one item from the ones with the same `itemGroupId`, and use it to represent the item group. If this field is set to an invalid value other than these, an INVALID_ARGUMENT error is returned. If this field is `itemGroupId` and ingestion_product_type is `variant`, an INVALID_ARGUMENT error is returned. See [Using product levels](https://cloud.google.com/retail/recommendations-ai/docs/catalog#product-levels) for more details.
   },
 }

diff --git a/docs/dyn/run_v1.projects.locations.services.html b/docs/dyn/run_v1.projects.locations.services.html
index 5551f4e17b4..19c968a867c 100644
--- a/docs/dyn/run_v1.projects.locations.services.html
+++ b/docs/dyn/run_v1.projects.locations.services.html
@@ -1128,7 +1128,7 @@ 
Method Details

 
 Args:
   resource: string, REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. (required)
-  options_requestedPolicyVersion: integer, Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  options_requestedPolicyVersion: integer, Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
diff --git a/docs/dyn/runtimeconfig_v1beta1.projects.configs.html b/docs/dyn/runtimeconfig_v1beta1.projects.configs.html
index c9a6f3a365d..9f03d4618c2 100644
--- a/docs/dyn/runtimeconfig_v1beta1.projects.configs.html
+++ b/docs/dyn/runtimeconfig_v1beta1.projects.configs.html
@@ -198,7 +198,7 @@ 
Method Details

 
 Args:
   resource: string, REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. (required)
-  options_requestedPolicyVersion: integer, Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  options_requestedPolicyVersion: integer, Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
diff --git a/docs/dyn/secretmanager_v1.projects.secrets.html b/docs/dyn/secretmanager_v1.projects.secrets.html
index a41e82f8f7b..f3b88f18a7f 100644
--- a/docs/dyn/secretmanager_v1.projects.secrets.html
+++ b/docs/dyn/secretmanager_v1.projects.secrets.html
@@ -337,7 +337,7 @@ 
Method Details

 
 Args:
   resource: string, REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. (required)
-  options_requestedPolicyVersion: integer, Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  options_requestedPolicyVersion: integer, Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
diff --git a/docs/dyn/secretmanager_v1beta1.projects.secrets.html b/docs/dyn/secretmanager_v1beta1.projects.secrets.html
index 09cf7695c7a..7802bfc106b 100644
--- a/docs/dyn/secretmanager_v1beta1.projects.secrets.html
+++ b/docs/dyn/secretmanager_v1beta1.projects.secrets.html
@@ -264,7 +264,7 @@ 
Method Details

 
 Args:
   resource: string, REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. (required)
-  options_requestedPolicyVersion: integer, Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  options_requestedPolicyVersion: integer, Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
diff --git a/docs/dyn/securitycenter_v1.folders.findings.html b/docs/dyn/securitycenter_v1.folders.findings.html
new file mode 100644
index 00000000000..2ee57d72fca
--- /dev/null
+++ b/docs/dyn/securitycenter_v1.folders.findings.html
@@ -0,0 +1,132 @@
+
+
+
+
Security Command Center API . folders . findings

+
Instance Methods

+

+  bulkMute(parent, body=None, x__xgafv=None)

+
Kicks off an LRO to bulk mute findings for a parent based on a filter. The parent can be either an organization, folder or project. The findings matched by the filter will be muted after the LRO is done.

+

+  close()

+
Close httplib2 connections.

+
Method Details

+

+    bulkMute(parent, body=None, x__xgafv=None)
+  
Kicks off an LRO to bulk mute findings for a parent based on a filter. The parent can be either an organization, folder or project. The findings matched by the filter will be muted after the LRO is done.
+
+Args:
+  parent: string, Required. The parent, at which bulk action needs to be applied. Its format is "organizations/[organization_id]", "folders/[folder_id]", "projects/[project_id]". (required)
+  body: object, The request body.
+    The object takes the form of:
+
+{ # Request message for bulk findings update. Note: 1. If multiple bulk update requests match the same resource, the order in which they get executed is not defined. 2. Once a bulk operation is started, there is no way to stop it.
+  "filter": "A String", # Expression that identifies findings that should be updated. The expression is a list of zero or more restrictions combined via logical operators `AND` and `OR`. Parentheses are supported, and `OR` has higher precedence than `AND`. Restrictions have the form ` ` and may have a `-` character in front of them to indicate negation. The fields map to those defined in the corresponding resource. The supported operators are: * `=` for all value types. * `>`, `<`, `>=`, `<=` for integer values. * `:`, meaning substring matching, for strings. The supported value types are: * string literals in quotes. * integer literals without quotes. * boolean literals `true` and `false` without quotes.
+  "muteAnnotation": "A String", # This can be a mute configuration name or any identifier for mute/unmute of findings based on the filter.
+}
+
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # This resource represents a long-running operation that is the result of a network API call.
+  "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+  "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+    "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+    "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+      {
+        "a_key": "", # Properties of the object. Contains field @type with type URL.
+      },
+    ],
+    "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+  },
+  "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+    "a_key": "", # Properties of the object. Contains field @type with type URL.
+  },
+  "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+  "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+    "a_key": "", # Properties of the object. Contains field @type with type URL.
+  },
+}

+

+
+

+    close()
+  
Close httplib2 connections.

+

+
+
\ No newline at end of file
diff --git a/docs/dyn/securitycenter_v1.folders.html b/docs/dyn/securitycenter_v1.folders.html
index f65ddfd020d..1589e45ea7f 100644
--- a/docs/dyn/securitycenter_v1.folders.html
+++ b/docs/dyn/securitycenter_v1.folders.html
@@ -79,6 +79,16 @@ 
Instance Methods

 

 
Returns the assets Resource.

 
+

+  findings()
+

+
Returns the findings Resource.

+
+

+  muteConfigs()
+

+
Returns the muteConfigs Resource.

+
 

   sources()
 

diff --git a/docs/dyn/securitycenter_v1.folders.muteConfigs.html b/docs/dyn/securitycenter_v1.folders.muteConfigs.html
new file mode 100644
index 00000000000..5d6e9f7f0c1
--- /dev/null
+++ b/docs/dyn/securitycenter_v1.folders.muteConfigs.html
@@ -0,0 +1,271 @@
+
+
+
+
Security Command Center API . folders . muteConfigs

+
Instance Methods

+

+  close()

+
Close httplib2 connections.

+

+  create(parent, body=None, muteConfigId=None, x__xgafv=None)

+
Creates a mute config.

+

+  delete(name, x__xgafv=None)

+
Deletes an existing mute config.

+

+  get(name, x__xgafv=None)

+
Gets a mute config.

+

+  list(parent, pageSize=None, pageToken=None, x__xgafv=None)

+
Lists mute configs.

+

+  list_next(previous_request, previous_response)

+
Retrieves the next page of results.

+

+  patch(name, body=None, updateMask=None, x__xgafv=None)

+
Updates a mute config.

+
Method Details

+

+    close()
+  
Close httplib2 connections.

+

+
+

+    create(parent, body=None, muteConfigId=None, x__xgafv=None)
+  
Creates a mute config.
+
+Args:
+  parent: string, Required. Resource name of the new mute configs's parent. Its format is "organizations/[organization_id]", "folders/[folder_id]", or "projects/[project_id]". (required)
+  body: object, The request body.
+    The object takes the form of:
+
+{ # A mute config is a Cloud SCC resource that contains the configuration to mute create/update events of findings.
+  "createTime": "A String", # Output only. The time at which the mute config was created. This field is set by the server and will be ignored if provided on config creation.
+  "description": "A String", # A description of the mute config.
+  "displayName": "A String", # The human readable name to be displayed for the mute config.
+  "filter": "A String", # Required. An expression that defines the filter to apply across create/update events of findings. While creating a filter string, be mindful of the scope in which the mute configuration is being created. E.g., If a filter contains project = X but is created under the project = Y scope, it might not match any findings. The following field and operator combinations are supported: * severity: `=`, `:` * category: `=`, `:` * resource.name: `=`, `:` * resource.project_name: `=`, `:` * resource.project_display_name: `=`, `:` * resource.folders.resource_folder: `=`, `:` * resource.parent_name: `=`, `:` * resource.parent_display_name: `=`, `:` * resource.type: `=`, `:` * finding_class: `=`, `:` * indicator.ip_addresses: `=`, `:` * indicator.domains: `=`, `:`
+  "mostRecentEditor": "A String", # Output only. Email address of the user who last edited the mute config. This field is set by the server and will be ignored if provided on config creation or update.
+  "name": "A String", # This field will be ignored if provided on config creation. Format "organizations/{organization}/muteConfigs/{mute_config}" "folders/{folder}/muteConfigs/{mute_config}" "projects/{project}/muteConfigs/{mute_config}"
+  "updateTime": "A String", # Output only. The most recent time at which the mute config was updated. This field is set by the server and will be ignored if provided on config creation or update.
+}
+
+  muteConfigId: string, Required. Unique identifier provided by the client within the parent scope. It must consist of lower case letters, numbers, and hyphen, with the first character a letter, the last a letter or a number, and a 63 character maximum.
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # A mute config is a Cloud SCC resource that contains the configuration to mute create/update events of findings.
+  "createTime": "A String", # Output only. The time at which the mute config was created. This field is set by the server and will be ignored if provided on config creation.
+  "description": "A String", # A description of the mute config.
+  "displayName": "A String", # The human readable name to be displayed for the mute config.
+  "filter": "A String", # Required. An expression that defines the filter to apply across create/update events of findings. While creating a filter string, be mindful of the scope in which the mute configuration is being created. E.g., If a filter contains project = X but is created under the project = Y scope, it might not match any findings. The following field and operator combinations are supported: * severity: `=`, `:` * category: `=`, `:` * resource.name: `=`, `:` * resource.project_name: `=`, `:` * resource.project_display_name: `=`, `:` * resource.folders.resource_folder: `=`, `:` * resource.parent_name: `=`, `:` * resource.parent_display_name: `=`, `:` * resource.type: `=`, `:` * finding_class: `=`, `:` * indicator.ip_addresses: `=`, `:` * indicator.domains: `=`, `:`
+  "mostRecentEditor": "A String", # Output only. Email address of the user who last edited the mute config. This field is set by the server and will be ignored if provided on config creation or update.
+  "name": "A String", # This field will be ignored if provided on config creation. Format "organizations/{organization}/muteConfigs/{mute_config}" "folders/{folder}/muteConfigs/{mute_config}" "projects/{project}/muteConfigs/{mute_config}"
+  "updateTime": "A String", # Output only. The most recent time at which the mute config was updated. This field is set by the server and will be ignored if provided on config creation or update.
+}

+

+
+

+    delete(name, x__xgafv=None)
+  
Deletes an existing mute config.
+
+Args:
+  name: string, Required. Name of the mute config to delete. Its format is organizations/{organization}/muteConfigs/{config_id}, folders/{folder}/muteConfigs/{config_id}, or projects/{project}/muteConfigs/{config_id} (required)
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for `Empty` is empty JSON object `{}`.
+}

+

+
+

+    get(name, x__xgafv=None)
+  
Gets a mute config.
+
+Args:
+  name: string, Required. Name of the mute config to retrieve. Its format is organizations/{organization}/muteConfigs/{config_id}, folders/{folder}/muteConfigs/{config_id}, or projects/{project}/muteConfigs/{config_id} (required)
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # A mute config is a Cloud SCC resource that contains the configuration to mute create/update events of findings.
+  "createTime": "A String", # Output only. The time at which the mute config was created. This field is set by the server and will be ignored if provided on config creation.
+  "description": "A String", # A description of the mute config.
+  "displayName": "A String", # The human readable name to be displayed for the mute config.
+  "filter": "A String", # Required. An expression that defines the filter to apply across create/update events of findings. While creating a filter string, be mindful of the scope in which the mute configuration is being created. E.g., If a filter contains project = X but is created under the project = Y scope, it might not match any findings. The following field and operator combinations are supported: * severity: `=`, `:` * category: `=`, `:` * resource.name: `=`, `:` * resource.project_name: `=`, `:` * resource.project_display_name: `=`, `:` * resource.folders.resource_folder: `=`, `:` * resource.parent_name: `=`, `:` * resource.parent_display_name: `=`, `:` * resource.type: `=`, `:` * finding_class: `=`, `:` * indicator.ip_addresses: `=`, `:` * indicator.domains: `=`, `:`
+  "mostRecentEditor": "A String", # Output only. Email address of the user who last edited the mute config. This field is set by the server and will be ignored if provided on config creation or update.
+  "name": "A String", # This field will be ignored if provided on config creation. Format "organizations/{organization}/muteConfigs/{mute_config}" "folders/{folder}/muteConfigs/{mute_config}" "projects/{project}/muteConfigs/{mute_config}"
+  "updateTime": "A String", # Output only. The most recent time at which the mute config was updated. This field is set by the server and will be ignored if provided on config creation or update.
+}

+

+
+

+    list(parent, pageSize=None, pageToken=None, x__xgafv=None)
+  
Lists mute configs.
+
+Args:
+  parent: string, Required. The parent, which owns the collection of mute configs. Its format is "organizations/[organization_id]", "folders/[folder_id]", "projects/[project_id]". (required)
+  pageSize: integer, The maximum number of configs to return. The service may return fewer than this value. If unspecified, at most 10 configs will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
+  pageToken: string, A page token, received from a previous `ListMuteConfigs` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListMuteConfigs` must match the call that provided the page token.
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # Response message for listing mute configs.
+  "muteConfigs": [ # The mute configs from the specified parent.
+    { # A mute config is a Cloud SCC resource that contains the configuration to mute create/update events of findings.
+      "createTime": "A String", # Output only. The time at which the mute config was created. This field is set by the server and will be ignored if provided on config creation.
+      "description": "A String", # A description of the mute config.
+      "displayName": "A String", # The human readable name to be displayed for the mute config.
+      "filter": "A String", # Required. An expression that defines the filter to apply across create/update events of findings. While creating a filter string, be mindful of the scope in which the mute configuration is being created. E.g., If a filter contains project = X but is created under the project = Y scope, it might not match any findings. The following field and operator combinations are supported: * severity: `=`, `:` * category: `=`, `:` * resource.name: `=`, `:` * resource.project_name: `=`, `:` * resource.project_display_name: `=`, `:` * resource.folders.resource_folder: `=`, `:` * resource.parent_name: `=`, `:` * resource.parent_display_name: `=`, `:` * resource.type: `=`, `:` * finding_class: `=`, `:` * indicator.ip_addresses: `=`, `:` * indicator.domains: `=`, `:`
+      "mostRecentEditor": "A String", # Output only. Email address of the user who last edited the mute config. This field is set by the server and will be ignored if provided on config creation or update.
+      "name": "A String", # This field will be ignored if provided on config creation. Format "organizations/{organization}/muteConfigs/{mute_config}" "folders/{folder}/muteConfigs/{mute_config}" "projects/{project}/muteConfigs/{mute_config}"
+      "updateTime": "A String", # Output only. The most recent time at which the mute config was updated. This field is set by the server and will be ignored if provided on config creation or update.
+    },
+  ],
+  "nextPageToken": "A String", # A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.
+}

+

+
+

+    list_next(previous_request, previous_response)
+  
Retrieves the next page of results.
+
+Args:
+  previous_request: The request for the previous page. (required)
+  previous_response: The response from the request for the previous page. (required)
+
+Returns:
+  A request object that you can call 'execute()' on to request the next
+  page. Returns None if there are no more items in the collection.
+    

+

+
+

+    patch(name, body=None, updateMask=None, x__xgafv=None)
+  
Updates a mute config.
+
+Args:
+  name: string, This field will be ignored if provided on config creation. Format "organizations/{organization}/muteConfigs/{mute_config}" "folders/{folder}/muteConfigs/{mute_config}" "projects/{project}/muteConfigs/{mute_config}" (required)
+  body: object, The request body.
+    The object takes the form of:
+
+{ # A mute config is a Cloud SCC resource that contains the configuration to mute create/update events of findings.
+  "createTime": "A String", # Output only. The time at which the mute config was created. This field is set by the server and will be ignored if provided on config creation.
+  "description": "A String", # A description of the mute config.
+  "displayName": "A String", # The human readable name to be displayed for the mute config.
+  "filter": "A String", # Required. An expression that defines the filter to apply across create/update events of findings. While creating a filter string, be mindful of the scope in which the mute configuration is being created. E.g., If a filter contains project = X but is created under the project = Y scope, it might not match any findings. The following field and operator combinations are supported: * severity: `=`, `:` * category: `=`, `:` * resource.name: `=`, `:` * resource.project_name: `=`, `:` * resource.project_display_name: `=`, `:` * resource.folders.resource_folder: `=`, `:` * resource.parent_name: `=`, `:` * resource.parent_display_name: `=`, `:` * resource.type: `=`, `:` * finding_class: `=`, `:` * indicator.ip_addresses: `=`, `:` * indicator.domains: `=`, `:`
+  "mostRecentEditor": "A String", # Output only. Email address of the user who last edited the mute config. This field is set by the server and will be ignored if provided on config creation or update.
+  "name": "A String", # This field will be ignored if provided on config creation. Format "organizations/{organization}/muteConfigs/{mute_config}" "folders/{folder}/muteConfigs/{mute_config}" "projects/{project}/muteConfigs/{mute_config}"
+  "updateTime": "A String", # Output only. The most recent time at which the mute config was updated. This field is set by the server and will be ignored if provided on config creation or update.
+}
+
+  updateMask: string, The list of fields to be updated. If empty all mutable fields will be updated.
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # A mute config is a Cloud SCC resource that contains the configuration to mute create/update events of findings.
+  "createTime": "A String", # Output only. The time at which the mute config was created. This field is set by the server and will be ignored if provided on config creation.
+  "description": "A String", # A description of the mute config.
+  "displayName": "A String", # The human readable name to be displayed for the mute config.
+  "filter": "A String", # Required. An expression that defines the filter to apply across create/update events of findings. While creating a filter string, be mindful of the scope in which the mute configuration is being created. E.g., If a filter contains project = X but is created under the project = Y scope, it might not match any findings. The following field and operator combinations are supported: * severity: `=`, `:` * category: `=`, `:` * resource.name: `=`, `:` * resource.project_name: `=`, `:` * resource.project_display_name: `=`, `:` * resource.folders.resource_folder: `=`, `:` * resource.parent_name: `=`, `:` * resource.parent_display_name: `=`, `:` * resource.type: `=`, `:` * finding_class: `=`, `:` * indicator.ip_addresses: `=`, `:` * indicator.domains: `=`, `:`
+  "mostRecentEditor": "A String", # Output only. Email address of the user who last edited the mute config. This field is set by the server and will be ignored if provided on config creation or update.
+  "name": "A String", # This field will be ignored if provided on config creation. Format "organizations/{organization}/muteConfigs/{mute_config}" "folders/{folder}/muteConfigs/{mute_config}" "projects/{project}/muteConfigs/{mute_config}"
+  "updateTime": "A String", # Output only. The most recent time at which the mute config was updated. This field is set by the server and will be ignored if provided on config creation or update.
+}

+

+
+
\ No newline at end of file
diff --git a/docs/dyn/securitycenter_v1.folders.sources.findings.externalSystems.html b/docs/dyn/securitycenter_v1.folders.sources.findings.externalSystems.html
new file mode 100644
index 00000000000..d5cabf8ca0c
--- /dev/null
+++ b/docs/dyn/securitycenter_v1.folders.sources.findings.externalSystems.html
@@ -0,0 +1,128 @@
+
+
+
+
Security Command Center API . folders . sources . findings . externalSystems

+
Instance Methods

+

+  close()

+
Close httplib2 connections.

+

+  patch(name, body=None, updateMask=None, x__xgafv=None)

+
Updates external system. This is for a given finding.

+
Method Details

+

+    close()
+  
Close httplib2 connections.

+

+
+

+    patch(name, body=None, updateMask=None, x__xgafv=None)
+  
Updates external system. This is for a given finding.
+
+Args:
+  name: string, External System Name e.g. jira, demisto, etc. e.g.: organizations/1234/sources/5678/findings/123456/externalSystems/jira folders/1234/sources/5678/findings/123456/externalSystems/jira projects/1234/sources/5678/findings/123456/externalSystems/jira (required)
+  body: object, The request body.
+    The object takes the form of:
+
+{ # Representation of third party SIEM/SOAR fields within SCC.
+  "assignees": [ # References primary/secondary etc assignees in the external system.
+    "A String",
+  ],
+  "externalSystemUpdateTime": "A String", # The most recent time when the corresponding finding's ticket/tracker was updated in the external system.
+  "externalUid": "A String", # Identifier that's used to track the given finding in the external system.
+  "name": "A String", # External System Name e.g. jira, demisto, etc. e.g.: organizations/1234/sources/5678/findings/123456/externalSystems/jira folders/1234/sources/5678/findings/123456/externalSystems/jira projects/1234/sources/5678/findings/123456/externalSystems/jira
+  "status": "A String", # Most recent status of the corresponding finding's ticket/tracker in the external system.
+}
+
+  updateMask: string, The FieldMask to use when updating the external system resource. If empty all mutable fields will be updated.
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # Representation of third party SIEM/SOAR fields within SCC.
+  "assignees": [ # References primary/secondary etc assignees in the external system.
+    "A String",
+  ],
+  "externalSystemUpdateTime": "A String", # The most recent time when the corresponding finding's ticket/tracker was updated in the external system.
+  "externalUid": "A String", # Identifier that's used to track the given finding in the external system.
+  "name": "A String", # External System Name e.g. jira, demisto, etc. e.g.: organizations/1234/sources/5678/findings/123456/externalSystems/jira folders/1234/sources/5678/findings/123456/externalSystems/jira projects/1234/sources/5678/findings/123456/externalSystems/jira
+  "status": "A String", # Most recent status of the corresponding finding's ticket/tracker in the external system.
+}

+

+
+
\ No newline at end of file
diff --git a/docs/dyn/securitycenter_v1.folders.sources.findings.html b/docs/dyn/securitycenter_v1.folders.sources.findings.html
index 4671ba574f1..69d34aaa687 100644
--- a/docs/dyn/securitycenter_v1.folders.sources.findings.html
+++ b/docs/dyn/securitycenter_v1.folders.sources.findings.html
@@ -74,6 +74,11 @@
 
 
Security Command Center API . folders . sources . findings

 
Instance Methods

+

+  externalSystems()
+

+
Returns the externalSystems Resource.

+
 

   close()

 
Close httplib2 connections.

@@ -92,6 +97,9 @@ 
Instance Methods

 

   patch(name, body=None, updateMask=None, x__xgafv=None)

 
Creates or updates a finding. The corresponding source must exist for a finding creation to succeed.

+

+  setMute(name, body=None, x__xgafv=None)

+
Updates the mute state of a finding.

 

   setState(name, body=None, x__xgafv=None)

 
Updates the state of a finding.

@@ -188,6 +196,17 @@ 
Method Details

         "category": "A String", # The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"
         "createTime": "A String", # The time at which the finding was created in Security Command Center.
         "eventTime": "A String", # The time at which the event took place, or when an update to the finding occurred. For example, if the finding represents an open firewall it would capture the time the detector believes the firewall became open. The accuracy is determined by the detector. If the finding were to be resolved afterward, this time would reflect when the finding was resolved. Must not be set to a value greater than the current timestamp.
+        "externalSystems": { # Output only. Third party SIEM/SOAR fields within SCC, contains external system information and external system finding fields.
+          "a_key": { # Representation of third party SIEM/SOAR fields within SCC.
+            "assignees": [ # References primary/secondary etc assignees in the external system.
+              "A String",
+            ],
+            "externalSystemUpdateTime": "A String", # The most recent time when the corresponding finding's ticket/tracker was updated in the external system.
+            "externalUid": "A String", # Identifier that's used to track the given finding in the external system.
+            "name": "A String", # External System Name e.g. jira, demisto, etc. e.g.: organizations/1234/sources/5678/findings/123456/externalSystems/jira folders/1234/sources/5678/findings/123456/externalSystems/jira projects/1234/sources/5678/findings/123456/externalSystems/jira
+            "status": "A String", # Most recent status of the corresponding finding's ticket/tracker in the external system.
+          },
+        },
         "externalUri": "A String", # The URI that, if available, points to a web page outside of Security Command Center where additional information about the finding can be found. This field is guaranteed to be either empty or a well formed URL.
         "findingClass": "A String", # The class of the finding.
         "indicator": { # Represents what's commonly known as an Indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise # Represents what's commonly known as an Indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise
@@ -198,6 +217,9 @@ 
Method Details

             "A String",
           ],
         },
+        "mute": "A String", # Indicates the mute state of a finding (either unspecified, muted, unmuted or undefined).
+        "muteInitiator": "A String", # First known as mute_annotation. Records additional information about the mute operation e.g. mute config that muted the finding, user who muted the finding, etc.
+        "muteUpdateTime": "A String", # Output only. The most recent time this finding was muted or unmuted.
         "name": "A String", # The relative resource name of this finding. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}"
         "parent": "A String", # The relative resource name of the source the finding belongs to. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name This field is immutable after creation time. For example: "organizations/{organization_id}/sources/{source_id}"
         "resourceName": "A String", # For findings on Google Cloud resources, the full resource name of the Google Cloud resource this finding is for. See: https://cloud.google.com/apis/design/resource_names#full_resource_name When the finding is for a non-Google Cloud resource, the resourceName can be a customer or partner defined string. This field is immutable after creation time.
@@ -288,6 +310,17 @@ 
Method Details

   "category": "A String", # The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"
   "createTime": "A String", # The time at which the finding was created in Security Command Center.
   "eventTime": "A String", # The time at which the event took place, or when an update to the finding occurred. For example, if the finding represents an open firewall it would capture the time the detector believes the firewall became open. The accuracy is determined by the detector. If the finding were to be resolved afterward, this time would reflect when the finding was resolved. Must not be set to a value greater than the current timestamp.
+  "externalSystems": { # Output only. Third party SIEM/SOAR fields within SCC, contains external system information and external system finding fields.
+    "a_key": { # Representation of third party SIEM/SOAR fields within SCC.
+      "assignees": [ # References primary/secondary etc assignees in the external system.
+        "A String",
+      ],
+      "externalSystemUpdateTime": "A String", # The most recent time when the corresponding finding's ticket/tracker was updated in the external system.
+      "externalUid": "A String", # Identifier that's used to track the given finding in the external system.
+      "name": "A String", # External System Name e.g. jira, demisto, etc. e.g.: organizations/1234/sources/5678/findings/123456/externalSystems/jira folders/1234/sources/5678/findings/123456/externalSystems/jira projects/1234/sources/5678/findings/123456/externalSystems/jira
+      "status": "A String", # Most recent status of the corresponding finding's ticket/tracker in the external system.
+    },
+  },
   "externalUri": "A String", # The URI that, if available, points to a web page outside of Security Command Center where additional information about the finding can be found. This field is guaranteed to be either empty or a well formed URL.
   "findingClass": "A String", # The class of the finding.
   "indicator": { # Represents what's commonly known as an Indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise # Represents what's commonly known as an Indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise
@@ -298,6 +331,9 @@ 
Method Details

       "A String",
     ],
   },
+  "mute": "A String", # Indicates the mute state of a finding (either unspecified, muted, unmuted or undefined).
+  "muteInitiator": "A String", # First known as mute_annotation. Records additional information about the mute operation e.g. mute config that muted the finding, user who muted the finding, etc.
+  "muteUpdateTime": "A String", # Output only. The most recent time this finding was muted or unmuted.
   "name": "A String", # The relative resource name of this finding. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}"
   "parent": "A String", # The relative resource name of the source the finding belongs to. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name This field is immutable after creation time. For example: "organizations/{organization_id}/sources/{source_id}"
   "resourceName": "A String", # For findings on Google Cloud resources, the full resource name of the Google Cloud resource this finding is for. See: https://cloud.google.com/apis/design/resource_names#full_resource_name When the finding is for a non-Google Cloud resource, the resourceName can be a customer or partner defined string. This field is immutable after creation time.
@@ -351,6 +387,17 @@ 
Method Details

   "category": "A String", # The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"
   "createTime": "A String", # The time at which the finding was created in Security Command Center.
   "eventTime": "A String", # The time at which the event took place, or when an update to the finding occurred. For example, if the finding represents an open firewall it would capture the time the detector believes the firewall became open. The accuracy is determined by the detector. If the finding were to be resolved afterward, this time would reflect when the finding was resolved. Must not be set to a value greater than the current timestamp.
+  "externalSystems": { # Output only. Third party SIEM/SOAR fields within SCC, contains external system information and external system finding fields.
+    "a_key": { # Representation of third party SIEM/SOAR fields within SCC.
+      "assignees": [ # References primary/secondary etc assignees in the external system.
+        "A String",
+      ],
+      "externalSystemUpdateTime": "A String", # The most recent time when the corresponding finding's ticket/tracker was updated in the external system.
+      "externalUid": "A String", # Identifier that's used to track the given finding in the external system.
+      "name": "A String", # External System Name e.g. jira, demisto, etc. e.g.: organizations/1234/sources/5678/findings/123456/externalSystems/jira folders/1234/sources/5678/findings/123456/externalSystems/jira projects/1234/sources/5678/findings/123456/externalSystems/jira
+      "status": "A String", # Most recent status of the corresponding finding's ticket/tracker in the external system.
+    },
+  },
   "externalUri": "A String", # The URI that, if available, points to a web page outside of Security Command Center where additional information about the finding can be found. This field is guaranteed to be either empty or a well formed URL.
   "findingClass": "A String", # The class of the finding.
   "indicator": { # Represents what's commonly known as an Indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise # Represents what's commonly known as an Indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise
@@ -361,6 +408,99 @@ 
Method Details

       "A String",
     ],
   },
+  "mute": "A String", # Indicates the mute state of a finding (either unspecified, muted, unmuted or undefined).
+  "muteInitiator": "A String", # First known as mute_annotation. Records additional information about the mute operation e.g. mute config that muted the finding, user who muted the finding, etc.
+  "muteUpdateTime": "A String", # Output only. The most recent time this finding was muted or unmuted.
+  "name": "A String", # The relative resource name of this finding. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}"
+  "parent": "A String", # The relative resource name of the source the finding belongs to. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name This field is immutable after creation time. For example: "organizations/{organization_id}/sources/{source_id}"
+  "resourceName": "A String", # For findings on Google Cloud resources, the full resource name of the Google Cloud resource this finding is for. See: https://cloud.google.com/apis/design/resource_names#full_resource_name When the finding is for a non-Google Cloud resource, the resourceName can be a customer or partner defined string. This field is immutable after creation time.
+  "securityMarks": { # User specified security marks that are attached to the parent Security Command Center resource. Security marks are scoped within a Security Command Center organization -- they can be modified and viewed by all users who have proper permissions on the organization. # Output only. User specified security marks. These marks are entirely managed by the user and come from the SecurityMarks resource that belongs to the finding.
+    "canonicalName": "A String", # The canonical name of the marks. Examples: "organizations/{organization_id}/assets/{asset_id}/securityMarks" "folders/{folder_id}/assets/{asset_id}/securityMarks" "projects/{project_number}/assets/{asset_id}/securityMarks" "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}/securityMarks" "folders/{folder_id}/sources/{source_id}/findings/{finding_id}/securityMarks" "projects/{project_number}/sources/{source_id}/findings/{finding_id}/securityMarks"
+    "marks": { # Mutable user specified security marks belonging to the parent resource. Constraints are as follows: * Keys and values are treated as case insensitive * Keys must be between 1 - 256 characters (inclusive) * Keys must be letters, numbers, underscores, or dashes * Values have leading and trailing whitespace trimmed, remaining characters must be between 1 - 4096 characters (inclusive)
+      "a_key": "A String",
+    },
+    "name": "A String", # The relative resource name of the SecurityMarks. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Examples: "organizations/{organization_id}/assets/{asset_id}/securityMarks" "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}/securityMarks".
+  },
+  "severity": "A String", # The severity of the finding. This field is managed by the source that writes the finding.
+  "sourceProperties": { # Source specific properties. These properties are managed by the source that writes the finding. The key names in the source_properties map must be between 1 and 255 characters, and must start with a letter and contain alphanumeric characters or underscores only.
+    "a_key": "",
+  },
+  "state": "A String", # The state of the finding.
+  "vulnerability": { # Refers to common vulnerability fields e.g. cve, cvss, cwe etc. # Represents vulnerability specific fields like cve, cvss scores etc. CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)
+    "cve": { # CVE stands for Common Vulnerabilities and Exposures. More information: https://cve.mitre.org # CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)
+      "cvssv3": { # Common Vulnerability Scoring System version 3. # Describe Common Vulnerability Scoring System specified at https://www.first.org/cvss/v3.1/specification-document
+        "attackComplexity": "A String", # This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.
+        "attackVector": "A String", # Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. This metric reflects the context by which vulnerability exploitation is possible.
+        "availabilityImpact": "A String", # This metric measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability.
+        "baseScore": 3.14, # The base score is a function of the base metric scores.
+        "confidentialityImpact": "A String", # This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.
+        "integrityImpact": "A String", # This metric measures the impact to integrity of a successfully exploited vulnerability.
+        "privilegesRequired": "A String", # This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.
+        "scope": "A String", # The Scope metric captures whether a vulnerability in one vulnerable component impacts resources in components beyond its security scope.
+        "userInteraction": "A String", # This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable component.
+      },
+      "id": "A String", # The unique identifier for the vulnerability. e.g. CVE-2021-34527
+      "references": [ # Additional information about the CVE. e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527
+        { # Additional Links
+          "source": "A String", # Source of the reference e.g. NVD
+          "uri": "A String", # Uri for the mentioned source e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527.
+        },
+      ],
+    },
+  },
+}

+

+
+

+    setMute(name, body=None, x__xgafv=None)
+  
Updates the mute state of a finding.
+
+Args:
+  name: string, Required. The relative resource name of the finding. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/{organization_id}/sources/{source_id}/finding/{finding_id}", "folders/{folder_id}/sources/{source_id}/finding/{finding_id}", "projects/{project_id}/sources/{source_id}/finding/{finding_id}". (required)
+  body: object, The request body.
+    The object takes the form of:
+
+{ # Request message for updating a finding's mute status.
+  "mute": "A String", # Required. The desired state of the Mute.
+}
+
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # Security Command Center finding. A finding is a record of assessment data like security, risk, health, or privacy, that is ingested into Security Command Center for presentation, notification, analysis, policy testing, and enforcement. For example, a cross-site scripting (XSS) vulnerability in an App Engine application is a finding.
+  "canonicalName": "A String", # The canonical name of the finding. It's either "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}" or "projects/{project_number}/sources/{source_id}/findings/{finding_id}", depending on the closest CRM ancestor of the resource associated with the finding.
+  "category": "A String", # The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"
+  "createTime": "A String", # The time at which the finding was created in Security Command Center.
+  "eventTime": "A String", # The time at which the event took place, or when an update to the finding occurred. For example, if the finding represents an open firewall it would capture the time the detector believes the firewall became open. The accuracy is determined by the detector. If the finding were to be resolved afterward, this time would reflect when the finding was resolved. Must not be set to a value greater than the current timestamp.
+  "externalSystems": { # Output only. Third party SIEM/SOAR fields within SCC, contains external system information and external system finding fields.
+    "a_key": { # Representation of third party SIEM/SOAR fields within SCC.
+      "assignees": [ # References primary/secondary etc assignees in the external system.
+        "A String",
+      ],
+      "externalSystemUpdateTime": "A String", # The most recent time when the corresponding finding's ticket/tracker was updated in the external system.
+      "externalUid": "A String", # Identifier that's used to track the given finding in the external system.
+      "name": "A String", # External System Name e.g. jira, demisto, etc. e.g.: organizations/1234/sources/5678/findings/123456/externalSystems/jira folders/1234/sources/5678/findings/123456/externalSystems/jira projects/1234/sources/5678/findings/123456/externalSystems/jira
+      "status": "A String", # Most recent status of the corresponding finding's ticket/tracker in the external system.
+    },
+  },
+  "externalUri": "A String", # The URI that, if available, points to a web page outside of Security Command Center where additional information about the finding can be found. This field is guaranteed to be either empty or a well formed URL.
+  "findingClass": "A String", # The class of the finding.
+  "indicator": { # Represents what's commonly known as an Indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise # Represents what's commonly known as an Indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise
+    "domains": [ # List of domains associated to the Finding.
+      "A String",
+    ],
+    "ipAddresses": [ # List of ip addresses associated to the Finding.
+      "A String",
+    ],
+  },
+  "mute": "A String", # Indicates the mute state of a finding (either unspecified, muted, unmuted or undefined).
+  "muteInitiator": "A String", # First known as mute_annotation. Records additional information about the mute operation e.g. mute config that muted the finding, user who muted the finding, etc.
+  "muteUpdateTime": "A String", # Output only. The most recent time this finding was muted or unmuted.
   "name": "A String", # The relative resource name of this finding. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}"
   "parent": "A String", # The relative resource name of the source the finding belongs to. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name This field is immutable after creation time. For example: "organizations/{organization_id}/sources/{source_id}"
   "resourceName": "A String", # For findings on Google Cloud resources, the full resource name of the Google Cloud resource this finding is for. See: https://cloud.google.com/apis/design/resource_names#full_resource_name When the finding is for a non-Google Cloud resource, the resourceName can be a customer or partner defined string. This field is immutable after creation time.
@@ -428,6 +568,17 @@ 
Method Details

   "category": "A String", # The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"
   "createTime": "A String", # The time at which the finding was created in Security Command Center.
   "eventTime": "A String", # The time at which the event took place, or when an update to the finding occurred. For example, if the finding represents an open firewall it would capture the time the detector believes the firewall became open. The accuracy is determined by the detector. If the finding were to be resolved afterward, this time would reflect when the finding was resolved. Must not be set to a value greater than the current timestamp.
+  "externalSystems": { # Output only. Third party SIEM/SOAR fields within SCC, contains external system information and external system finding fields.
+    "a_key": { # Representation of third party SIEM/SOAR fields within SCC.
+      "assignees": [ # References primary/secondary etc assignees in the external system.
+        "A String",
+      ],
+      "externalSystemUpdateTime": "A String", # The most recent time when the corresponding finding's ticket/tracker was updated in the external system.
+      "externalUid": "A String", # Identifier that's used to track the given finding in the external system.
+      "name": "A String", # External System Name e.g. jira, demisto, etc. e.g.: organizations/1234/sources/5678/findings/123456/externalSystems/jira folders/1234/sources/5678/findings/123456/externalSystems/jira projects/1234/sources/5678/findings/123456/externalSystems/jira
+      "status": "A String", # Most recent status of the corresponding finding's ticket/tracker in the external system.
+    },
+  },
   "externalUri": "A String", # The URI that, if available, points to a web page outside of Security Command Center where additional information about the finding can be found. This field is guaranteed to be either empty or a well formed URL.
   "findingClass": "A String", # The class of the finding.
   "indicator": { # Represents what's commonly known as an Indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise # Represents what's commonly known as an Indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise
@@ -438,6 +589,9 @@ 
Method Details

       "A String",
     ],
   },
+  "mute": "A String", # Indicates the mute state of a finding (either unspecified, muted, unmuted or undefined).
+  "muteInitiator": "A String", # First known as mute_annotation. Records additional information about the mute operation e.g. mute config that muted the finding, user who muted the finding, etc.
+  "muteUpdateTime": "A String", # Output only. The most recent time this finding was muted or unmuted.
   "name": "A String", # The relative resource name of this finding. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}"
   "parent": "A String", # The relative resource name of the source the finding belongs to. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name This field is immutable after creation time. For example: "organizations/{organization_id}/sources/{source_id}"
   "resourceName": "A String", # For findings on Google Cloud resources, the full resource name of the Google Cloud resource this finding is for. See: https://cloud.google.com/apis/design/resource_names#full_resource_name When the finding is for a non-Google Cloud resource, the resourceName can be a customer or partner defined string. This field is immutable after creation time.
diff --git a/docs/dyn/securitycenter_v1.organizations.findings.html b/docs/dyn/securitycenter_v1.organizations.findings.html
new file mode 100644
index 00000000000..42fd896252f
--- /dev/null
+++ b/docs/dyn/securitycenter_v1.organizations.findings.html
@@ -0,0 +1,132 @@
+
+
+
+
Security Command Center API . organizations . findings

+
Instance Methods

+

+  bulkMute(parent, body=None, x__xgafv=None)

+
Kicks off an LRO to bulk mute findings for a parent based on a filter. The parent can be either an organization, folder or project. The findings matched by the filter will be muted after the LRO is done.

+

+  close()

+
Close httplib2 connections.

+
Method Details

+

+    bulkMute(parent, body=None, x__xgafv=None)
+  
Kicks off an LRO to bulk mute findings for a parent based on a filter. The parent can be either an organization, folder or project. The findings matched by the filter will be muted after the LRO is done.
+
+Args:
+  parent: string, Required. The parent, at which bulk action needs to be applied. Its format is "organizations/[organization_id]", "folders/[folder_id]", "projects/[project_id]". (required)
+  body: object, The request body.
+    The object takes the form of:
+
+{ # Request message for bulk findings update. Note: 1. If multiple bulk update requests match the same resource, the order in which they get executed is not defined. 2. Once a bulk operation is started, there is no way to stop it.
+  "filter": "A String", # Expression that identifies findings that should be updated. The expression is a list of zero or more restrictions combined via logical operators `AND` and `OR`. Parentheses are supported, and `OR` has higher precedence than `AND`. Restrictions have the form ` ` and may have a `-` character in front of them to indicate negation. The fields map to those defined in the corresponding resource. The supported operators are: * `=` for all value types. * `>`, `<`, `>=`, `<=` for integer values. * `:`, meaning substring matching, for strings. The supported value types are: * string literals in quotes. * integer literals without quotes. * boolean literals `true` and `false` without quotes.
+  "muteAnnotation": "A String", # This can be a mute configuration name or any identifier for mute/unmute of findings based on the filter.
+}
+
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # This resource represents a long-running operation that is the result of a network API call.
+  "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+  "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+    "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+    "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+      {
+        "a_key": "", # Properties of the object. Contains field @type with type URL.
+      },
+    ],
+    "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+  },
+  "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+    "a_key": "", # Properties of the object. Contains field @type with type URL.
+  },
+  "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+  "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+    "a_key": "", # Properties of the object. Contains field @type with type URL.
+  },
+}

+

+
+

+    close()
+  
Close httplib2 connections.

+

+
+
\ No newline at end of file
diff --git a/docs/dyn/securitycenter_v1.organizations.html b/docs/dyn/securitycenter_v1.organizations.html
index e183e35366f..68b691ee83f 100644
--- a/docs/dyn/securitycenter_v1.organizations.html
+++ b/docs/dyn/securitycenter_v1.organizations.html
@@ -79,6 +79,16 @@ 
Instance Methods

 

 
Returns the assets Resource.

 
+

+  findings()
+

+
Returns the findings Resource.

+
+

+  muteConfigs()
+

+
Returns the muteConfigs Resource.

+
 

   notificationConfigs()
 

diff --git a/docs/dyn/securitycenter_v1.organizations.muteConfigs.html b/docs/dyn/securitycenter_v1.organizations.muteConfigs.html
new file mode 100644
index 00000000000..ef8412cdb97
--- /dev/null
+++ b/docs/dyn/securitycenter_v1.organizations.muteConfigs.html
@@ -0,0 +1,271 @@
+
+
+
+
Security Command Center API . organizations . muteConfigs

+
Instance Methods

+

+  close()

+
Close httplib2 connections.

+

+  create(parent, body=None, muteConfigId=None, x__xgafv=None)

+
Creates a mute config.

+

+  delete(name, x__xgafv=None)

+
Deletes an existing mute config.

+

+  get(name, x__xgafv=None)

+
Gets a mute config.

+

+  list(parent, pageSize=None, pageToken=None, x__xgafv=None)

+
Lists mute configs.

+

+  list_next(previous_request, previous_response)

+
Retrieves the next page of results.

+

+  patch(name, body=None, updateMask=None, x__xgafv=None)

+
Updates a mute config.

+
Method Details

+

+    close()
+  
Close httplib2 connections.

+

+
+

+    create(parent, body=None, muteConfigId=None, x__xgafv=None)
+  
Creates a mute config.
+
+Args:
+  parent: string, Required. Resource name of the new mute configs's parent. Its format is "organizations/[organization_id]", "folders/[folder_id]", or "projects/[project_id]". (required)
+  body: object, The request body.
+    The object takes the form of:
+
+{ # A mute config is a Cloud SCC resource that contains the configuration to mute create/update events of findings.
+  "createTime": "A String", # Output only. The time at which the mute config was created. This field is set by the server and will be ignored if provided on config creation.
+  "description": "A String", # A description of the mute config.
+  "displayName": "A String", # The human readable name to be displayed for the mute config.
+  "filter": "A String", # Required. An expression that defines the filter to apply across create/update events of findings. While creating a filter string, be mindful of the scope in which the mute configuration is being created. E.g., If a filter contains project = X but is created under the project = Y scope, it might not match any findings. The following field and operator combinations are supported: * severity: `=`, `:` * category: `=`, `:` * resource.name: `=`, `:` * resource.project_name: `=`, `:` * resource.project_display_name: `=`, `:` * resource.folders.resource_folder: `=`, `:` * resource.parent_name: `=`, `:` * resource.parent_display_name: `=`, `:` * resource.type: `=`, `:` * finding_class: `=`, `:` * indicator.ip_addresses: `=`, `:` * indicator.domains: `=`, `:`
+  "mostRecentEditor": "A String", # Output only. Email address of the user who last edited the mute config. This field is set by the server and will be ignored if provided on config creation or update.
+  "name": "A String", # This field will be ignored if provided on config creation. Format "organizations/{organization}/muteConfigs/{mute_config}" "folders/{folder}/muteConfigs/{mute_config}" "projects/{project}/muteConfigs/{mute_config}"
+  "updateTime": "A String", # Output only. The most recent time at which the mute config was updated. This field is set by the server and will be ignored if provided on config creation or update.
+}
+
+  muteConfigId: string, Required. Unique identifier provided by the client within the parent scope. It must consist of lower case letters, numbers, and hyphen, with the first character a letter, the last a letter or a number, and a 63 character maximum.
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # A mute config is a Cloud SCC resource that contains the configuration to mute create/update events of findings.
+  "createTime": "A String", # Output only. The time at which the mute config was created. This field is set by the server and will be ignored if provided on config creation.
+  "description": "A String", # A description of the mute config.
+  "displayName": "A String", # The human readable name to be displayed for the mute config.
+  "filter": "A String", # Required. An expression that defines the filter to apply across create/update events of findings. While creating a filter string, be mindful of the scope in which the mute configuration is being created. E.g., If a filter contains project = X but is created under the project = Y scope, it might not match any findings. The following field and operator combinations are supported: * severity: `=`, `:` * category: `=`, `:` * resource.name: `=`, `:` * resource.project_name: `=`, `:` * resource.project_display_name: `=`, `:` * resource.folders.resource_folder: `=`, `:` * resource.parent_name: `=`, `:` * resource.parent_display_name: `=`, `:` * resource.type: `=`, `:` * finding_class: `=`, `:` * indicator.ip_addresses: `=`, `:` * indicator.domains: `=`, `:`
+  "mostRecentEditor": "A String", # Output only. Email address of the user who last edited the mute config. This field is set by the server and will be ignored if provided on config creation or update.
+  "name": "A String", # This field will be ignored if provided on config creation. Format "organizations/{organization}/muteConfigs/{mute_config}" "folders/{folder}/muteConfigs/{mute_config}" "projects/{project}/muteConfigs/{mute_config}"
+  "updateTime": "A String", # Output only. The most recent time at which the mute config was updated. This field is set by the server and will be ignored if provided on config creation or update.
+}

+

+
+

+    delete(name, x__xgafv=None)
+  
Deletes an existing mute config.
+
+Args:
+  name: string, Required. Name of the mute config to delete. Its format is organizations/{organization}/muteConfigs/{config_id}, folders/{folder}/muteConfigs/{config_id}, or projects/{project}/muteConfigs/{config_id} (required)
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for `Empty` is empty JSON object `{}`.
+}

+

+
+

+    get(name, x__xgafv=None)
+  
Gets a mute config.
+
+Args:
+  name: string, Required. Name of the mute config to retrieve. Its format is organizations/{organization}/muteConfigs/{config_id}, folders/{folder}/muteConfigs/{config_id}, or projects/{project}/muteConfigs/{config_id} (required)
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # A mute config is a Cloud SCC resource that contains the configuration to mute create/update events of findings.
+  "createTime": "A String", # Output only. The time at which the mute config was created. This field is set by the server and will be ignored if provided on config creation.
+  "description": "A String", # A description of the mute config.
+  "displayName": "A String", # The human readable name to be displayed for the mute config.
+  "filter": "A String", # Required. An expression that defines the filter to apply across create/update events of findings. While creating a filter string, be mindful of the scope in which the mute configuration is being created. E.g., If a filter contains project = X but is created under the project = Y scope, it might not match any findings. The following field and operator combinations are supported: * severity: `=`, `:` * category: `=`, `:` * resource.name: `=`, `:` * resource.project_name: `=`, `:` * resource.project_display_name: `=`, `:` * resource.folders.resource_folder: `=`, `:` * resource.parent_name: `=`, `:` * resource.parent_display_name: `=`, `:` * resource.type: `=`, `:` * finding_class: `=`, `:` * indicator.ip_addresses: `=`, `:` * indicator.domains: `=`, `:`
+  "mostRecentEditor": "A String", # Output only. Email address of the user who last edited the mute config. This field is set by the server and will be ignored if provided on config creation or update.
+  "name": "A String", # This field will be ignored if provided on config creation. Format "organizations/{organization}/muteConfigs/{mute_config}" "folders/{folder}/muteConfigs/{mute_config}" "projects/{project}/muteConfigs/{mute_config}"
+  "updateTime": "A String", # Output only. The most recent time at which the mute config was updated. This field is set by the server and will be ignored if provided on config creation or update.
+}

+

+
+

+    list(parent, pageSize=None, pageToken=None, x__xgafv=None)
+  
Lists mute configs.
+
+Args:
+  parent: string, Required. The parent, which owns the collection of mute configs. Its format is "organizations/[organization_id]", "folders/[folder_id]", "projects/[project_id]". (required)
+  pageSize: integer, The maximum number of configs to return. The service may return fewer than this value. If unspecified, at most 10 configs will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
+  pageToken: string, A page token, received from a previous `ListMuteConfigs` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListMuteConfigs` must match the call that provided the page token.
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # Response message for listing mute configs.
+  "muteConfigs": [ # The mute configs from the specified parent.
+    { # A mute config is a Cloud SCC resource that contains the configuration to mute create/update events of findings.
+      "createTime": "A String", # Output only. The time at which the mute config was created. This field is set by the server and will be ignored if provided on config creation.
+      "description": "A String", # A description of the mute config.
+      "displayName": "A String", # The human readable name to be displayed for the mute config.
+      "filter": "A String", # Required. An expression that defines the filter to apply across create/update events of findings. While creating a filter string, be mindful of the scope in which the mute configuration is being created. E.g., If a filter contains project = X but is created under the project = Y scope, it might not match any findings. The following field and operator combinations are supported: * severity: `=`, `:` * category: `=`, `:` * resource.name: `=`, `:` * resource.project_name: `=`, `:` * resource.project_display_name: `=`, `:` * resource.folders.resource_folder: `=`, `:` * resource.parent_name: `=`, `:` * resource.parent_display_name: `=`, `:` * resource.type: `=`, `:` * finding_class: `=`, `:` * indicator.ip_addresses: `=`, `:` * indicator.domains: `=`, `:`
+      "mostRecentEditor": "A String", # Output only. Email address of the user who last edited the mute config. This field is set by the server and will be ignored if provided on config creation or update.
+      "name": "A String", # This field will be ignored if provided on config creation. Format "organizations/{organization}/muteConfigs/{mute_config}" "folders/{folder}/muteConfigs/{mute_config}" "projects/{project}/muteConfigs/{mute_config}"
+      "updateTime": "A String", # Output only. The most recent time at which the mute config was updated. This field is set by the server and will be ignored if provided on config creation or update.
+    },
+  ],
+  "nextPageToken": "A String", # A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.
+}

+

+
+

+    list_next(previous_request, previous_response)
+  
Retrieves the next page of results.
+
+Args:
+  previous_request: The request for the previous page. (required)
+  previous_response: The response from the request for the previous page. (required)
+
+Returns:
+  A request object that you can call 'execute()' on to request the next
+  page. Returns None if there are no more items in the collection.
+    

+

+
+

+    patch(name, body=None, updateMask=None, x__xgafv=None)
+  
Updates a mute config.
+
+Args:
+  name: string, This field will be ignored if provided on config creation. Format "organizations/{organization}/muteConfigs/{mute_config}" "folders/{folder}/muteConfigs/{mute_config}" "projects/{project}/muteConfigs/{mute_config}" (required)
+  body: object, The request body.
+    The object takes the form of:
+
+{ # A mute config is a Cloud SCC resource that contains the configuration to mute create/update events of findings.
+  "createTime": "A String", # Output only. The time at which the mute config was created. This field is set by the server and will be ignored if provided on config creation.
+  "description": "A String", # A description of the mute config.
+  "displayName": "A String", # The human readable name to be displayed for the mute config.
+  "filter": "A String", # Required. An expression that defines the filter to apply across create/update events of findings. While creating a filter string, be mindful of the scope in which the mute configuration is being created. E.g., If a filter contains project = X but is created under the project = Y scope, it might not match any findings. The following field and operator combinations are supported: * severity: `=`, `:` * category: `=`, `:` * resource.name: `=`, `:` * resource.project_name: `=`, `:` * resource.project_display_name: `=`, `:` * resource.folders.resource_folder: `=`, `:` * resource.parent_name: `=`, `:` * resource.parent_display_name: `=`, `:` * resource.type: `=`, `:` * finding_class: `=`, `:` * indicator.ip_addresses: `=`, `:` * indicator.domains: `=`, `:`
+  "mostRecentEditor": "A String", # Output only. Email address of the user who last edited the mute config. This field is set by the server and will be ignored if provided on config creation or update.
+  "name": "A String", # This field will be ignored if provided on config creation. Format "organizations/{organization}/muteConfigs/{mute_config}" "folders/{folder}/muteConfigs/{mute_config}" "projects/{project}/muteConfigs/{mute_config}"
+  "updateTime": "A String", # Output only. The most recent time at which the mute config was updated. This field is set by the server and will be ignored if provided on config creation or update.
+}
+
+  updateMask: string, The list of fields to be updated. If empty all mutable fields will be updated.
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # A mute config is a Cloud SCC resource that contains the configuration to mute create/update events of findings.
+  "createTime": "A String", # Output only. The time at which the mute config was created. This field is set by the server and will be ignored if provided on config creation.
+  "description": "A String", # A description of the mute config.
+  "displayName": "A String", # The human readable name to be displayed for the mute config.
+  "filter": "A String", # Required. An expression that defines the filter to apply across create/update events of findings. While creating a filter string, be mindful of the scope in which the mute configuration is being created. E.g., If a filter contains project = X but is created under the project = Y scope, it might not match any findings. The following field and operator combinations are supported: * severity: `=`, `:` * category: `=`, `:` * resource.name: `=`, `:` * resource.project_name: `=`, `:` * resource.project_display_name: `=`, `:` * resource.folders.resource_folder: `=`, `:` * resource.parent_name: `=`, `:` * resource.parent_display_name: `=`, `:` * resource.type: `=`, `:` * finding_class: `=`, `:` * indicator.ip_addresses: `=`, `:` * indicator.domains: `=`, `:`
+  "mostRecentEditor": "A String", # Output only. Email address of the user who last edited the mute config. This field is set by the server and will be ignored if provided on config creation or update.
+  "name": "A String", # This field will be ignored if provided on config creation. Format "organizations/{organization}/muteConfigs/{mute_config}" "folders/{folder}/muteConfigs/{mute_config}" "projects/{project}/muteConfigs/{mute_config}"
+  "updateTime": "A String", # Output only. The most recent time at which the mute config was updated. This field is set by the server and will be ignored if provided on config creation or update.
+}

+

+
+
\ No newline at end of file
diff --git a/docs/dyn/securitycenter_v1.organizations.sources.findings.externalSystems.html b/docs/dyn/securitycenter_v1.organizations.sources.findings.externalSystems.html
new file mode 100644
index 00000000000..243150de456
--- /dev/null
+++ b/docs/dyn/securitycenter_v1.organizations.sources.findings.externalSystems.html
@@ -0,0 +1,128 @@
+
+
+
+
Security Command Center API . organizations . sources . findings . externalSystems

+
Instance Methods

+

+  close()

+
Close httplib2 connections.

+

+  patch(name, body=None, updateMask=None, x__xgafv=None)

+
Updates external system. This is for a given finding.

+
Method Details

+

+    close()
+  
Close httplib2 connections.

+

+
+

+    patch(name, body=None, updateMask=None, x__xgafv=None)
+  
Updates external system. This is for a given finding.
+
+Args:
+  name: string, External System Name e.g. jira, demisto, etc. e.g.: organizations/1234/sources/5678/findings/123456/externalSystems/jira folders/1234/sources/5678/findings/123456/externalSystems/jira projects/1234/sources/5678/findings/123456/externalSystems/jira (required)
+  body: object, The request body.
+    The object takes the form of:
+
+{ # Representation of third party SIEM/SOAR fields within SCC.
+  "assignees": [ # References primary/secondary etc assignees in the external system.
+    "A String",
+  ],
+  "externalSystemUpdateTime": "A String", # The most recent time when the corresponding finding's ticket/tracker was updated in the external system.
+  "externalUid": "A String", # Identifier that's used to track the given finding in the external system.
+  "name": "A String", # External System Name e.g. jira, demisto, etc. e.g.: organizations/1234/sources/5678/findings/123456/externalSystems/jira folders/1234/sources/5678/findings/123456/externalSystems/jira projects/1234/sources/5678/findings/123456/externalSystems/jira
+  "status": "A String", # Most recent status of the corresponding finding's ticket/tracker in the external system.
+}
+
+  updateMask: string, The FieldMask to use when updating the external system resource. If empty all mutable fields will be updated.
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # Representation of third party SIEM/SOAR fields within SCC.
+  "assignees": [ # References primary/secondary etc assignees in the external system.
+    "A String",
+  ],
+  "externalSystemUpdateTime": "A String", # The most recent time when the corresponding finding's ticket/tracker was updated in the external system.
+  "externalUid": "A String", # Identifier that's used to track the given finding in the external system.
+  "name": "A String", # External System Name e.g. jira, demisto, etc. e.g.: organizations/1234/sources/5678/findings/123456/externalSystems/jira folders/1234/sources/5678/findings/123456/externalSystems/jira projects/1234/sources/5678/findings/123456/externalSystems/jira
+  "status": "A String", # Most recent status of the corresponding finding's ticket/tracker in the external system.
+}

+

+
+
\ No newline at end of file
diff --git a/docs/dyn/securitycenter_v1.organizations.sources.findings.html b/docs/dyn/securitycenter_v1.organizations.sources.findings.html
index bdd997fabb7..64863d2ae70 100644
--- a/docs/dyn/securitycenter_v1.organizations.sources.findings.html
+++ b/docs/dyn/securitycenter_v1.organizations.sources.findings.html
@@ -74,6 +74,11 @@
 
 
Security Command Center API . organizations . sources . findings

 
Instance Methods

+

+  externalSystems()
+

+
Returns the externalSystems Resource.

+
 

   close()

 
Close httplib2 connections.

@@ -95,6 +100,9 @@ 
Instance Methods

 

   patch(name, body=None, updateMask=None, x__xgafv=None)

 
Creates or updates a finding. The corresponding source must exist for a finding creation to succeed.

+

+  setMute(name, body=None, x__xgafv=None)

+
Updates the mute state of a finding.

 

   setState(name, body=None, x__xgafv=None)

 
Updates the state of a finding.

@@ -121,6 +129,17 @@ 
Method Details

   "category": "A String", # The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"
   "createTime": "A String", # The time at which the finding was created in Security Command Center.
   "eventTime": "A String", # The time at which the event took place, or when an update to the finding occurred. For example, if the finding represents an open firewall it would capture the time the detector believes the firewall became open. The accuracy is determined by the detector. If the finding were to be resolved afterward, this time would reflect when the finding was resolved. Must not be set to a value greater than the current timestamp.
+  "externalSystems": { # Output only. Third party SIEM/SOAR fields within SCC, contains external system information and external system finding fields.
+    "a_key": { # Representation of third party SIEM/SOAR fields within SCC.
+      "assignees": [ # References primary/secondary etc assignees in the external system.
+        "A String",
+      ],
+      "externalSystemUpdateTime": "A String", # The most recent time when the corresponding finding's ticket/tracker was updated in the external system.
+      "externalUid": "A String", # Identifier that's used to track the given finding in the external system.
+      "name": "A String", # External System Name e.g. jira, demisto, etc. e.g.: organizations/1234/sources/5678/findings/123456/externalSystems/jira folders/1234/sources/5678/findings/123456/externalSystems/jira projects/1234/sources/5678/findings/123456/externalSystems/jira
+      "status": "A String", # Most recent status of the corresponding finding's ticket/tracker in the external system.
+    },
+  },
   "externalUri": "A String", # The URI that, if available, points to a web page outside of Security Command Center where additional information about the finding can be found. This field is guaranteed to be either empty or a well formed URL.
   "findingClass": "A String", # The class of the finding.
   "indicator": { # Represents what's commonly known as an Indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise # Represents what's commonly known as an Indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise
@@ -131,6 +150,9 @@ 
Method Details

       "A String",
     ],
   },
+  "mute": "A String", # Indicates the mute state of a finding (either unspecified, muted, unmuted or undefined).
+  "muteInitiator": "A String", # First known as mute_annotation. Records additional information about the mute operation e.g. mute config that muted the finding, user who muted the finding, etc.
+  "muteUpdateTime": "A String", # Output only. The most recent time this finding was muted or unmuted.
   "name": "A String", # The relative resource name of this finding. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}"
   "parent": "A String", # The relative resource name of the source the finding belongs to. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name This field is immutable after creation time. For example: "organizations/{organization_id}/sources/{source_id}"
   "resourceName": "A String", # For findings on Google Cloud resources, the full resource name of the Google Cloud resource this finding is for. See: https://cloud.google.com/apis/design/resource_names#full_resource_name When the finding is for a non-Google Cloud resource, the resourceName can be a customer or partner defined string. This field is immutable after creation time.
@@ -184,6 +206,17 @@ 
Method Details

   "category": "A String", # The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"
   "createTime": "A String", # The time at which the finding was created in Security Command Center.
   "eventTime": "A String", # The time at which the event took place, or when an update to the finding occurred. For example, if the finding represents an open firewall it would capture the time the detector believes the firewall became open. The accuracy is determined by the detector. If the finding were to be resolved afterward, this time would reflect when the finding was resolved. Must not be set to a value greater than the current timestamp.
+  "externalSystems": { # Output only. Third party SIEM/SOAR fields within SCC, contains external system information and external system finding fields.
+    "a_key": { # Representation of third party SIEM/SOAR fields within SCC.
+      "assignees": [ # References primary/secondary etc assignees in the external system.
+        "A String",
+      ],
+      "externalSystemUpdateTime": "A String", # The most recent time when the corresponding finding's ticket/tracker was updated in the external system.
+      "externalUid": "A String", # Identifier that's used to track the given finding in the external system.
+      "name": "A String", # External System Name e.g. jira, demisto, etc. e.g.: organizations/1234/sources/5678/findings/123456/externalSystems/jira folders/1234/sources/5678/findings/123456/externalSystems/jira projects/1234/sources/5678/findings/123456/externalSystems/jira
+      "status": "A String", # Most recent status of the corresponding finding's ticket/tracker in the external system.
+    },
+  },
   "externalUri": "A String", # The URI that, if available, points to a web page outside of Security Command Center where additional information about the finding can be found. This field is guaranteed to be either empty or a well formed URL.
   "findingClass": "A String", # The class of the finding.
   "indicator": { # Represents what's commonly known as an Indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise # Represents what's commonly known as an Indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise
@@ -194,6 +227,9 @@ 
Method Details

       "A String",
     ],
   },
+  "mute": "A String", # Indicates the mute state of a finding (either unspecified, muted, unmuted or undefined).
+  "muteInitiator": "A String", # First known as mute_annotation. Records additional information about the mute operation e.g. mute config that muted the finding, user who muted the finding, etc.
+  "muteUpdateTime": "A String", # Output only. The most recent time this finding was muted or unmuted.
   "name": "A String", # The relative resource name of this finding. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}"
   "parent": "A String", # The relative resource name of the source the finding belongs to. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name This field is immutable after creation time. For example: "organizations/{organization_id}/sources/{source_id}"
   "resourceName": "A String", # For findings on Google Cloud resources, the full resource name of the Google Cloud resource this finding is for. See: https://cloud.google.com/apis/design/resource_names#full_resource_name When the finding is for a non-Google Cloud resource, the resourceName can be a customer or partner defined string. This field is immutable after creation time.
@@ -318,6 +354,17 @@ 
Method Details

         "category": "A String", # The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"
         "createTime": "A String", # The time at which the finding was created in Security Command Center.
         "eventTime": "A String", # The time at which the event took place, or when an update to the finding occurred. For example, if the finding represents an open firewall it would capture the time the detector believes the firewall became open. The accuracy is determined by the detector. If the finding were to be resolved afterward, this time would reflect when the finding was resolved. Must not be set to a value greater than the current timestamp.
+        "externalSystems": { # Output only. Third party SIEM/SOAR fields within SCC, contains external system information and external system finding fields.
+          "a_key": { # Representation of third party SIEM/SOAR fields within SCC.
+            "assignees": [ # References primary/secondary etc assignees in the external system.
+              "A String",
+            ],
+            "externalSystemUpdateTime": "A String", # The most recent time when the corresponding finding's ticket/tracker was updated in the external system.
+            "externalUid": "A String", # Identifier that's used to track the given finding in the external system.
+            "name": "A String", # External System Name e.g. jira, demisto, etc. e.g.: organizations/1234/sources/5678/findings/123456/externalSystems/jira folders/1234/sources/5678/findings/123456/externalSystems/jira projects/1234/sources/5678/findings/123456/externalSystems/jira
+            "status": "A String", # Most recent status of the corresponding finding's ticket/tracker in the external system.
+          },
+        },
         "externalUri": "A String", # The URI that, if available, points to a web page outside of Security Command Center where additional information about the finding can be found. This field is guaranteed to be either empty or a well formed URL.
         "findingClass": "A String", # The class of the finding.
         "indicator": { # Represents what's commonly known as an Indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise # Represents what's commonly known as an Indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise
@@ -328,6 +375,9 @@ 
Method Details

             "A String",
           ],
         },
+        "mute": "A String", # Indicates the mute state of a finding (either unspecified, muted, unmuted or undefined).
+        "muteInitiator": "A String", # First known as mute_annotation. Records additional information about the mute operation e.g. mute config that muted the finding, user who muted the finding, etc.
+        "muteUpdateTime": "A String", # Output only. The most recent time this finding was muted or unmuted.
         "name": "A String", # The relative resource name of this finding. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}"
         "parent": "A String", # The relative resource name of the source the finding belongs to. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name This field is immutable after creation time. For example: "organizations/{organization_id}/sources/{source_id}"
         "resourceName": "A String", # For findings on Google Cloud resources, the full resource name of the Google Cloud resource this finding is for. See: https://cloud.google.com/apis/design/resource_names#full_resource_name When the finding is for a non-Google Cloud resource, the resourceName can be a customer or partner defined string. This field is immutable after creation time.
@@ -418,6 +468,17 @@ 
Method Details

   "category": "A String", # The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"
   "createTime": "A String", # The time at which the finding was created in Security Command Center.
   "eventTime": "A String", # The time at which the event took place, or when an update to the finding occurred. For example, if the finding represents an open firewall it would capture the time the detector believes the firewall became open. The accuracy is determined by the detector. If the finding were to be resolved afterward, this time would reflect when the finding was resolved. Must not be set to a value greater than the current timestamp.
+  "externalSystems": { # Output only. Third party SIEM/SOAR fields within SCC, contains external system information and external system finding fields.
+    "a_key": { # Representation of third party SIEM/SOAR fields within SCC.
+      "assignees": [ # References primary/secondary etc assignees in the external system.
+        "A String",
+      ],
+      "externalSystemUpdateTime": "A String", # The most recent time when the corresponding finding's ticket/tracker was updated in the external system.
+      "externalUid": "A String", # Identifier that's used to track the given finding in the external system.
+      "name": "A String", # External System Name e.g. jira, demisto, etc. e.g.: organizations/1234/sources/5678/findings/123456/externalSystems/jira folders/1234/sources/5678/findings/123456/externalSystems/jira projects/1234/sources/5678/findings/123456/externalSystems/jira
+      "status": "A String", # Most recent status of the corresponding finding's ticket/tracker in the external system.
+    },
+  },
   "externalUri": "A String", # The URI that, if available, points to a web page outside of Security Command Center where additional information about the finding can be found. This field is guaranteed to be either empty or a well formed URL.
   "findingClass": "A String", # The class of the finding.
   "indicator": { # Represents what's commonly known as an Indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise # Represents what's commonly known as an Indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise
@@ -428,6 +489,9 @@ 
Method Details

       "A String",
     ],
   },
+  "mute": "A String", # Indicates the mute state of a finding (either unspecified, muted, unmuted or undefined).
+  "muteInitiator": "A String", # First known as mute_annotation. Records additional information about the mute operation e.g. mute config that muted the finding, user who muted the finding, etc.
+  "muteUpdateTime": "A String", # Output only. The most recent time this finding was muted or unmuted.
   "name": "A String", # The relative resource name of this finding. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}"
   "parent": "A String", # The relative resource name of the source the finding belongs to. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name This field is immutable after creation time. For example: "organizations/{organization_id}/sources/{source_id}"
   "resourceName": "A String", # For findings on Google Cloud resources, the full resource name of the Google Cloud resource this finding is for. See: https://cloud.google.com/apis/design/resource_names#full_resource_name When the finding is for a non-Google Cloud resource, the resourceName can be a customer or partner defined string. This field is immutable after creation time.
@@ -481,6 +545,17 @@ 
Method Details

   "category": "A String", # The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"
   "createTime": "A String", # The time at which the finding was created in Security Command Center.
   "eventTime": "A String", # The time at which the event took place, or when an update to the finding occurred. For example, if the finding represents an open firewall it would capture the time the detector believes the firewall became open. The accuracy is determined by the detector. If the finding were to be resolved afterward, this time would reflect when the finding was resolved. Must not be set to a value greater than the current timestamp.
+  "externalSystems": { # Output only. Third party SIEM/SOAR fields within SCC, contains external system information and external system finding fields.
+    "a_key": { # Representation of third party SIEM/SOAR fields within SCC.
+      "assignees": [ # References primary/secondary etc assignees in the external system.
+        "A String",
+      ],
+      "externalSystemUpdateTime": "A String", # The most recent time when the corresponding finding's ticket/tracker was updated in the external system.
+      "externalUid": "A String", # Identifier that's used to track the given finding in the external system.
+      "name": "A String", # External System Name e.g. jira, demisto, etc. e.g.: organizations/1234/sources/5678/findings/123456/externalSystems/jira folders/1234/sources/5678/findings/123456/externalSystems/jira projects/1234/sources/5678/findings/123456/externalSystems/jira
+      "status": "A String", # Most recent status of the corresponding finding's ticket/tracker in the external system.
+    },
+  },
   "externalUri": "A String", # The URI that, if available, points to a web page outside of Security Command Center where additional information about the finding can be found. This field is guaranteed to be either empty or a well formed URL.
   "findingClass": "A String", # The class of the finding.
   "indicator": { # Represents what's commonly known as an Indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise # Represents what's commonly known as an Indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise
@@ -491,6 +566,99 @@ 
Method Details

       "A String",
     ],
   },
+  "mute": "A String", # Indicates the mute state of a finding (either unspecified, muted, unmuted or undefined).
+  "muteInitiator": "A String", # First known as mute_annotation. Records additional information about the mute operation e.g. mute config that muted the finding, user who muted the finding, etc.
+  "muteUpdateTime": "A String", # Output only. The most recent time this finding was muted or unmuted.
+  "name": "A String", # The relative resource name of this finding. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}"
+  "parent": "A String", # The relative resource name of the source the finding belongs to. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name This field is immutable after creation time. For example: "organizations/{organization_id}/sources/{source_id}"
+  "resourceName": "A String", # For findings on Google Cloud resources, the full resource name of the Google Cloud resource this finding is for. See: https://cloud.google.com/apis/design/resource_names#full_resource_name When the finding is for a non-Google Cloud resource, the resourceName can be a customer or partner defined string. This field is immutable after creation time.
+  "securityMarks": { # User specified security marks that are attached to the parent Security Command Center resource. Security marks are scoped within a Security Command Center organization -- they can be modified and viewed by all users who have proper permissions on the organization. # Output only. User specified security marks. These marks are entirely managed by the user and come from the SecurityMarks resource that belongs to the finding.
+    "canonicalName": "A String", # The canonical name of the marks. Examples: "organizations/{organization_id}/assets/{asset_id}/securityMarks" "folders/{folder_id}/assets/{asset_id}/securityMarks" "projects/{project_number}/assets/{asset_id}/securityMarks" "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}/securityMarks" "folders/{folder_id}/sources/{source_id}/findings/{finding_id}/securityMarks" "projects/{project_number}/sources/{source_id}/findings/{finding_id}/securityMarks"
+    "marks": { # Mutable user specified security marks belonging to the parent resource. Constraints are as follows: * Keys and values are treated as case insensitive * Keys must be between 1 - 256 characters (inclusive) * Keys must be letters, numbers, underscores, or dashes * Values have leading and trailing whitespace trimmed, remaining characters must be between 1 - 4096 characters (inclusive)
+      "a_key": "A String",
+    },
+    "name": "A String", # The relative resource name of the SecurityMarks. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Examples: "organizations/{organization_id}/assets/{asset_id}/securityMarks" "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}/securityMarks".
+  },
+  "severity": "A String", # The severity of the finding. This field is managed by the source that writes the finding.
+  "sourceProperties": { # Source specific properties. These properties are managed by the source that writes the finding. The key names in the source_properties map must be between 1 and 255 characters, and must start with a letter and contain alphanumeric characters or underscores only.
+    "a_key": "",
+  },
+  "state": "A String", # The state of the finding.
+  "vulnerability": { # Refers to common vulnerability fields e.g. cve, cvss, cwe etc. # Represents vulnerability specific fields like cve, cvss scores etc. CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)
+    "cve": { # CVE stands for Common Vulnerabilities and Exposures. More information: https://cve.mitre.org # CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)
+      "cvssv3": { # Common Vulnerability Scoring System version 3. # Describe Common Vulnerability Scoring System specified at https://www.first.org/cvss/v3.1/specification-document
+        "attackComplexity": "A String", # This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.
+        "attackVector": "A String", # Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. This metric reflects the context by which vulnerability exploitation is possible.
+        "availabilityImpact": "A String", # This metric measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability.
+        "baseScore": 3.14, # The base score is a function of the base metric scores.
+        "confidentialityImpact": "A String", # This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.
+        "integrityImpact": "A String", # This metric measures the impact to integrity of a successfully exploited vulnerability.
+        "privilegesRequired": "A String", # This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.
+        "scope": "A String", # The Scope metric captures whether a vulnerability in one vulnerable component impacts resources in components beyond its security scope.
+        "userInteraction": "A String", # This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable component.
+      },
+      "id": "A String", # The unique identifier for the vulnerability. e.g. CVE-2021-34527
+      "references": [ # Additional information about the CVE. e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527
+        { # Additional Links
+          "source": "A String", # Source of the reference e.g. NVD
+          "uri": "A String", # Uri for the mentioned source e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527.
+        },
+      ],
+    },
+  },
+}

+

+
+

+    setMute(name, body=None, x__xgafv=None)
+  
Updates the mute state of a finding.
+
+Args:
+  name: string, Required. The relative resource name of the finding. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/{organization_id}/sources/{source_id}/finding/{finding_id}", "folders/{folder_id}/sources/{source_id}/finding/{finding_id}", "projects/{project_id}/sources/{source_id}/finding/{finding_id}". (required)
+  body: object, The request body.
+    The object takes the form of:
+
+{ # Request message for updating a finding's mute status.
+  "mute": "A String", # Required. The desired state of the Mute.
+}
+
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # Security Command Center finding. A finding is a record of assessment data like security, risk, health, or privacy, that is ingested into Security Command Center for presentation, notification, analysis, policy testing, and enforcement. For example, a cross-site scripting (XSS) vulnerability in an App Engine application is a finding.
+  "canonicalName": "A String", # The canonical name of the finding. It's either "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}" or "projects/{project_number}/sources/{source_id}/findings/{finding_id}", depending on the closest CRM ancestor of the resource associated with the finding.
+  "category": "A String", # The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"
+  "createTime": "A String", # The time at which the finding was created in Security Command Center.
+  "eventTime": "A String", # The time at which the event took place, or when an update to the finding occurred. For example, if the finding represents an open firewall it would capture the time the detector believes the firewall became open. The accuracy is determined by the detector. If the finding were to be resolved afterward, this time would reflect when the finding was resolved. Must not be set to a value greater than the current timestamp.
+  "externalSystems": { # Output only. Third party SIEM/SOAR fields within SCC, contains external system information and external system finding fields.
+    "a_key": { # Representation of third party SIEM/SOAR fields within SCC.
+      "assignees": [ # References primary/secondary etc assignees in the external system.
+        "A String",
+      ],
+      "externalSystemUpdateTime": "A String", # The most recent time when the corresponding finding's ticket/tracker was updated in the external system.
+      "externalUid": "A String", # Identifier that's used to track the given finding in the external system.
+      "name": "A String", # External System Name e.g. jira, demisto, etc. e.g.: organizations/1234/sources/5678/findings/123456/externalSystems/jira folders/1234/sources/5678/findings/123456/externalSystems/jira projects/1234/sources/5678/findings/123456/externalSystems/jira
+      "status": "A String", # Most recent status of the corresponding finding's ticket/tracker in the external system.
+    },
+  },
+  "externalUri": "A String", # The URI that, if available, points to a web page outside of Security Command Center where additional information about the finding can be found. This field is guaranteed to be either empty or a well formed URL.
+  "findingClass": "A String", # The class of the finding.
+  "indicator": { # Represents what's commonly known as an Indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise # Represents what's commonly known as an Indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise
+    "domains": [ # List of domains associated to the Finding.
+      "A String",
+    ],
+    "ipAddresses": [ # List of ip addresses associated to the Finding.
+      "A String",
+    ],
+  },
+  "mute": "A String", # Indicates the mute state of a finding (either unspecified, muted, unmuted or undefined).
+  "muteInitiator": "A String", # First known as mute_annotation. Records additional information about the mute operation e.g. mute config that muted the finding, user who muted the finding, etc.
+  "muteUpdateTime": "A String", # Output only. The most recent time this finding was muted or unmuted.
   "name": "A String", # The relative resource name of this finding. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}"
   "parent": "A String", # The relative resource name of the source the finding belongs to. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name This field is immutable after creation time. For example: "organizations/{organization_id}/sources/{source_id}"
   "resourceName": "A String", # For findings on Google Cloud resources, the full resource name of the Google Cloud resource this finding is for. See: https://cloud.google.com/apis/design/resource_names#full_resource_name When the finding is for a non-Google Cloud resource, the resourceName can be a customer or partner defined string. This field is immutable after creation time.
@@ -558,6 +726,17 @@ 
Method Details

   "category": "A String", # The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"
   "createTime": "A String", # The time at which the finding was created in Security Command Center.
   "eventTime": "A String", # The time at which the event took place, or when an update to the finding occurred. For example, if the finding represents an open firewall it would capture the time the detector believes the firewall became open. The accuracy is determined by the detector. If the finding were to be resolved afterward, this time would reflect when the finding was resolved. Must not be set to a value greater than the current timestamp.
+  "externalSystems": { # Output only. Third party SIEM/SOAR fields within SCC, contains external system information and external system finding fields.
+    "a_key": { # Representation of third party SIEM/SOAR fields within SCC.
+      "assignees": [ # References primary/secondary etc assignees in the external system.
+        "A String",
+      ],
+      "externalSystemUpdateTime": "A String", # The most recent time when the corresponding finding's ticket/tracker was updated in the external system.
+      "externalUid": "A String", # Identifier that's used to track the given finding in the external system.
+      "name": "A String", # External System Name e.g. jira, demisto, etc. e.g.: organizations/1234/sources/5678/findings/123456/externalSystems/jira folders/1234/sources/5678/findings/123456/externalSystems/jira projects/1234/sources/5678/findings/123456/externalSystems/jira
+      "status": "A String", # Most recent status of the corresponding finding's ticket/tracker in the external system.
+    },
+  },
   "externalUri": "A String", # The URI that, if available, points to a web page outside of Security Command Center where additional information about the finding can be found. This field is guaranteed to be either empty or a well formed URL.
   "findingClass": "A String", # The class of the finding.
   "indicator": { # Represents what's commonly known as an Indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise # Represents what's commonly known as an Indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise
@@ -568,6 +747,9 @@ 
Method Details

       "A String",
     ],
   },
+  "mute": "A String", # Indicates the mute state of a finding (either unspecified, muted, unmuted or undefined).
+  "muteInitiator": "A String", # First known as mute_annotation. Records additional information about the mute operation e.g. mute config that muted the finding, user who muted the finding, etc.
+  "muteUpdateTime": "A String", # Output only. The most recent time this finding was muted or unmuted.
   "name": "A String", # The relative resource name of this finding. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}"
   "parent": "A String", # The relative resource name of the source the finding belongs to. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name This field is immutable after creation time. For example: "organizations/{organization_id}/sources/{source_id}"
   "resourceName": "A String", # For findings on Google Cloud resources, the full resource name of the Google Cloud resource this finding is for. See: https://cloud.google.com/apis/design/resource_names#full_resource_name When the finding is for a non-Google Cloud resource, the resourceName can be a customer or partner defined string. This field is immutable after creation time.
diff --git a/docs/dyn/securitycenter_v1.projects.findings.html b/docs/dyn/securitycenter_v1.projects.findings.html
new file mode 100644
index 00000000000..62fb3a6b9f8
--- /dev/null
+++ b/docs/dyn/securitycenter_v1.projects.findings.html
@@ -0,0 +1,132 @@
+
+
+
+
Security Command Center API . projects . findings

+
Instance Methods

+

+  bulkMute(parent, body=None, x__xgafv=None)

+
Kicks off an LRO to bulk mute findings for a parent based on a filter. The parent can be either an organization, folder or project. The findings matched by the filter will be muted after the LRO is done.

+

+  close()

+
Close httplib2 connections.

+
Method Details

+

+    bulkMute(parent, body=None, x__xgafv=None)
+  
Kicks off an LRO to bulk mute findings for a parent based on a filter. The parent can be either an organization, folder or project. The findings matched by the filter will be muted after the LRO is done.
+
+Args:
+  parent: string, Required. The parent, at which bulk action needs to be applied. Its format is "organizations/[organization_id]", "folders/[folder_id]", "projects/[project_id]". (required)
+  body: object, The request body.
+    The object takes the form of:
+
+{ # Request message for bulk findings update. Note: 1. If multiple bulk update requests match the same resource, the order in which they get executed is not defined. 2. Once a bulk operation is started, there is no way to stop it.
+  "filter": "A String", # Expression that identifies findings that should be updated. The expression is a list of zero or more restrictions combined via logical operators `AND` and `OR`. Parentheses are supported, and `OR` has higher precedence than `AND`. Restrictions have the form ` ` and may have a `-` character in front of them to indicate negation. The fields map to those defined in the corresponding resource. The supported operators are: * `=` for all value types. * `>`, `<`, `>=`, `<=` for integer values. * `:`, meaning substring matching, for strings. The supported value types are: * string literals in quotes. * integer literals without quotes. * boolean literals `true` and `false` without quotes.
+  "muteAnnotation": "A String", # This can be a mute configuration name or any identifier for mute/unmute of findings based on the filter.
+}
+
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # This resource represents a long-running operation that is the result of a network API call.
+  "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+  "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+    "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+    "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+      {
+        "a_key": "", # Properties of the object. Contains field @type with type URL.
+      },
+    ],
+    "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+  },
+  "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+    "a_key": "", # Properties of the object. Contains field @type with type URL.
+  },
+  "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+  "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+    "a_key": "", # Properties of the object. Contains field @type with type URL.
+  },
+}

+

+
+

+    close()
+  
Close httplib2 connections.

+

+
+
\ No newline at end of file
diff --git a/docs/dyn/securitycenter_v1.projects.html b/docs/dyn/securitycenter_v1.projects.html
index e126dfa9337..838033f2e07 100644
--- a/docs/dyn/securitycenter_v1.projects.html
+++ b/docs/dyn/securitycenter_v1.projects.html
@@ -79,6 +79,16 @@ 
Instance Methods

 

 
Returns the assets Resource.

 
+

+  findings()
+

+
Returns the findings Resource.

+
+

+  muteConfigs()
+

+
Returns the muteConfigs Resource.

+
 

   sources()
 

diff --git a/docs/dyn/securitycenter_v1.projects.muteConfigs.html b/docs/dyn/securitycenter_v1.projects.muteConfigs.html
new file mode 100644
index 00000000000..b9c8c924715
--- /dev/null
+++ b/docs/dyn/securitycenter_v1.projects.muteConfigs.html
@@ -0,0 +1,271 @@
+
+
+
+
Security Command Center API . projects . muteConfigs

+
Instance Methods

+

+  close()

+
Close httplib2 connections.

+

+  create(parent, body=None, muteConfigId=None, x__xgafv=None)

+
Creates a mute config.

+

+  delete(name, x__xgafv=None)

+
Deletes an existing mute config.

+

+  get(name, x__xgafv=None)

+
Gets a mute config.

+

+  list(parent, pageSize=None, pageToken=None, x__xgafv=None)

+
Lists mute configs.

+

+  list_next(previous_request, previous_response)

+
Retrieves the next page of results.

+

+  patch(name, body=None, updateMask=None, x__xgafv=None)

+
Updates a mute config.

+
Method Details

+

+    close()
+  
Close httplib2 connections.

+

+
+

+    create(parent, body=None, muteConfigId=None, x__xgafv=None)
+  
Creates a mute config.
+
+Args:
+  parent: string, Required. Resource name of the new mute configs's parent. Its format is "organizations/[organization_id]", "folders/[folder_id]", or "projects/[project_id]". (required)
+  body: object, The request body.
+    The object takes the form of:
+
+{ # A mute config is a Cloud SCC resource that contains the configuration to mute create/update events of findings.
+  "createTime": "A String", # Output only. The time at which the mute config was created. This field is set by the server and will be ignored if provided on config creation.
+  "description": "A String", # A description of the mute config.
+  "displayName": "A String", # The human readable name to be displayed for the mute config.
+  "filter": "A String", # Required. An expression that defines the filter to apply across create/update events of findings. While creating a filter string, be mindful of the scope in which the mute configuration is being created. E.g., If a filter contains project = X but is created under the project = Y scope, it might not match any findings. The following field and operator combinations are supported: * severity: `=`, `:` * category: `=`, `:` * resource.name: `=`, `:` * resource.project_name: `=`, `:` * resource.project_display_name: `=`, `:` * resource.folders.resource_folder: `=`, `:` * resource.parent_name: `=`, `:` * resource.parent_display_name: `=`, `:` * resource.type: `=`, `:` * finding_class: `=`, `:` * indicator.ip_addresses: `=`, `:` * indicator.domains: `=`, `:`
+  "mostRecentEditor": "A String", # Output only. Email address of the user who last edited the mute config. This field is set by the server and will be ignored if provided on config creation or update.
+  "name": "A String", # This field will be ignored if provided on config creation. Format "organizations/{organization}/muteConfigs/{mute_config}" "folders/{folder}/muteConfigs/{mute_config}" "projects/{project}/muteConfigs/{mute_config}"
+  "updateTime": "A String", # Output only. The most recent time at which the mute config was updated. This field is set by the server and will be ignored if provided on config creation or update.
+}
+
+  muteConfigId: string, Required. Unique identifier provided by the client within the parent scope. It must consist of lower case letters, numbers, and hyphen, with the first character a letter, the last a letter or a number, and a 63 character maximum.
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # A mute config is a Cloud SCC resource that contains the configuration to mute create/update events of findings.
+  "createTime": "A String", # Output only. The time at which the mute config was created. This field is set by the server and will be ignored if provided on config creation.
+  "description": "A String", # A description of the mute config.
+  "displayName": "A String", # The human readable name to be displayed for the mute config.
+  "filter": "A String", # Required. An expression that defines the filter to apply across create/update events of findings. While creating a filter string, be mindful of the scope in which the mute configuration is being created. E.g., If a filter contains project = X but is created under the project = Y scope, it might not match any findings. The following field and operator combinations are supported: * severity: `=`, `:` * category: `=`, `:` * resource.name: `=`, `:` * resource.project_name: `=`, `:` * resource.project_display_name: `=`, `:` * resource.folders.resource_folder: `=`, `:` * resource.parent_name: `=`, `:` * resource.parent_display_name: `=`, `:` * resource.type: `=`, `:` * finding_class: `=`, `:` * indicator.ip_addresses: `=`, `:` * indicator.domains: `=`, `:`
+  "mostRecentEditor": "A String", # Output only. Email address of the user who last edited the mute config. This field is set by the server and will be ignored if provided on config creation or update.
+  "name": "A String", # This field will be ignored if provided on config creation. Format "organizations/{organization}/muteConfigs/{mute_config}" "folders/{folder}/muteConfigs/{mute_config}" "projects/{project}/muteConfigs/{mute_config}"
+  "updateTime": "A String", # Output only. The most recent time at which the mute config was updated. This field is set by the server and will be ignored if provided on config creation or update.
+}

+

+
+

+    delete(name, x__xgafv=None)
+  
Deletes an existing mute config.
+
+Args:
+  name: string, Required. Name of the mute config to delete. Its format is organizations/{organization}/muteConfigs/{config_id}, folders/{folder}/muteConfigs/{config_id}, or projects/{project}/muteConfigs/{config_id} (required)
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for `Empty` is empty JSON object `{}`.
+}

+

+
+

+    get(name, x__xgafv=None)
+  
Gets a mute config.
+
+Args:
+  name: string, Required. Name of the mute config to retrieve. Its format is organizations/{organization}/muteConfigs/{config_id}, folders/{folder}/muteConfigs/{config_id}, or projects/{project}/muteConfigs/{config_id} (required)
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # A mute config is a Cloud SCC resource that contains the configuration to mute create/update events of findings.
+  "createTime": "A String", # Output only. The time at which the mute config was created. This field is set by the server and will be ignored if provided on config creation.
+  "description": "A String", # A description of the mute config.
+  "displayName": "A String", # The human readable name to be displayed for the mute config.
+  "filter": "A String", # Required. An expression that defines the filter to apply across create/update events of findings. While creating a filter string, be mindful of the scope in which the mute configuration is being created. E.g., If a filter contains project = X but is created under the project = Y scope, it might not match any findings. The following field and operator combinations are supported: * severity: `=`, `:` * category: `=`, `:` * resource.name: `=`, `:` * resource.project_name: `=`, `:` * resource.project_display_name: `=`, `:` * resource.folders.resource_folder: `=`, `:` * resource.parent_name: `=`, `:` * resource.parent_display_name: `=`, `:` * resource.type: `=`, `:` * finding_class: `=`, `:` * indicator.ip_addresses: `=`, `:` * indicator.domains: `=`, `:`
+  "mostRecentEditor": "A String", # Output only. Email address of the user who last edited the mute config. This field is set by the server and will be ignored if provided on config creation or update.
+  "name": "A String", # This field will be ignored if provided on config creation. Format "organizations/{organization}/muteConfigs/{mute_config}" "folders/{folder}/muteConfigs/{mute_config}" "projects/{project}/muteConfigs/{mute_config}"
+  "updateTime": "A String", # Output only. The most recent time at which the mute config was updated. This field is set by the server and will be ignored if provided on config creation or update.
+}

+

+
+

+    list(parent, pageSize=None, pageToken=None, x__xgafv=None)
+  
Lists mute configs.
+
+Args:
+  parent: string, Required. The parent, which owns the collection of mute configs. Its format is "organizations/[organization_id]", "folders/[folder_id]", "projects/[project_id]". (required)
+  pageSize: integer, The maximum number of configs to return. The service may return fewer than this value. If unspecified, at most 10 configs will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
+  pageToken: string, A page token, received from a previous `ListMuteConfigs` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListMuteConfigs` must match the call that provided the page token.
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # Response message for listing mute configs.
+  "muteConfigs": [ # The mute configs from the specified parent.
+    { # A mute config is a Cloud SCC resource that contains the configuration to mute create/update events of findings.
+      "createTime": "A String", # Output only. The time at which the mute config was created. This field is set by the server and will be ignored if provided on config creation.
+      "description": "A String", # A description of the mute config.
+      "displayName": "A String", # The human readable name to be displayed for the mute config.
+      "filter": "A String", # Required. An expression that defines the filter to apply across create/update events of findings. While creating a filter string, be mindful of the scope in which the mute configuration is being created. E.g., If a filter contains project = X but is created under the project = Y scope, it might not match any findings. The following field and operator combinations are supported: * severity: `=`, `:` * category: `=`, `:` * resource.name: `=`, `:` * resource.project_name: `=`, `:` * resource.project_display_name: `=`, `:` * resource.folders.resource_folder: `=`, `:` * resource.parent_name: `=`, `:` * resource.parent_display_name: `=`, `:` * resource.type: `=`, `:` * finding_class: `=`, `:` * indicator.ip_addresses: `=`, `:` * indicator.domains: `=`, `:`
+      "mostRecentEditor": "A String", # Output only. Email address of the user who last edited the mute config. This field is set by the server and will be ignored if provided on config creation or update.
+      "name": "A String", # This field will be ignored if provided on config creation. Format "organizations/{organization}/muteConfigs/{mute_config}" "folders/{folder}/muteConfigs/{mute_config}" "projects/{project}/muteConfigs/{mute_config}"
+      "updateTime": "A String", # Output only. The most recent time at which the mute config was updated. This field is set by the server and will be ignored if provided on config creation or update.
+    },
+  ],
+  "nextPageToken": "A String", # A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.
+}

+

+
+

+    list_next(previous_request, previous_response)
+  
Retrieves the next page of results.
+
+Args:
+  previous_request: The request for the previous page. (required)
+  previous_response: The response from the request for the previous page. (required)
+
+Returns:
+  A request object that you can call 'execute()' on to request the next
+  page. Returns None if there are no more items in the collection.
+    

+

+
+

+    patch(name, body=None, updateMask=None, x__xgafv=None)
+  
Updates a mute config.
+
+Args:
+  name: string, This field will be ignored if provided on config creation. Format "organizations/{organization}/muteConfigs/{mute_config}" "folders/{folder}/muteConfigs/{mute_config}" "projects/{project}/muteConfigs/{mute_config}" (required)
+  body: object, The request body.
+    The object takes the form of:
+
+{ # A mute config is a Cloud SCC resource that contains the configuration to mute create/update events of findings.
+  "createTime": "A String", # Output only. The time at which the mute config was created. This field is set by the server and will be ignored if provided on config creation.
+  "description": "A String", # A description of the mute config.
+  "displayName": "A String", # The human readable name to be displayed for the mute config.
+  "filter": "A String", # Required. An expression that defines the filter to apply across create/update events of findings. While creating a filter string, be mindful of the scope in which the mute configuration is being created. E.g., If a filter contains project = X but is created under the project = Y scope, it might not match any findings. The following field and operator combinations are supported: * severity: `=`, `:` * category: `=`, `:` * resource.name: `=`, `:` * resource.project_name: `=`, `:` * resource.project_display_name: `=`, `:` * resource.folders.resource_folder: `=`, `:` * resource.parent_name: `=`, `:` * resource.parent_display_name: `=`, `:` * resource.type: `=`, `:` * finding_class: `=`, `:` * indicator.ip_addresses: `=`, `:` * indicator.domains: `=`, `:`
+  "mostRecentEditor": "A String", # Output only. Email address of the user who last edited the mute config. This field is set by the server and will be ignored if provided on config creation or update.
+  "name": "A String", # This field will be ignored if provided on config creation. Format "organizations/{organization}/muteConfigs/{mute_config}" "folders/{folder}/muteConfigs/{mute_config}" "projects/{project}/muteConfigs/{mute_config}"
+  "updateTime": "A String", # Output only. The most recent time at which the mute config was updated. This field is set by the server and will be ignored if provided on config creation or update.
+}
+
+  updateMask: string, The list of fields to be updated. If empty all mutable fields will be updated.
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # A mute config is a Cloud SCC resource that contains the configuration to mute create/update events of findings.
+  "createTime": "A String", # Output only. The time at which the mute config was created. This field is set by the server and will be ignored if provided on config creation.
+  "description": "A String", # A description of the mute config.
+  "displayName": "A String", # The human readable name to be displayed for the mute config.
+  "filter": "A String", # Required. An expression that defines the filter to apply across create/update events of findings. While creating a filter string, be mindful of the scope in which the mute configuration is being created. E.g., If a filter contains project = X but is created under the project = Y scope, it might not match any findings. The following field and operator combinations are supported: * severity: `=`, `:` * category: `=`, `:` * resource.name: `=`, `:` * resource.project_name: `=`, `:` * resource.project_display_name: `=`, `:` * resource.folders.resource_folder: `=`, `:` * resource.parent_name: `=`, `:` * resource.parent_display_name: `=`, `:` * resource.type: `=`, `:` * finding_class: `=`, `:` * indicator.ip_addresses: `=`, `:` * indicator.domains: `=`, `:`
+  "mostRecentEditor": "A String", # Output only. Email address of the user who last edited the mute config. This field is set by the server and will be ignored if provided on config creation or update.
+  "name": "A String", # This field will be ignored if provided on config creation. Format "organizations/{organization}/muteConfigs/{mute_config}" "folders/{folder}/muteConfigs/{mute_config}" "projects/{project}/muteConfigs/{mute_config}"
+  "updateTime": "A String", # Output only. The most recent time at which the mute config was updated. This field is set by the server and will be ignored if provided on config creation or update.
+}

+

+
+
\ No newline at end of file
diff --git a/docs/dyn/securitycenter_v1.projects.sources.findings.externalSystems.html b/docs/dyn/securitycenter_v1.projects.sources.findings.externalSystems.html
new file mode 100644
index 00000000000..ea2e520598d
--- /dev/null
+++ b/docs/dyn/securitycenter_v1.projects.sources.findings.externalSystems.html
@@ -0,0 +1,128 @@
+
+
+
+
Security Command Center API . projects . sources . findings . externalSystems

+
Instance Methods

+

+  close()

+
Close httplib2 connections.

+

+  patch(name, body=None, updateMask=None, x__xgafv=None)

+
Updates external system. This is for a given finding.

+
Method Details

+

+    close()
+  
Close httplib2 connections.

+

+
+

+    patch(name, body=None, updateMask=None, x__xgafv=None)
+  
Updates external system. This is for a given finding.
+
+Args:
+  name: string, External System Name e.g. jira, demisto, etc. e.g.: organizations/1234/sources/5678/findings/123456/externalSystems/jira folders/1234/sources/5678/findings/123456/externalSystems/jira projects/1234/sources/5678/findings/123456/externalSystems/jira (required)
+  body: object, The request body.
+    The object takes the form of:
+
+{ # Representation of third party SIEM/SOAR fields within SCC.
+  "assignees": [ # References primary/secondary etc assignees in the external system.
+    "A String",
+  ],
+  "externalSystemUpdateTime": "A String", # The most recent time when the corresponding finding's ticket/tracker was updated in the external system.
+  "externalUid": "A String", # Identifier that's used to track the given finding in the external system.
+  "name": "A String", # External System Name e.g. jira, demisto, etc. e.g.: organizations/1234/sources/5678/findings/123456/externalSystems/jira folders/1234/sources/5678/findings/123456/externalSystems/jira projects/1234/sources/5678/findings/123456/externalSystems/jira
+  "status": "A String", # Most recent status of the corresponding finding's ticket/tracker in the external system.
+}
+
+  updateMask: string, The FieldMask to use when updating the external system resource. If empty all mutable fields will be updated.
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # Representation of third party SIEM/SOAR fields within SCC.
+  "assignees": [ # References primary/secondary etc assignees in the external system.
+    "A String",
+  ],
+  "externalSystemUpdateTime": "A String", # The most recent time when the corresponding finding's ticket/tracker was updated in the external system.
+  "externalUid": "A String", # Identifier that's used to track the given finding in the external system.
+  "name": "A String", # External System Name e.g. jira, demisto, etc. e.g.: organizations/1234/sources/5678/findings/123456/externalSystems/jira folders/1234/sources/5678/findings/123456/externalSystems/jira projects/1234/sources/5678/findings/123456/externalSystems/jira
+  "status": "A String", # Most recent status of the corresponding finding's ticket/tracker in the external system.
+}

+

+
+
\ No newline at end of file
diff --git a/docs/dyn/securitycenter_v1.projects.sources.findings.html b/docs/dyn/securitycenter_v1.projects.sources.findings.html
index 9621942d8dc..d5c9ff8158d 100644
--- a/docs/dyn/securitycenter_v1.projects.sources.findings.html
+++ b/docs/dyn/securitycenter_v1.projects.sources.findings.html
@@ -74,6 +74,11 @@
 
 
Security Command Center API . projects . sources . findings

 
Instance Methods

+

+  externalSystems()
+

+
Returns the externalSystems Resource.

+
 

   close()

 
Close httplib2 connections.

@@ -92,6 +97,9 @@ 
Instance Methods

 

   patch(name, body=None, updateMask=None, x__xgafv=None)

 
Creates or updates a finding. The corresponding source must exist for a finding creation to succeed.

+

+  setMute(name, body=None, x__xgafv=None)

+
Updates the mute state of a finding.

 

   setState(name, body=None, x__xgafv=None)

 
Updates the state of a finding.

@@ -188,6 +196,17 @@ 
Method Details

         "category": "A String", # The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"
         "createTime": "A String", # The time at which the finding was created in Security Command Center.
         "eventTime": "A String", # The time at which the event took place, or when an update to the finding occurred. For example, if the finding represents an open firewall it would capture the time the detector believes the firewall became open. The accuracy is determined by the detector. If the finding were to be resolved afterward, this time would reflect when the finding was resolved. Must not be set to a value greater than the current timestamp.
+        "externalSystems": { # Output only. Third party SIEM/SOAR fields within SCC, contains external system information and external system finding fields.
+          "a_key": { # Representation of third party SIEM/SOAR fields within SCC.
+            "assignees": [ # References primary/secondary etc assignees in the external system.
+              "A String",
+            ],
+            "externalSystemUpdateTime": "A String", # The most recent time when the corresponding finding's ticket/tracker was updated in the external system.
+            "externalUid": "A String", # Identifier that's used to track the given finding in the external system.
+            "name": "A String", # External System Name e.g. jira, demisto, etc. e.g.: organizations/1234/sources/5678/findings/123456/externalSystems/jira folders/1234/sources/5678/findings/123456/externalSystems/jira projects/1234/sources/5678/findings/123456/externalSystems/jira
+            "status": "A String", # Most recent status of the corresponding finding's ticket/tracker in the external system.
+          },
+        },
         "externalUri": "A String", # The URI that, if available, points to a web page outside of Security Command Center where additional information about the finding can be found. This field is guaranteed to be either empty or a well formed URL.
         "findingClass": "A String", # The class of the finding.
         "indicator": { # Represents what's commonly known as an Indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise # Represents what's commonly known as an Indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise
@@ -198,6 +217,9 @@ 
Method Details

             "A String",
           ],
         },
+        "mute": "A String", # Indicates the mute state of a finding (either unspecified, muted, unmuted or undefined).
+        "muteInitiator": "A String", # First known as mute_annotation. Records additional information about the mute operation e.g. mute config that muted the finding, user who muted the finding, etc.
+        "muteUpdateTime": "A String", # Output only. The most recent time this finding was muted or unmuted.
         "name": "A String", # The relative resource name of this finding. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}"
         "parent": "A String", # The relative resource name of the source the finding belongs to. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name This field is immutable after creation time. For example: "organizations/{organization_id}/sources/{source_id}"
         "resourceName": "A String", # For findings on Google Cloud resources, the full resource name of the Google Cloud resource this finding is for. See: https://cloud.google.com/apis/design/resource_names#full_resource_name When the finding is for a non-Google Cloud resource, the resourceName can be a customer or partner defined string. This field is immutable after creation time.
@@ -288,6 +310,17 @@ 
Method Details

   "category": "A String", # The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"
   "createTime": "A String", # The time at which the finding was created in Security Command Center.
   "eventTime": "A String", # The time at which the event took place, or when an update to the finding occurred. For example, if the finding represents an open firewall it would capture the time the detector believes the firewall became open. The accuracy is determined by the detector. If the finding were to be resolved afterward, this time would reflect when the finding was resolved. Must not be set to a value greater than the current timestamp.
+  "externalSystems": { # Output only. Third party SIEM/SOAR fields within SCC, contains external system information and external system finding fields.
+    "a_key": { # Representation of third party SIEM/SOAR fields within SCC.
+      "assignees": [ # References primary/secondary etc assignees in the external system.
+        "A String",
+      ],
+      "externalSystemUpdateTime": "A String", # The most recent time when the corresponding finding's ticket/tracker was updated in the external system.
+      "externalUid": "A String", # Identifier that's used to track the given finding in the external system.
+      "name": "A String", # External System Name e.g. jira, demisto, etc. e.g.: organizations/1234/sources/5678/findings/123456/externalSystems/jira folders/1234/sources/5678/findings/123456/externalSystems/jira projects/1234/sources/5678/findings/123456/externalSystems/jira
+      "status": "A String", # Most recent status of the corresponding finding's ticket/tracker in the external system.
+    },
+  },
   "externalUri": "A String", # The URI that, if available, points to a web page outside of Security Command Center where additional information about the finding can be found. This field is guaranteed to be either empty or a well formed URL.
   "findingClass": "A String", # The class of the finding.
   "indicator": { # Represents what's commonly known as an Indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise # Represents what's commonly known as an Indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise
@@ -298,6 +331,9 @@ 
Method Details

       "A String",
     ],
   },
+  "mute": "A String", # Indicates the mute state of a finding (either unspecified, muted, unmuted or undefined).
+  "muteInitiator": "A String", # First known as mute_annotation. Records additional information about the mute operation e.g. mute config that muted the finding, user who muted the finding, etc.
+  "muteUpdateTime": "A String", # Output only. The most recent time this finding was muted or unmuted.
   "name": "A String", # The relative resource name of this finding. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}"
   "parent": "A String", # The relative resource name of the source the finding belongs to. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name This field is immutable after creation time. For example: "organizations/{organization_id}/sources/{source_id}"
   "resourceName": "A String", # For findings on Google Cloud resources, the full resource name of the Google Cloud resource this finding is for. See: https://cloud.google.com/apis/design/resource_names#full_resource_name When the finding is for a non-Google Cloud resource, the resourceName can be a customer or partner defined string. This field is immutable after creation time.
@@ -351,6 +387,17 @@ 
Method Details

   "category": "A String", # The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"
   "createTime": "A String", # The time at which the finding was created in Security Command Center.
   "eventTime": "A String", # The time at which the event took place, or when an update to the finding occurred. For example, if the finding represents an open firewall it would capture the time the detector believes the firewall became open. The accuracy is determined by the detector. If the finding were to be resolved afterward, this time would reflect when the finding was resolved. Must not be set to a value greater than the current timestamp.
+  "externalSystems": { # Output only. Third party SIEM/SOAR fields within SCC, contains external system information and external system finding fields.
+    "a_key": { # Representation of third party SIEM/SOAR fields within SCC.
+      "assignees": [ # References primary/secondary etc assignees in the external system.
+        "A String",
+      ],
+      "externalSystemUpdateTime": "A String", # The most recent time when the corresponding finding's ticket/tracker was updated in the external system.
+      "externalUid": "A String", # Identifier that's used to track the given finding in the external system.
+      "name": "A String", # External System Name e.g. jira, demisto, etc. e.g.: organizations/1234/sources/5678/findings/123456/externalSystems/jira folders/1234/sources/5678/findings/123456/externalSystems/jira projects/1234/sources/5678/findings/123456/externalSystems/jira
+      "status": "A String", # Most recent status of the corresponding finding's ticket/tracker in the external system.
+    },
+  },
   "externalUri": "A String", # The URI that, if available, points to a web page outside of Security Command Center where additional information about the finding can be found. This field is guaranteed to be either empty or a well formed URL.
   "findingClass": "A String", # The class of the finding.
   "indicator": { # Represents what's commonly known as an Indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise # Represents what's commonly known as an Indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise
@@ -361,6 +408,99 @@ 
Method Details

       "A String",
     ],
   },
+  "mute": "A String", # Indicates the mute state of a finding (either unspecified, muted, unmuted or undefined).
+  "muteInitiator": "A String", # First known as mute_annotation. Records additional information about the mute operation e.g. mute config that muted the finding, user who muted the finding, etc.
+  "muteUpdateTime": "A String", # Output only. The most recent time this finding was muted or unmuted.
+  "name": "A String", # The relative resource name of this finding. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}"
+  "parent": "A String", # The relative resource name of the source the finding belongs to. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name This field is immutable after creation time. For example: "organizations/{organization_id}/sources/{source_id}"
+  "resourceName": "A String", # For findings on Google Cloud resources, the full resource name of the Google Cloud resource this finding is for. See: https://cloud.google.com/apis/design/resource_names#full_resource_name When the finding is for a non-Google Cloud resource, the resourceName can be a customer or partner defined string. This field is immutable after creation time.
+  "securityMarks": { # User specified security marks that are attached to the parent Security Command Center resource. Security marks are scoped within a Security Command Center organization -- they can be modified and viewed by all users who have proper permissions on the organization. # Output only. User specified security marks. These marks are entirely managed by the user and come from the SecurityMarks resource that belongs to the finding.
+    "canonicalName": "A String", # The canonical name of the marks. Examples: "organizations/{organization_id}/assets/{asset_id}/securityMarks" "folders/{folder_id}/assets/{asset_id}/securityMarks" "projects/{project_number}/assets/{asset_id}/securityMarks" "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}/securityMarks" "folders/{folder_id}/sources/{source_id}/findings/{finding_id}/securityMarks" "projects/{project_number}/sources/{source_id}/findings/{finding_id}/securityMarks"
+    "marks": { # Mutable user specified security marks belonging to the parent resource. Constraints are as follows: * Keys and values are treated as case insensitive * Keys must be between 1 - 256 characters (inclusive) * Keys must be letters, numbers, underscores, or dashes * Values have leading and trailing whitespace trimmed, remaining characters must be between 1 - 4096 characters (inclusive)
+      "a_key": "A String",
+    },
+    "name": "A String", # The relative resource name of the SecurityMarks. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Examples: "organizations/{organization_id}/assets/{asset_id}/securityMarks" "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}/securityMarks".
+  },
+  "severity": "A String", # The severity of the finding. This field is managed by the source that writes the finding.
+  "sourceProperties": { # Source specific properties. These properties are managed by the source that writes the finding. The key names in the source_properties map must be between 1 and 255 characters, and must start with a letter and contain alphanumeric characters or underscores only.
+    "a_key": "",
+  },
+  "state": "A String", # The state of the finding.
+  "vulnerability": { # Refers to common vulnerability fields e.g. cve, cvss, cwe etc. # Represents vulnerability specific fields like cve, cvss scores etc. CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)
+    "cve": { # CVE stands for Common Vulnerabilities and Exposures. More information: https://cve.mitre.org # CVE stands for Common Vulnerabilities and Exposures (https://cve.mitre.org/about/)
+      "cvssv3": { # Common Vulnerability Scoring System version 3. # Describe Common Vulnerability Scoring System specified at https://www.first.org/cvss/v3.1/specification-document
+        "attackComplexity": "A String", # This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.
+        "attackVector": "A String", # Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. This metric reflects the context by which vulnerability exploitation is possible.
+        "availabilityImpact": "A String", # This metric measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability.
+        "baseScore": 3.14, # The base score is a function of the base metric scores.
+        "confidentialityImpact": "A String", # This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.
+        "integrityImpact": "A String", # This metric measures the impact to integrity of a successfully exploited vulnerability.
+        "privilegesRequired": "A String", # This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.
+        "scope": "A String", # The Scope metric captures whether a vulnerability in one vulnerable component impacts resources in components beyond its security scope.
+        "userInteraction": "A String", # This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable component.
+      },
+      "id": "A String", # The unique identifier for the vulnerability. e.g. CVE-2021-34527
+      "references": [ # Additional information about the CVE. e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527
+        { # Additional Links
+          "source": "A String", # Source of the reference e.g. NVD
+          "uri": "A String", # Uri for the mentioned source e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527.
+        },
+      ],
+    },
+  },
+}

+

+
+

+    setMute(name, body=None, x__xgafv=None)
+  
Updates the mute state of a finding.
+
+Args:
+  name: string, Required. The relative resource name of the finding. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/{organization_id}/sources/{source_id}/finding/{finding_id}", "folders/{folder_id}/sources/{source_id}/finding/{finding_id}", "projects/{project_id}/sources/{source_id}/finding/{finding_id}". (required)
+  body: object, The request body.
+    The object takes the form of:
+
+{ # Request message for updating a finding's mute status.
+  "mute": "A String", # Required. The desired state of the Mute.
+}
+
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # Security Command Center finding. A finding is a record of assessment data like security, risk, health, or privacy, that is ingested into Security Command Center for presentation, notification, analysis, policy testing, and enforcement. For example, a cross-site scripting (XSS) vulnerability in an App Engine application is a finding.
+  "canonicalName": "A String", # The canonical name of the finding. It's either "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}", "folders/{folder_id}/sources/{source_id}/findings/{finding_id}" or "projects/{project_number}/sources/{source_id}/findings/{finding_id}", depending on the closest CRM ancestor of the resource associated with the finding.
+  "category": "A String", # The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"
+  "createTime": "A String", # The time at which the finding was created in Security Command Center.
+  "eventTime": "A String", # The time at which the event took place, or when an update to the finding occurred. For example, if the finding represents an open firewall it would capture the time the detector believes the firewall became open. The accuracy is determined by the detector. If the finding were to be resolved afterward, this time would reflect when the finding was resolved. Must not be set to a value greater than the current timestamp.
+  "externalSystems": { # Output only. Third party SIEM/SOAR fields within SCC, contains external system information and external system finding fields.
+    "a_key": { # Representation of third party SIEM/SOAR fields within SCC.
+      "assignees": [ # References primary/secondary etc assignees in the external system.
+        "A String",
+      ],
+      "externalSystemUpdateTime": "A String", # The most recent time when the corresponding finding's ticket/tracker was updated in the external system.
+      "externalUid": "A String", # Identifier that's used to track the given finding in the external system.
+      "name": "A String", # External System Name e.g. jira, demisto, etc. e.g.: organizations/1234/sources/5678/findings/123456/externalSystems/jira folders/1234/sources/5678/findings/123456/externalSystems/jira projects/1234/sources/5678/findings/123456/externalSystems/jira
+      "status": "A String", # Most recent status of the corresponding finding's ticket/tracker in the external system.
+    },
+  },
+  "externalUri": "A String", # The URI that, if available, points to a web page outside of Security Command Center where additional information about the finding can be found. This field is guaranteed to be either empty or a well formed URL.
+  "findingClass": "A String", # The class of the finding.
+  "indicator": { # Represents what's commonly known as an Indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise # Represents what's commonly known as an Indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise
+    "domains": [ # List of domains associated to the Finding.
+      "A String",
+    ],
+    "ipAddresses": [ # List of ip addresses associated to the Finding.
+      "A String",
+    ],
+  },
+  "mute": "A String", # Indicates the mute state of a finding (either unspecified, muted, unmuted or undefined).
+  "muteInitiator": "A String", # First known as mute_annotation. Records additional information about the mute operation e.g. mute config that muted the finding, user who muted the finding, etc.
+  "muteUpdateTime": "A String", # Output only. The most recent time this finding was muted or unmuted.
   "name": "A String", # The relative resource name of this finding. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}"
   "parent": "A String", # The relative resource name of the source the finding belongs to. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name This field is immutable after creation time. For example: "organizations/{organization_id}/sources/{source_id}"
   "resourceName": "A String", # For findings on Google Cloud resources, the full resource name of the Google Cloud resource this finding is for. See: https://cloud.google.com/apis/design/resource_names#full_resource_name When the finding is for a non-Google Cloud resource, the resourceName can be a customer or partner defined string. This field is immutable after creation time.
@@ -428,6 +568,17 @@ 
Method Details

   "category": "A String", # The additional taxonomy group within findings from a given source. This field is immutable after creation time. Example: "XSS_FLASH_INJECTION"
   "createTime": "A String", # The time at which the finding was created in Security Command Center.
   "eventTime": "A String", # The time at which the event took place, or when an update to the finding occurred. For example, if the finding represents an open firewall it would capture the time the detector believes the firewall became open. The accuracy is determined by the detector. If the finding were to be resolved afterward, this time would reflect when the finding was resolved. Must not be set to a value greater than the current timestamp.
+  "externalSystems": { # Output only. Third party SIEM/SOAR fields within SCC, contains external system information and external system finding fields.
+    "a_key": { # Representation of third party SIEM/SOAR fields within SCC.
+      "assignees": [ # References primary/secondary etc assignees in the external system.
+        "A String",
+      ],
+      "externalSystemUpdateTime": "A String", # The most recent time when the corresponding finding's ticket/tracker was updated in the external system.
+      "externalUid": "A String", # Identifier that's used to track the given finding in the external system.
+      "name": "A String", # External System Name e.g. jira, demisto, etc. e.g.: organizations/1234/sources/5678/findings/123456/externalSystems/jira folders/1234/sources/5678/findings/123456/externalSystems/jira projects/1234/sources/5678/findings/123456/externalSystems/jira
+      "status": "A String", # Most recent status of the corresponding finding's ticket/tracker in the external system.
+    },
+  },
   "externalUri": "A String", # The URI that, if available, points to a web page outside of Security Command Center where additional information about the finding can be found. This field is guaranteed to be either empty or a well formed URL.
   "findingClass": "A String", # The class of the finding.
   "indicator": { # Represents what's commonly known as an Indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise # Represents what's commonly known as an Indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise
@@ -438,6 +589,9 @@ 
Method Details

       "A String",
     ],
   },
+  "mute": "A String", # Indicates the mute state of a finding (either unspecified, muted, unmuted or undefined).
+  "muteInitiator": "A String", # First known as mute_annotation. Records additional information about the mute operation e.g. mute config that muted the finding, user who muted the finding, etc.
+  "muteUpdateTime": "A String", # Output only. The most recent time this finding was muted or unmuted.
   "name": "A String", # The relative resource name of this finding. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: "organizations/{organization_id}/sources/{source_id}/findings/{finding_id}"
   "parent": "A String", # The relative resource name of the source the finding belongs to. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name This field is immutable after creation time. For example: "organizations/{organization_id}/sources/{source_id}"
   "resourceName": "A String", # For findings on Google Cloud resources, the full resource name of the Google Cloud resource this finding is for. See: https://cloud.google.com/apis/design/resource_names#full_resource_name When the finding is for a non-Google Cloud resource, the resourceName can be a customer or partner defined string. This field is immutable after creation time.
diff --git a/docs/dyn/servicedirectory_v1.projects.locations.namespaces.html b/docs/dyn/servicedirectory_v1.projects.locations.namespaces.html
index dae53def94e..9d6ce6f2c93 100644
--- a/docs/dyn/servicedirectory_v1.projects.locations.namespaces.html
+++ b/docs/dyn/servicedirectory_v1.projects.locations.namespaces.html
@@ -199,7 +199,7 @@ 
Method Details

 
 { # Request message for `GetIamPolicy` method.
   "options": { # Encapsulates settings provided to GetIamPolicy. # OPTIONAL: A `GetPolicyOptions` object for specifying options to `GetIamPolicy`.
-    "requestedPolicyVersion": 42, # Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+    "requestedPolicyVersion": 42, # Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   },
 }
 
diff --git a/docs/dyn/servicedirectory_v1.projects.locations.namespaces.services.html b/docs/dyn/servicedirectory_v1.projects.locations.namespaces.services.html
index ae56caf5172..81f9b68c363 100644
--- a/docs/dyn/servicedirectory_v1.projects.locations.namespaces.services.html
+++ b/docs/dyn/servicedirectory_v1.projects.locations.namespaces.services.html
@@ -232,7 +232,7 @@ 
Method Details

 
 { # Request message for `GetIamPolicy` method.
   "options": { # Encapsulates settings provided to GetIamPolicy. # OPTIONAL: A `GetPolicyOptions` object for specifying options to `GetIamPolicy`.
-    "requestedPolicyVersion": 42, # Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+    "requestedPolicyVersion": 42, # Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   },
 }
 
diff --git a/docs/dyn/servicedirectory_v1beta1.projects.locations.namespaces.html b/docs/dyn/servicedirectory_v1beta1.projects.locations.namespaces.html
index 06d44720808..212bbcffdb1 100644
--- a/docs/dyn/servicedirectory_v1beta1.projects.locations.namespaces.html
+++ b/docs/dyn/servicedirectory_v1beta1.projects.locations.namespaces.html
@@ -205,7 +205,7 @@ 
Method Details

 
 { # Request message for `GetIamPolicy` method.
   "options": { # Encapsulates settings provided to GetIamPolicy. # OPTIONAL: A `GetPolicyOptions` object for specifying options to `GetIamPolicy`.
-    "requestedPolicyVersion": 42, # Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+    "requestedPolicyVersion": 42, # Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   },
 }
 
diff --git a/docs/dyn/servicedirectory_v1beta1.projects.locations.namespaces.services.html b/docs/dyn/servicedirectory_v1beta1.projects.locations.namespaces.services.html
index 5d4f2148e60..622826e8b3f 100644
--- a/docs/dyn/servicedirectory_v1beta1.projects.locations.namespaces.services.html
+++ b/docs/dyn/servicedirectory_v1beta1.projects.locations.namespaces.services.html
@@ -247,7 +247,7 @@ 
Method Details

 
 { # Request message for `GetIamPolicy` method.
   "options": { # Encapsulates settings provided to GetIamPolicy. # OPTIONAL: A `GetPolicyOptions` object for specifying options to `GetIamPolicy`.
-    "requestedPolicyVersion": 42, # Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+    "requestedPolicyVersion": 42, # Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   },
 }
 
diff --git a/docs/dyn/servicemanagement_v1.services.consumers.html b/docs/dyn/servicemanagement_v1.services.consumers.html
index 948d388a174..836a19ab446 100644
--- a/docs/dyn/servicemanagement_v1.services.consumers.html
+++ b/docs/dyn/servicemanagement_v1.services.consumers.html
@@ -103,7 +103,7 @@ 
Method Details

 
 { # Request message for `GetIamPolicy` method.
   "options": { # Encapsulates settings provided to GetIamPolicy. # OPTIONAL: A `GetPolicyOptions` object for specifying options to `GetIamPolicy`.
-    "requestedPolicyVersion": 42, # Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+    "requestedPolicyVersion": 42, # Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   },
 }
 
diff --git a/docs/dyn/servicemanagement_v1.services.html b/docs/dyn/servicemanagement_v1.services.html
index 03b3c4c41c7..ad30cf67fde 100644
--- a/docs/dyn/servicemanagement_v1.services.html
+++ b/docs/dyn/servicemanagement_v1.services.html
@@ -771,7 +771,7 @@ 
Method Details

 
 { # Request message for `GetIamPolicy` method.
   "options": { # Encapsulates settings provided to GetIamPolicy. # OPTIONAL: A `GetPolicyOptions` object for specifying options to `GetIamPolicy`.
-    "requestedPolicyVersion": 42, # Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+    "requestedPolicyVersion": 42, # Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   },
 }
 
diff --git a/docs/dyn/slides_v1.presentations.html b/docs/dyn/slides_v1.presentations.html
index bee6c9e3ce9..1eaf5113f7a 100644
--- a/docs/dyn/slides_v1.presentations.html
+++ b/docs/dyn/slides_v1.presentations.html
@@ -777,7 +777,1014 @@ 
Method Details

           "isSkipped": True or False, # Whether the slide is skipped in the presentation mode. Defaults to false.
           "layoutObjectId": "A String", # The object ID of the layout that this slide is based on. This property is read-only.
           "masterObjectId": "A String", # The object ID of the master that this slide is based on. This property is read-only.
-          "notesPage": # Object with schema name: Page # The notes page that this slide is associated with. It defines the visual appearance of a notes page when printing or exporting slides with speaker notes. A notes page inherits properties from the notes master. The placeholder shape with type BODY on the notes page contains the speaker notes for this slide. The ID of this shape is identified by the speakerNotesObjectId field. The notes page is read-only except for the text content and styles of the speaker notes shape. This property is read-only.
+          "notesPage": { # A page in a presentation. # The notes page that this slide is associated with. It defines the visual appearance of a notes page when printing or exporting slides with speaker notes. A notes page inherits properties from the notes master. The placeholder shape with type BODY on the notes page contains the speaker notes for this slide. The ID of this shape is identified by the speakerNotesObjectId field. The notes page is read-only except for the text content and styles of the speaker notes shape. This property is read-only.
+            "layoutProperties": { # The properties of Page are only relevant for pages with page_type LAYOUT. # Layout specific properties. Only set if page_type = LAYOUT.
+              "displayName": "A String", # The human-readable name of the layout.
+              "masterObjectId": "A String", # The object ID of the master that this layout is based on.
+              "name": "A String", # The name of the layout.
+            },
+            "masterProperties": { # The properties of Page that are only relevant for pages with page_type MASTER. # Master specific properties. Only set if page_type = MASTER.
+              "displayName": "A String", # The human-readable name of the master.
+            },
+            "notesProperties": { # The properties of Page that are only relevant for pages with page_type NOTES. # Notes specific properties. Only set if page_type = NOTES.
+              "speakerNotesObjectId": "A String", # The object ID of the shape on this notes page that contains the speaker notes for the corresponding slide. The actual shape may not always exist on the notes page. Inserting text using this object ID will automatically create the shape. In this case, the actual shape may have different object ID. The `GetPresentation` or `GetPage` action will always return the latest object ID.
+            },
+            "objectId": "A String", # The object ID for this page. Object IDs used by Page and PageElement share the same namespace.
+            "pageElements": [ # The page elements rendered on the page.
+              { # A visual element rendered on a page.
+                "description": "A String", # The description of the page element. Combined with title to display alt text. The field is not supported for Group elements.
+                "elementGroup": { # A PageElement kind representing a joined collection of PageElements. # A collection of page elements joined as a single unit.
+                  "children": [ # The collection of elements in the group. The minimum size of a group is 2.
+                    # Object with schema name: PageElement
+                  ],
+                },
+                "image": { # A PageElement kind representing an image. # An image page element.
+                  "contentUrl": "A String", # An URL to an image with a default lifetime of 30 minutes. This URL is tagged with the account of the requester. Anyone with the URL effectively accesses the image as the original requester. Access to the image may be lost if the presentation's sharing settings change.
+                  "imageProperties": { # The properties of the Image. # The properties of the image.
+                    "brightness": 3.14, # The brightness effect of the image. The value should be in the interval [-1.0, 1.0], where 0 means no effect. This property is read-only.
+                    "contrast": 3.14, # The contrast effect of the image. The value should be in the interval [-1.0, 1.0], where 0 means no effect. This property is read-only.
+                    "cropProperties": { # The crop properties of an object enclosed in a container. For example, an Image. The crop properties is represented by the offsets of four edges which define a crop rectangle. The offsets are measured in percentage from the corresponding edges of the object's original bounding rectangle towards inside, relative to the object's original dimensions. - If the offset is in the interval (0, 1), the corresponding edge of crop rectangle is positioned inside of the object's original bounding rectangle. - If the offset is negative or greater than 1, the corresponding edge of crop rectangle is positioned outside of the object's original bounding rectangle. - If the left edge of the crop rectangle is on the right side of its right edge, the object will be flipped horizontally. - If the top edge of the crop rectangle is below its bottom edge, the object will be flipped vertically. - If all offsets and rotation angle is 0, the object is not cropped. After cropping, the content in the crop rectangle will be stretched to fit its container. # The crop properties of the image. If not set, the image is not cropped. This property is read-only.
+                      "angle": 3.14, # The rotation angle of the crop window around its center, in radians. Rotation angle is applied after the offset.
+                      "bottomOffset": 3.14, # The offset specifies the bottom edge of the crop rectangle that is located above the original bounding rectangle bottom edge, relative to the object's original height.
+                      "leftOffset": 3.14, # The offset specifies the left edge of the crop rectangle that is located to the right of the original bounding rectangle left edge, relative to the object's original width.
+                      "rightOffset": 3.14, # The offset specifies the right edge of the crop rectangle that is located to the left of the original bounding rectangle right edge, relative to the object's original width.
+                      "topOffset": 3.14, # The offset specifies the top edge of the crop rectangle that is located below the original bounding rectangle top edge, relative to the object's original height.
+                    },
+                    "link": { # A hypertext link. # The hyperlink destination of the image. If unset, there is no link.
+                      "pageObjectId": "A String", # If set, indicates this is a link to the specific page in this presentation with this ID. A page with this ID may not exist.
+                      "relativeLink": "A String", # If set, indicates this is a link to a slide in this presentation, addressed by its position.
+                      "slideIndex": 42, # If set, indicates this is a link to the slide at this zero-based index in the presentation. There may not be a slide at this index.
+                      "url": "A String", # If set, indicates this is a link to the external web page at this URL.
+                    },
+                    "outline": { # The outline of a PageElement. If these fields are unset, they may be inherited from a parent placeholder if it exists. If there is no parent, the fields will default to the value used for new page elements created in the Slides editor, which may depend on the page element kind. # The outline of the image. If not set, the image has no outline.
+                      "dashStyle": "A String", # The dash style of the outline.
+                      "outlineFill": { # The fill of the outline. # The fill of the outline.
+                        "solidFill": { # A solid color fill. The page or page element is filled entirely with the specified color value. If any field is unset, its value may be inherited from a parent placeholder if it exists. # Solid color fill.
+                          "alpha": 3.14, # The fraction of this `color` that should be applied to the pixel. That is, the final pixel color is defined by the equation: pixel color = alpha * (color) + (1.0 - alpha) * (background color) This means that a value of 1.0 corresponds to a solid color, whereas a value of 0.0 corresponds to a completely transparent color.
+                          "color": { # A themeable solid color value. # The color value of the solid fill.
+                            "rgbColor": { # An RGB color. # An opaque RGB color.
+                              "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+                              "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+                              "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+                            },
+                            "themeColor": "A String", # An opaque theme color.
+                          },
+                        },
+                      },
+                      "propertyState": "A String", # The outline property state. Updating the outline on a page element will implicitly update this field to `RENDERED`, unless another value is specified in the same request. To have no outline on a page element, set this field to `NOT_RENDERED`. In this case, any other outline fields set in the same request will be ignored.
+                      "weight": { # A magnitude in a single direction in the specified units. # The thickness of the outline.
+                        "magnitude": 3.14, # The magnitude.
+                        "unit": "A String", # The units for magnitude.
+                      },
+                    },
+                    "recolor": { # A recolor effect applied on an image. # The recolor effect of the image. If not set, the image is not recolored. This property is read-only.
+                      "name": "A String", # The name of the recolor effect. The name is determined from the `recolor_stops` by matching the gradient against the colors in the page's current color scheme. This property is read-only.
+                      "recolorStops": [ # The recolor effect is represented by a gradient, which is a list of color stops. The colors in the gradient will replace the corresponding colors at the same position in the color palette and apply to the image. This property is read-only.
+                        { # A color and position in a gradient band.
+                          "alpha": 3.14, # The alpha value of this color in the gradient band. Defaults to 1.0, fully opaque.
+                          "color": { # A themeable solid color value. # The color of the gradient stop.
+                            "rgbColor": { # An RGB color. # An opaque RGB color.
+                              "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+                              "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+                              "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+                            },
+                            "themeColor": "A String", # An opaque theme color.
+                          },
+                          "position": 3.14, # The relative position of the color stop in the gradient band measured in percentage. The value should be in the interval [0.0, 1.0].
+                        },
+                      ],
+                    },
+                    "shadow": { # The shadow properties of a page element. If these fields are unset, they may be inherited from a parent placeholder if it exists. If there is no parent, the fields will default to the value used for new page elements created in the Slides editor, which may depend on the page element kind. # The shadow of the image. If not set, the image has no shadow. This property is read-only.
+                      "alignment": "A String", # The alignment point of the shadow, that sets the origin for translate, scale and skew of the shadow. This property is read-only.
+                      "alpha": 3.14, # The alpha of the shadow's color, from 0.0 to 1.0.
+                      "blurRadius": { # A magnitude in a single direction in the specified units. # The radius of the shadow blur. The larger the radius, the more diffuse the shadow becomes.
+                        "magnitude": 3.14, # The magnitude.
+                        "unit": "A String", # The units for magnitude.
+                      },
+                      "color": { # A themeable solid color value. # The shadow color value.
+                        "rgbColor": { # An RGB color. # An opaque RGB color.
+                          "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+                          "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+                          "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+                        },
+                        "themeColor": "A String", # An opaque theme color.
+                      },
+                      "propertyState": "A String", # The shadow property state. Updating the shadow on a page element will implicitly update this field to `RENDERED`, unless another value is specified in the same request. To have no shadow on a page element, set this field to `NOT_RENDERED`. In this case, any other shadow fields set in the same request will be ignored.
+                      "rotateWithShape": True or False, # Whether the shadow should rotate with the shape. This property is read-only.
+                      "transform": { # AffineTransform uses a 3x3 matrix with an implied last row of [ 0 0 1 ] to transform source coordinates (x,y) into destination coordinates (x', y') according to: x' x = shear_y scale_y translate_y 1 [ 1 ] After transformation, x' = scale_x * x + shear_x * y + translate_x; y' = scale_y * y + shear_y * x + translate_y; This message is therefore composed of these six matrix elements. # Transform that encodes the translate, scale, and skew of the shadow, relative to the alignment position.
+                        "scaleX": 3.14, # The X coordinate scaling element.
+                        "scaleY": 3.14, # The Y coordinate scaling element.
+                        "shearX": 3.14, # The X coordinate shearing element.
+                        "shearY": 3.14, # The Y coordinate shearing element.
+                        "translateX": 3.14, # The X coordinate translation element.
+                        "translateY": 3.14, # The Y coordinate translation element.
+                        "unit": "A String", # The units for translate elements.
+                      },
+                      "type": "A String", # The type of the shadow. This property is read-only.
+                    },
+                    "transparency": 3.14, # The transparency effect of the image. The value should be in the interval [0.0, 1.0], where 0 means no effect and 1 means completely transparent. This property is read-only.
+                  },
+                  "placeholder": { # The placeholder information that uniquely identifies a placeholder shape. # Placeholders are page elements that inherit from corresponding placeholders on layouts and masters. If set, the image is a placeholder image and any inherited properties can be resolved by looking at the parent placeholder identified by the Placeholder.parent_object_id field.
+                    "index": 42, # The index of the placeholder. If the same placeholder types are present in the same page, they would have different index values.
+                    "parentObjectId": "A String", # The object ID of this shape's parent placeholder. If unset, the parent placeholder shape does not exist, so the shape does not inherit properties from any other shape.
+                    "type": "A String", # The type of the placeholder.
+                  },
+                  "sourceUrl": "A String", # The source URL is the URL used to insert the image. The source URL can be empty.
+                },
+                "line": { # A PageElement kind representing a non-connector line, straight connector, curved connector, or bent connector. # A line page element.
+                  "lineCategory": "A String", # The category of the line. It matches the `category` specified in CreateLineRequest, and can be updated with UpdateLineCategoryRequest.
+                  "lineProperties": { # The properties of the Line. When unset, these fields default to values that match the appearance of new lines created in the Slides editor. # The properties of the line.
+                    "dashStyle": "A String", # The dash style of the line.
+                    "endArrow": "A String", # The style of the arrow at the end of the line.
+                    "endConnection": { # The properties for one end of a Line connection. # The connection at the end of the line. If unset, there is no connection. Only lines with a Type indicating it is a "connector" can have an `end_connection`.
+                      "connectedObjectId": "A String", # The object ID of the connected page element. Some page elements, such as groups, tables, and lines do not have connection sites and therefore cannot be connected to a connector line.
+                      "connectionSiteIndex": 42, # The index of the connection site on the connected page element. In most cases, it corresponds to the predefined connection site index from the ECMA-376 standard. More information on those connection sites can be found in the description of the "cnx" attribute in section 20.1.9.9 and Annex H. "Predefined DrawingML Shape and Text Geometries" of "Office Open XML File Formats-Fundamentals and Markup Language Reference", part 1 of [ECMA-376 5th edition] (http://www.ecma-international.org/publications/standards/Ecma-376.htm). The position of each connection site can also be viewed from Slides editor.
+                    },
+                    "lineFill": { # The fill of the line. # The fill of the line. The default line fill matches the defaults for new lines created in the Slides editor.
+                      "solidFill": { # A solid color fill. The page or page element is filled entirely with the specified color value. If any field is unset, its value may be inherited from a parent placeholder if it exists. # Solid color fill.
+                        "alpha": 3.14, # The fraction of this `color` that should be applied to the pixel. That is, the final pixel color is defined by the equation: pixel color = alpha * (color) + (1.0 - alpha) * (background color) This means that a value of 1.0 corresponds to a solid color, whereas a value of 0.0 corresponds to a completely transparent color.
+                        "color": { # A themeable solid color value. # The color value of the solid fill.
+                          "rgbColor": { # An RGB color. # An opaque RGB color.
+                            "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+                            "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+                            "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+                          },
+                          "themeColor": "A String", # An opaque theme color.
+                        },
+                      },
+                    },
+                    "link": { # A hypertext link. # The hyperlink destination of the line. If unset, there is no link.
+                      "pageObjectId": "A String", # If set, indicates this is a link to the specific page in this presentation with this ID. A page with this ID may not exist.
+                      "relativeLink": "A String", # If set, indicates this is a link to a slide in this presentation, addressed by its position.
+                      "slideIndex": 42, # If set, indicates this is a link to the slide at this zero-based index in the presentation. There may not be a slide at this index.
+                      "url": "A String", # If set, indicates this is a link to the external web page at this URL.
+                    },
+                    "startArrow": "A String", # The style of the arrow at the beginning of the line.
+                    "startConnection": { # The properties for one end of a Line connection. # The connection at the beginning of the line. If unset, there is no connection. Only lines with a Type indicating it is a "connector" can have a `start_connection`.
+                      "connectedObjectId": "A String", # The object ID of the connected page element. Some page elements, such as groups, tables, and lines do not have connection sites and therefore cannot be connected to a connector line.
+                      "connectionSiteIndex": 42, # The index of the connection site on the connected page element. In most cases, it corresponds to the predefined connection site index from the ECMA-376 standard. More information on those connection sites can be found in the description of the "cnx" attribute in section 20.1.9.9 and Annex H. "Predefined DrawingML Shape and Text Geometries" of "Office Open XML File Formats-Fundamentals and Markup Language Reference", part 1 of [ECMA-376 5th edition] (http://www.ecma-international.org/publications/standards/Ecma-376.htm). The position of each connection site can also be viewed from Slides editor.
+                    },
+                    "weight": { # A magnitude in a single direction in the specified units. # The thickness of the line.
+                      "magnitude": 3.14, # The magnitude.
+                      "unit": "A String", # The units for magnitude.
+                    },
+                  },
+                  "lineType": "A String", # The type of the line.
+                },
+                "objectId": "A String", # The object ID for this page element. Object IDs used by google.apps.slides.v1.Page and google.apps.slides.v1.PageElement share the same namespace.
+                "shape": { # A PageElement kind representing a generic shape that does not have a more specific classification. # A generic shape.
+                  "placeholder": { # The placeholder information that uniquely identifies a placeholder shape. # Placeholders are page elements that inherit from corresponding placeholders on layouts and masters. If set, the shape is a placeholder shape and any inherited properties can be resolved by looking at the parent placeholder identified by the Placeholder.parent_object_id field.
+                    "index": 42, # The index of the placeholder. If the same placeholder types are present in the same page, they would have different index values.
+                    "parentObjectId": "A String", # The object ID of this shape's parent placeholder. If unset, the parent placeholder shape does not exist, so the shape does not inherit properties from any other shape.
+                    "type": "A String", # The type of the placeholder.
+                  },
+                  "shapeProperties": { # The properties of a Shape. If the shape is a placeholder shape as determined by the placeholder field, then these properties may be inherited from a parent placeholder shape. Determining the rendered value of the property depends on the corresponding property_state field value. Any text autofit settings on the shape are automatically deactivated by requests that can impact how text fits in the shape. # The properties of the shape.
+                    "autofit": { # The autofit properties of a Shape. # The autofit properties of the shape. This property is only set for shapes that allow text.
+                      "autofitType": "A String", # The autofit type of the shape. If the autofit type is AUTOFIT_TYPE_UNSPECIFIED, the autofit type is inherited from a parent placeholder if it exists. The field is automatically set to NONE if a request is made that might affect text fitting within its bounding text box. In this case the font_scale is applied to the font_size and the line_spacing_reduction is applied to the line_spacing. Both properties are also reset to default values.
+                      "fontScale": 3.14, # The font scale applied to the shape. For shapes with autofit_type NONE or SHAPE_AUTOFIT, this value is the default value of 1. For TEXT_AUTOFIT, this value multiplied by the font_size gives the font size that is rendered in the editor. This property is read-only.
+                      "lineSpacingReduction": 3.14, # The line spacing reduction applied to the shape. For shapes with autofit_type NONE or SHAPE_AUTOFIT, this value is the default value of 0. For TEXT_AUTOFIT, this value subtracted from the line_spacing gives the line spacing that is rendered in the editor. This property is read-only.
+                    },
+                    "contentAlignment": "A String", # The alignment of the content in the shape. If unspecified, the alignment is inherited from a parent placeholder if it exists. If the shape has no parent, the default alignment matches the alignment for new shapes created in the Slides editor.
+                    "link": { # A hypertext link. # The hyperlink destination of the shape. If unset, there is no link. Links are not inherited from parent placeholders.
+                      "pageObjectId": "A String", # If set, indicates this is a link to the specific page in this presentation with this ID. A page with this ID may not exist.
+                      "relativeLink": "A String", # If set, indicates this is a link to a slide in this presentation, addressed by its position.
+                      "slideIndex": 42, # If set, indicates this is a link to the slide at this zero-based index in the presentation. There may not be a slide at this index.
+                      "url": "A String", # If set, indicates this is a link to the external web page at this URL.
+                    },
+                    "outline": { # The outline of a PageElement. If these fields are unset, they may be inherited from a parent placeholder if it exists. If there is no parent, the fields will default to the value used for new page elements created in the Slides editor, which may depend on the page element kind. # The outline of the shape. If unset, the outline is inherited from a parent placeholder if it exists. If the shape has no parent, then the default outline depends on the shape type, matching the defaults for new shapes created in the Slides editor.
+                      "dashStyle": "A String", # The dash style of the outline.
+                      "outlineFill": { # The fill of the outline. # The fill of the outline.
+                        "solidFill": { # A solid color fill. The page or page element is filled entirely with the specified color value. If any field is unset, its value may be inherited from a parent placeholder if it exists. # Solid color fill.
+                          "alpha": 3.14, # The fraction of this `color` that should be applied to the pixel. That is, the final pixel color is defined by the equation: pixel color = alpha * (color) + (1.0 - alpha) * (background color) This means that a value of 1.0 corresponds to a solid color, whereas a value of 0.0 corresponds to a completely transparent color.
+                          "color": { # A themeable solid color value. # The color value of the solid fill.
+                            "rgbColor": { # An RGB color. # An opaque RGB color.
+                              "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+                              "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+                              "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+                            },
+                            "themeColor": "A String", # An opaque theme color.
+                          },
+                        },
+                      },
+                      "propertyState": "A String", # The outline property state. Updating the outline on a page element will implicitly update this field to `RENDERED`, unless another value is specified in the same request. To have no outline on a page element, set this field to `NOT_RENDERED`. In this case, any other outline fields set in the same request will be ignored.
+                      "weight": { # A magnitude in a single direction in the specified units. # The thickness of the outline.
+                        "magnitude": 3.14, # The magnitude.
+                        "unit": "A String", # The units for magnitude.
+                      },
+                    },
+                    "shadow": { # The shadow properties of a page element. If these fields are unset, they may be inherited from a parent placeholder if it exists. If there is no parent, the fields will default to the value used for new page elements created in the Slides editor, which may depend on the page element kind. # The shadow properties of the shape. If unset, the shadow is inherited from a parent placeholder if it exists. If the shape has no parent, then the default shadow matches the defaults for new shapes created in the Slides editor. This property is read-only.
+                      "alignment": "A String", # The alignment point of the shadow, that sets the origin for translate, scale and skew of the shadow. This property is read-only.
+                      "alpha": 3.14, # The alpha of the shadow's color, from 0.0 to 1.0.
+                      "blurRadius": { # A magnitude in a single direction in the specified units. # The radius of the shadow blur. The larger the radius, the more diffuse the shadow becomes.
+                        "magnitude": 3.14, # The magnitude.
+                        "unit": "A String", # The units for magnitude.
+                      },
+                      "color": { # A themeable solid color value. # The shadow color value.
+                        "rgbColor": { # An RGB color. # An opaque RGB color.
+                          "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+                          "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+                          "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+                        },
+                        "themeColor": "A String", # An opaque theme color.
+                      },
+                      "propertyState": "A String", # The shadow property state. Updating the shadow on a page element will implicitly update this field to `RENDERED`, unless another value is specified in the same request. To have no shadow on a page element, set this field to `NOT_RENDERED`. In this case, any other shadow fields set in the same request will be ignored.
+                      "rotateWithShape": True or False, # Whether the shadow should rotate with the shape. This property is read-only.
+                      "transform": { # AffineTransform uses a 3x3 matrix with an implied last row of [ 0 0 1 ] to transform source coordinates (x,y) into destination coordinates (x', y') according to: x' x = shear_y scale_y translate_y 1 [ 1 ] After transformation, x' = scale_x * x + shear_x * y + translate_x; y' = scale_y * y + shear_y * x + translate_y; This message is therefore composed of these six matrix elements. # Transform that encodes the translate, scale, and skew of the shadow, relative to the alignment position.
+                        "scaleX": 3.14, # The X coordinate scaling element.
+                        "scaleY": 3.14, # The Y coordinate scaling element.
+                        "shearX": 3.14, # The X coordinate shearing element.
+                        "shearY": 3.14, # The Y coordinate shearing element.
+                        "translateX": 3.14, # The X coordinate translation element.
+                        "translateY": 3.14, # The Y coordinate translation element.
+                        "unit": "A String", # The units for translate elements.
+                      },
+                      "type": "A String", # The type of the shadow. This property is read-only.
+                    },
+                    "shapeBackgroundFill": { # The shape background fill. # The background fill of the shape. If unset, the background fill is inherited from a parent placeholder if it exists. If the shape has no parent, then the default background fill depends on the shape type, matching the defaults for new shapes created in the Slides editor.
+                      "propertyState": "A String", # The background fill property state. Updating the fill on a shape will implicitly update this field to `RENDERED`, unless another value is specified in the same request. To have no fill on a shape, set this field to `NOT_RENDERED`. In this case, any other fill fields set in the same request will be ignored.
+                      "solidFill": { # A solid color fill. The page or page element is filled entirely with the specified color value. If any field is unset, its value may be inherited from a parent placeholder if it exists. # Solid color fill.
+                        "alpha": 3.14, # The fraction of this `color` that should be applied to the pixel. That is, the final pixel color is defined by the equation: pixel color = alpha * (color) + (1.0 - alpha) * (background color) This means that a value of 1.0 corresponds to a solid color, whereas a value of 0.0 corresponds to a completely transparent color.
+                        "color": { # A themeable solid color value. # The color value of the solid fill.
+                          "rgbColor": { # An RGB color. # An opaque RGB color.
+                            "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+                            "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+                            "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+                          },
+                          "themeColor": "A String", # An opaque theme color.
+                        },
+                      },
+                    },
+                  },
+                  "shapeType": "A String", # The type of the shape.
+                  "text": { # The general text content. The text must reside in a compatible shape (e.g. text box or rectangle) or a table cell in a page. # The text content of the shape.
+                    "lists": { # The bulleted lists contained in this text, keyed by list ID.
+                      "a_key": { # A List describes the look and feel of bullets belonging to paragraphs associated with a list. A paragraph that is part of a list has an implicit reference to that list's ID.
+                        "listId": "A String", # The ID of the list.
+                        "nestingLevel": { # A map of nesting levels to the properties of bullets at the associated level. A list has at most nine levels of nesting, so the possible values for the keys of this map are 0 through 8, inclusive.
+                          "a_key": { # Contains properties describing the look and feel of a list bullet at a given level of nesting.
+                            "bulletStyle": { # Represents the styling that can be applied to a TextRun. If this text is contained in a shape with a parent placeholder, then these text styles may be inherited from the parent. Which text styles are inherited depend on the nesting level of lists: * A text run in a paragraph that is not in a list will inherit its text style from the the newline character in the paragraph at the 0 nesting level of the list inside the parent placeholder. * A text run in a paragraph that is in a list will inherit its text style from the newline character in the paragraph at its corresponding nesting level of the list inside the parent placeholder. Inherited text styles are represented as unset fields in this message. If text is contained in a shape without a parent placeholder, unsetting these fields will revert the style to a value matching the defaults in the Slides editor. # The style of a bullet at this level of nesting.
+                              "backgroundColor": { # A color that can either be fully opaque or fully transparent. # The background color of the text. If set, the color is either opaque or transparent, depending on if the `opaque_color` field in it is set.
+                                "opaqueColor": { # A themeable solid color value. # If set, this will be used as an opaque color. If unset, this represents a transparent color.
+                                  "rgbColor": { # An RGB color. # An opaque RGB color.
+                                    "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+                                    "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+                                    "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+                                  },
+                                  "themeColor": "A String", # An opaque theme color.
+                                },
+                              },
+                              "baselineOffset": "A String", # The text's vertical offset from its normal position. Text with `SUPERSCRIPT` or `SUBSCRIPT` baseline offsets is automatically rendered in a smaller font size, computed based on the `font_size` field. The `font_size` itself is not affected by changes in this field.
+                              "bold": True or False, # Whether or not the text is rendered as bold.
+                              "fontFamily": "A String", # The font family of the text. The font family can be any font from the Font menu in Slides or from [Google Fonts] (https://fonts.google.com/). If the font name is unrecognized, the text is rendered in `Arial`. Some fonts can affect the weight of the text. If an update request specifies values for both `font_family` and `bold`, the explicitly-set `bold` value is used.
+                              "fontSize": { # A magnitude in a single direction in the specified units. # The size of the text's font. When read, the `font_size` will specified in points.
+                                "magnitude": 3.14, # The magnitude.
+                                "unit": "A String", # The units for magnitude.
+                              },
+                              "foregroundColor": { # A color that can either be fully opaque or fully transparent. # The color of the text itself. If set, the color is either opaque or transparent, depending on if the `opaque_color` field in it is set.
+                                "opaqueColor": { # A themeable solid color value. # If set, this will be used as an opaque color. If unset, this represents a transparent color.
+                                  "rgbColor": { # An RGB color. # An opaque RGB color.
+                                    "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+                                    "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+                                    "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+                                  },
+                                  "themeColor": "A String", # An opaque theme color.
+                                },
+                              },
+                              "italic": True or False, # Whether or not the text is italicized.
+                              "link": { # A hypertext link. # The hyperlink destination of the text. If unset, there is no link. Links are not inherited from parent text. Changing the link in an update request causes some other changes to the text style of the range: * When setting a link, the text foreground color will be set to ThemeColorType.HYPERLINK and the text will be underlined. If these fields are modified in the same request, those values will be used instead of the link defaults. * Setting a link on a text range that overlaps with an existing link will also update the existing link to point to the new URL. * Links are not settable on newline characters. As a result, setting a link on a text range that crosses a paragraph boundary, such as `"ABC\n123"`, will separate the newline character(s) into their own text runs. The link will be applied separately to the runs before and after the newline. * Removing a link will update the text style of the range to match the style of the preceding text (or the default text styles if the preceding text is another link) unless different styles are being set in the same request.
+                                "pageObjectId": "A String", # If set, indicates this is a link to the specific page in this presentation with this ID. A page with this ID may not exist.
+                                "relativeLink": "A String", # If set, indicates this is a link to a slide in this presentation, addressed by its position.
+                                "slideIndex": 42, # If set, indicates this is a link to the slide at this zero-based index in the presentation. There may not be a slide at this index.
+                                "url": "A String", # If set, indicates this is a link to the external web page at this URL.
+                              },
+                              "smallCaps": True or False, # Whether or not the text is in small capital letters.
+                              "strikethrough": True or False, # Whether or not the text is struck through.
+                              "underline": True or False, # Whether or not the text is underlined.
+                              "weightedFontFamily": { # Represents a font family and weight used to style a TextRun. # The font family and rendered weight of the text. This field is an extension of `font_family` meant to support explicit font weights without breaking backwards compatibility. As such, when reading the style of a range of text, the value of `weighted_font_family#font_family` will always be equal to that of `font_family`. However, when writing, if both fields are included in the field mask (either explicitly or through the wildcard `"*"`), their values are reconciled as follows: * If `font_family` is set and `weighted_font_family` is not, the value of `font_family` is applied with weight `400` ("normal"). * If both fields are set, the value of `font_family` must match that of `weighted_font_family#font_family`. If so, the font family and weight of `weighted_font_family` is applied. Otherwise, a 400 bad request error is returned. * If `weighted_font_family` is set and `font_family` is not, the font family and weight of `weighted_font_family` is applied. * If neither field is set, the font family and weight of the text inherit from the parent. Note that these properties cannot inherit separately from each other. If an update request specifies values for both `weighted_font_family` and `bold`, the `weighted_font_family` is applied first, then `bold`. If `weighted_font_family#weight` is not set, it defaults to `400`. If `weighted_font_family` is set, then `weighted_font_family#font_family` must also be set with a non-empty value. Otherwise, a 400 bad request error is returned.
+                                "fontFamily": "A String", # The font family of the text. The font family can be any font from the Font menu in Slides or from [Google Fonts] (https://fonts.google.com/). If the font name is unrecognized, the text is rendered in `Arial`.
+                                "weight": 42, # The rendered weight of the text. This field can have any value that is a multiple of `100` between `100` and `900`, inclusive. This range corresponds to the numerical values described in the CSS 2.1 Specification, [section 15.6](https://www.w3.org/TR/CSS21/fonts.html#font-boldness), with non-numerical values disallowed. Weights greater than or equal to `700` are considered bold, and weights less than `700`are not bold. The default value is `400` ("normal").
+                              },
+                            },
+                          },
+                        },
+                      },
+                    },
+                    "textElements": [ # The text contents broken down into its component parts, including styling information. This property is read-only.
+                      { # A TextElement describes the content of a range of indices in the text content of a Shape or TableCell.
+                        "autoText": { # A TextElement kind that represents auto text. # A TextElement representing a spot in the text that is dynamically replaced with content that can change over time.
+                          "content": "A String", # The rendered content of this auto text, if available.
+                          "style": { # Represents the styling that can be applied to a TextRun. If this text is contained in a shape with a parent placeholder, then these text styles may be inherited from the parent. Which text styles are inherited depend on the nesting level of lists: * A text run in a paragraph that is not in a list will inherit its text style from the the newline character in the paragraph at the 0 nesting level of the list inside the parent placeholder. * A text run in a paragraph that is in a list will inherit its text style from the newline character in the paragraph at its corresponding nesting level of the list inside the parent placeholder. Inherited text styles are represented as unset fields in this message. If text is contained in a shape without a parent placeholder, unsetting these fields will revert the style to a value matching the defaults in the Slides editor. # The styling applied to this auto text.
+                            "backgroundColor": { # A color that can either be fully opaque or fully transparent. # The background color of the text. If set, the color is either opaque or transparent, depending on if the `opaque_color` field in it is set.
+                              "opaqueColor": { # A themeable solid color value. # If set, this will be used as an opaque color. If unset, this represents a transparent color.
+                                "rgbColor": { # An RGB color. # An opaque RGB color.
+                                  "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+                                  "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+                                  "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+                                },
+                                "themeColor": "A String", # An opaque theme color.
+                              },
+                            },
+                            "baselineOffset": "A String", # The text's vertical offset from its normal position. Text with `SUPERSCRIPT` or `SUBSCRIPT` baseline offsets is automatically rendered in a smaller font size, computed based on the `font_size` field. The `font_size` itself is not affected by changes in this field.
+                            "bold": True or False, # Whether or not the text is rendered as bold.
+                            "fontFamily": "A String", # The font family of the text. The font family can be any font from the Font menu in Slides or from [Google Fonts] (https://fonts.google.com/). If the font name is unrecognized, the text is rendered in `Arial`. Some fonts can affect the weight of the text. If an update request specifies values for both `font_family` and `bold`, the explicitly-set `bold` value is used.
+                            "fontSize": { # A magnitude in a single direction in the specified units. # The size of the text's font. When read, the `font_size` will specified in points.
+                              "magnitude": 3.14, # The magnitude.
+                              "unit": "A String", # The units for magnitude.
+                            },
+                            "foregroundColor": { # A color that can either be fully opaque or fully transparent. # The color of the text itself. If set, the color is either opaque or transparent, depending on if the `opaque_color` field in it is set.
+                              "opaqueColor": { # A themeable solid color value. # If set, this will be used as an opaque color. If unset, this represents a transparent color.
+                                "rgbColor": { # An RGB color. # An opaque RGB color.
+                                  "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+                                  "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+                                  "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+                                },
+                                "themeColor": "A String", # An opaque theme color.
+                              },
+                            },
+                            "italic": True or False, # Whether or not the text is italicized.
+                            "link": { # A hypertext link. # The hyperlink destination of the text. If unset, there is no link. Links are not inherited from parent text. Changing the link in an update request causes some other changes to the text style of the range: * When setting a link, the text foreground color will be set to ThemeColorType.HYPERLINK and the text will be underlined. If these fields are modified in the same request, those values will be used instead of the link defaults. * Setting a link on a text range that overlaps with an existing link will also update the existing link to point to the new URL. * Links are not settable on newline characters. As a result, setting a link on a text range that crosses a paragraph boundary, such as `"ABC\n123"`, will separate the newline character(s) into their own text runs. The link will be applied separately to the runs before and after the newline. * Removing a link will update the text style of the range to match the style of the preceding text (or the default text styles if the preceding text is another link) unless different styles are being set in the same request.
+                              "pageObjectId": "A String", # If set, indicates this is a link to the specific page in this presentation with this ID. A page with this ID may not exist.
+                              "relativeLink": "A String", # If set, indicates this is a link to a slide in this presentation, addressed by its position.
+                              "slideIndex": 42, # If set, indicates this is a link to the slide at this zero-based index in the presentation. There may not be a slide at this index.
+                              "url": "A String", # If set, indicates this is a link to the external web page at this URL.
+                            },
+                            "smallCaps": True or False, # Whether or not the text is in small capital letters.
+                            "strikethrough": True or False, # Whether or not the text is struck through.
+                            "underline": True or False, # Whether or not the text is underlined.
+                            "weightedFontFamily": { # Represents a font family and weight used to style a TextRun. # The font family and rendered weight of the text. This field is an extension of `font_family` meant to support explicit font weights without breaking backwards compatibility. As such, when reading the style of a range of text, the value of `weighted_font_family#font_family` will always be equal to that of `font_family`. However, when writing, if both fields are included in the field mask (either explicitly or through the wildcard `"*"`), their values are reconciled as follows: * If `font_family` is set and `weighted_font_family` is not, the value of `font_family` is applied with weight `400` ("normal"). * If both fields are set, the value of `font_family` must match that of `weighted_font_family#font_family`. If so, the font family and weight of `weighted_font_family` is applied. Otherwise, a 400 bad request error is returned. * If `weighted_font_family` is set and `font_family` is not, the font family and weight of `weighted_font_family` is applied. * If neither field is set, the font family and weight of the text inherit from the parent. Note that these properties cannot inherit separately from each other. If an update request specifies values for both `weighted_font_family` and `bold`, the `weighted_font_family` is applied first, then `bold`. If `weighted_font_family#weight` is not set, it defaults to `400`. If `weighted_font_family` is set, then `weighted_font_family#font_family` must also be set with a non-empty value. Otherwise, a 400 bad request error is returned.
+                              "fontFamily": "A String", # The font family of the text. The font family can be any font from the Font menu in Slides or from [Google Fonts] (https://fonts.google.com/). If the font name is unrecognized, the text is rendered in `Arial`.
+                              "weight": 42, # The rendered weight of the text. This field can have any value that is a multiple of `100` between `100` and `900`, inclusive. This range corresponds to the numerical values described in the CSS 2.1 Specification, [section 15.6](https://www.w3.org/TR/CSS21/fonts.html#font-boldness), with non-numerical values disallowed. Weights greater than or equal to `700` are considered bold, and weights less than `700`are not bold. The default value is `400` ("normal").
+                            },
+                          },
+                          "type": "A String", # The type of this auto text.
+                        },
+                        "endIndex": 42, # The zero-based end index of this text element, exclusive, in Unicode code units.
+                        "paragraphMarker": { # A TextElement kind that represents the beginning of a new paragraph. # A marker representing the beginning of a new paragraph. The `start_index` and `end_index` of this TextElement represent the range of the paragraph. Other TextElements with an index range contained inside this paragraph's range are considered to be part of this paragraph. The range of indices of two separate paragraphs will never overlap.
+                          "bullet": { # Describes the bullet of a paragraph. # The bullet for this paragraph. If not present, the paragraph does not belong to a list.
+                            "bulletStyle": { # Represents the styling that can be applied to a TextRun. If this text is contained in a shape with a parent placeholder, then these text styles may be inherited from the parent. Which text styles are inherited depend on the nesting level of lists: * A text run in a paragraph that is not in a list will inherit its text style from the the newline character in the paragraph at the 0 nesting level of the list inside the parent placeholder. * A text run in a paragraph that is in a list will inherit its text style from the newline character in the paragraph at its corresponding nesting level of the list inside the parent placeholder. Inherited text styles are represented as unset fields in this message. If text is contained in a shape without a parent placeholder, unsetting these fields will revert the style to a value matching the defaults in the Slides editor. # The paragraph specific text style applied to this bullet.
+                              "backgroundColor": { # A color that can either be fully opaque or fully transparent. # The background color of the text. If set, the color is either opaque or transparent, depending on if the `opaque_color` field in it is set.
+                                "opaqueColor": { # A themeable solid color value. # If set, this will be used as an opaque color. If unset, this represents a transparent color.
+                                  "rgbColor": { # An RGB color. # An opaque RGB color.
+                                    "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+                                    "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+                                    "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+                                  },
+                                  "themeColor": "A String", # An opaque theme color.
+                                },
+                              },
+                              "baselineOffset": "A String", # The text's vertical offset from its normal position. Text with `SUPERSCRIPT` or `SUBSCRIPT` baseline offsets is automatically rendered in a smaller font size, computed based on the `font_size` field. The `font_size` itself is not affected by changes in this field.
+                              "bold": True or False, # Whether or not the text is rendered as bold.
+                              "fontFamily": "A String", # The font family of the text. The font family can be any font from the Font menu in Slides or from [Google Fonts] (https://fonts.google.com/). If the font name is unrecognized, the text is rendered in `Arial`. Some fonts can affect the weight of the text. If an update request specifies values for both `font_family` and `bold`, the explicitly-set `bold` value is used.
+                              "fontSize": { # A magnitude in a single direction in the specified units. # The size of the text's font. When read, the `font_size` will specified in points.
+                                "magnitude": 3.14, # The magnitude.
+                                "unit": "A String", # The units for magnitude.
+                              },
+                              "foregroundColor": { # A color that can either be fully opaque or fully transparent. # The color of the text itself. If set, the color is either opaque or transparent, depending on if the `opaque_color` field in it is set.
+                                "opaqueColor": { # A themeable solid color value. # If set, this will be used as an opaque color. If unset, this represents a transparent color.
+                                  "rgbColor": { # An RGB color. # An opaque RGB color.
+                                    "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+                                    "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+                                    "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+                                  },
+                                  "themeColor": "A String", # An opaque theme color.
+                                },
+                              },
+                              "italic": True or False, # Whether or not the text is italicized.
+                              "link": { # A hypertext link. # The hyperlink destination of the text. If unset, there is no link. Links are not inherited from parent text. Changing the link in an update request causes some other changes to the text style of the range: * When setting a link, the text foreground color will be set to ThemeColorType.HYPERLINK and the text will be underlined. If these fields are modified in the same request, those values will be used instead of the link defaults. * Setting a link on a text range that overlaps with an existing link will also update the existing link to point to the new URL. * Links are not settable on newline characters. As a result, setting a link on a text range that crosses a paragraph boundary, such as `"ABC\n123"`, will separate the newline character(s) into their own text runs. The link will be applied separately to the runs before and after the newline. * Removing a link will update the text style of the range to match the style of the preceding text (or the default text styles if the preceding text is another link) unless different styles are being set in the same request.
+                                "pageObjectId": "A String", # If set, indicates this is a link to the specific page in this presentation with this ID. A page with this ID may not exist.
+                                "relativeLink": "A String", # If set, indicates this is a link to a slide in this presentation, addressed by its position.
+                                "slideIndex": 42, # If set, indicates this is a link to the slide at this zero-based index in the presentation. There may not be a slide at this index.
+                                "url": "A String", # If set, indicates this is a link to the external web page at this URL.
+                              },
+                              "smallCaps": True or False, # Whether or not the text is in small capital letters.
+                              "strikethrough": True or False, # Whether or not the text is struck through.
+                              "underline": True or False, # Whether or not the text is underlined.
+                              "weightedFontFamily": { # Represents a font family and weight used to style a TextRun. # The font family and rendered weight of the text. This field is an extension of `font_family` meant to support explicit font weights without breaking backwards compatibility. As such, when reading the style of a range of text, the value of `weighted_font_family#font_family` will always be equal to that of `font_family`. However, when writing, if both fields are included in the field mask (either explicitly or through the wildcard `"*"`), their values are reconciled as follows: * If `font_family` is set and `weighted_font_family` is not, the value of `font_family` is applied with weight `400` ("normal"). * If both fields are set, the value of `font_family` must match that of `weighted_font_family#font_family`. If so, the font family and weight of `weighted_font_family` is applied. Otherwise, a 400 bad request error is returned. * If `weighted_font_family` is set and `font_family` is not, the font family and weight of `weighted_font_family` is applied. * If neither field is set, the font family and weight of the text inherit from the parent. Note that these properties cannot inherit separately from each other. If an update request specifies values for both `weighted_font_family` and `bold`, the `weighted_font_family` is applied first, then `bold`. If `weighted_font_family#weight` is not set, it defaults to `400`. If `weighted_font_family` is set, then `weighted_font_family#font_family` must also be set with a non-empty value. Otherwise, a 400 bad request error is returned.
+                                "fontFamily": "A String", # The font family of the text. The font family can be any font from the Font menu in Slides or from [Google Fonts] (https://fonts.google.com/). If the font name is unrecognized, the text is rendered in `Arial`.
+                                "weight": 42, # The rendered weight of the text. This field can have any value that is a multiple of `100` between `100` and `900`, inclusive. This range corresponds to the numerical values described in the CSS 2.1 Specification, [section 15.6](https://www.w3.org/TR/CSS21/fonts.html#font-boldness), with non-numerical values disallowed. Weights greater than or equal to `700` are considered bold, and weights less than `700`are not bold. The default value is `400` ("normal").
+                              },
+                            },
+                            "glyph": "A String", # The rendered bullet glyph for this paragraph.
+                            "listId": "A String", # The ID of the list this paragraph belongs to.
+                            "nestingLevel": 42, # The nesting level of this paragraph in the list.
+                          },
+                          "style": { # Styles that apply to a whole paragraph. If this text is contained in a shape with a parent placeholder, then these paragraph styles may be inherited from the parent. Which paragraph styles are inherited depend on the nesting level of lists: * A paragraph not in a list will inherit its paragraph style from the paragraph at the 0 nesting level of the list inside the parent placeholder. * A paragraph in a list will inherit its paragraph style from the paragraph at its corresponding nesting level of the list inside the parent placeholder. Inherited paragraph styles are represented as unset fields in this message. # The paragraph's style
+                            "alignment": "A String", # The text alignment for this paragraph.
+                            "direction": "A String", # The text direction of this paragraph. If unset, the value defaults to LEFT_TO_RIGHT since text direction is not inherited.
+                            "indentEnd": { # A magnitude in a single direction in the specified units. # The amount indentation for the paragraph on the side that corresponds to the end of the text, based on the current text direction. If unset, the value is inherited from the parent.
+                              "magnitude": 3.14, # The magnitude.
+                              "unit": "A String", # The units for magnitude.
+                            },
+                            "indentFirstLine": { # A magnitude in a single direction in the specified units. # The amount of indentation for the start of the first line of the paragraph. If unset, the value is inherited from the parent.
+                              "magnitude": 3.14, # The magnitude.
+                              "unit": "A String", # The units for magnitude.
+                            },
+                            "indentStart": { # A magnitude in a single direction in the specified units. # The amount indentation for the paragraph on the side that corresponds to the start of the text, based on the current text direction. If unset, the value is inherited from the parent.
+                              "magnitude": 3.14, # The magnitude.
+                              "unit": "A String", # The units for magnitude.
+                            },
+                            "lineSpacing": 3.14, # The amount of space between lines, as a percentage of normal, where normal is represented as 100.0. If unset, the value is inherited from the parent.
+                            "spaceAbove": { # A magnitude in a single direction in the specified units. # The amount of extra space above the paragraph. If unset, the value is inherited from the parent.
+                              "magnitude": 3.14, # The magnitude.
+                              "unit": "A String", # The units for magnitude.
+                            },
+                            "spaceBelow": { # A magnitude in a single direction in the specified units. # The amount of extra space below the paragraph. If unset, the value is inherited from the parent.
+                              "magnitude": 3.14, # The magnitude.
+                              "unit": "A String", # The units for magnitude.
+                            },
+                            "spacingMode": "A String", # The spacing mode for the paragraph.
+                          },
+                        },
+                        "startIndex": 42, # The zero-based start index of this text element, in Unicode code units.
+                        "textRun": { # A TextElement kind that represents a run of text that all has the same styling. # A TextElement representing a run of text where all of the characters in the run have the same TextStyle. The `start_index` and `end_index` of TextRuns will always be fully contained in the index range of a single `paragraph_marker` TextElement. In other words, a TextRun will never span multiple paragraphs.
+                          "content": "A String", # The text of this run.
+                          "style": { # Represents the styling that can be applied to a TextRun. If this text is contained in a shape with a parent placeholder, then these text styles may be inherited from the parent. Which text styles are inherited depend on the nesting level of lists: * A text run in a paragraph that is not in a list will inherit its text style from the the newline character in the paragraph at the 0 nesting level of the list inside the parent placeholder. * A text run in a paragraph that is in a list will inherit its text style from the newline character in the paragraph at its corresponding nesting level of the list inside the parent placeholder. Inherited text styles are represented as unset fields in this message. If text is contained in a shape without a parent placeholder, unsetting these fields will revert the style to a value matching the defaults in the Slides editor. # The styling applied to this run.
+                            "backgroundColor": { # A color that can either be fully opaque or fully transparent. # The background color of the text. If set, the color is either opaque or transparent, depending on if the `opaque_color` field in it is set.
+                              "opaqueColor": { # A themeable solid color value. # If set, this will be used as an opaque color. If unset, this represents a transparent color.
+                                "rgbColor": { # An RGB color. # An opaque RGB color.
+                                  "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+                                  "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+                                  "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+                                },
+                                "themeColor": "A String", # An opaque theme color.
+                              },
+                            },
+                            "baselineOffset": "A String", # The text's vertical offset from its normal position. Text with `SUPERSCRIPT` or `SUBSCRIPT` baseline offsets is automatically rendered in a smaller font size, computed based on the `font_size` field. The `font_size` itself is not affected by changes in this field.
+                            "bold": True or False, # Whether or not the text is rendered as bold.
+                            "fontFamily": "A String", # The font family of the text. The font family can be any font from the Font menu in Slides or from [Google Fonts] (https://fonts.google.com/). If the font name is unrecognized, the text is rendered in `Arial`. Some fonts can affect the weight of the text. If an update request specifies values for both `font_family` and `bold`, the explicitly-set `bold` value is used.
+                            "fontSize": { # A magnitude in a single direction in the specified units. # The size of the text's font. When read, the `font_size` will specified in points.
+                              "magnitude": 3.14, # The magnitude.
+                              "unit": "A String", # The units for magnitude.
+                            },
+                            "foregroundColor": { # A color that can either be fully opaque or fully transparent. # The color of the text itself. If set, the color is either opaque or transparent, depending on if the `opaque_color` field in it is set.
+                              "opaqueColor": { # A themeable solid color value. # If set, this will be used as an opaque color. If unset, this represents a transparent color.
+                                "rgbColor": { # An RGB color. # An opaque RGB color.
+                                  "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+                                  "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+                                  "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+                                },
+                                "themeColor": "A String", # An opaque theme color.
+                              },
+                            },
+                            "italic": True or False, # Whether or not the text is italicized.
+                            "link": { # A hypertext link. # The hyperlink destination of the text. If unset, there is no link. Links are not inherited from parent text. Changing the link in an update request causes some other changes to the text style of the range: * When setting a link, the text foreground color will be set to ThemeColorType.HYPERLINK and the text will be underlined. If these fields are modified in the same request, those values will be used instead of the link defaults. * Setting a link on a text range that overlaps with an existing link will also update the existing link to point to the new URL. * Links are not settable on newline characters. As a result, setting a link on a text range that crosses a paragraph boundary, such as `"ABC\n123"`, will separate the newline character(s) into their own text runs. The link will be applied separately to the runs before and after the newline. * Removing a link will update the text style of the range to match the style of the preceding text (or the default text styles if the preceding text is another link) unless different styles are being set in the same request.
+                              "pageObjectId": "A String", # If set, indicates this is a link to the specific page in this presentation with this ID. A page with this ID may not exist.
+                              "relativeLink": "A String", # If set, indicates this is a link to a slide in this presentation, addressed by its position.
+                              "slideIndex": 42, # If set, indicates this is a link to the slide at this zero-based index in the presentation. There may not be a slide at this index.
+                              "url": "A String", # If set, indicates this is a link to the external web page at this URL.
+                            },
+                            "smallCaps": True or False, # Whether or not the text is in small capital letters.
+                            "strikethrough": True or False, # Whether or not the text is struck through.
+                            "underline": True or False, # Whether or not the text is underlined.
+                            "weightedFontFamily": { # Represents a font family and weight used to style a TextRun. # The font family and rendered weight of the text. This field is an extension of `font_family` meant to support explicit font weights without breaking backwards compatibility. As such, when reading the style of a range of text, the value of `weighted_font_family#font_family` will always be equal to that of `font_family`. However, when writing, if both fields are included in the field mask (either explicitly or through the wildcard `"*"`), their values are reconciled as follows: * If `font_family` is set and `weighted_font_family` is not, the value of `font_family` is applied with weight `400` ("normal"). * If both fields are set, the value of `font_family` must match that of `weighted_font_family#font_family`. If so, the font family and weight of `weighted_font_family` is applied. Otherwise, a 400 bad request error is returned. * If `weighted_font_family` is set and `font_family` is not, the font family and weight of `weighted_font_family` is applied. * If neither field is set, the font family and weight of the text inherit from the parent. Note that these properties cannot inherit separately from each other. If an update request specifies values for both `weighted_font_family` and `bold`, the `weighted_font_family` is applied first, then `bold`. If `weighted_font_family#weight` is not set, it defaults to `400`. If `weighted_font_family` is set, then `weighted_font_family#font_family` must also be set with a non-empty value. Otherwise, a 400 bad request error is returned.
+                              "fontFamily": "A String", # The font family of the text. The font family can be any font from the Font menu in Slides or from [Google Fonts] (https://fonts.google.com/). If the font name is unrecognized, the text is rendered in `Arial`.
+                              "weight": 42, # The rendered weight of the text. This field can have any value that is a multiple of `100` between `100` and `900`, inclusive. This range corresponds to the numerical values described in the CSS 2.1 Specification, [section 15.6](https://www.w3.org/TR/CSS21/fonts.html#font-boldness), with non-numerical values disallowed. Weights greater than or equal to `700` are considered bold, and weights less than `700`are not bold. The default value is `400` ("normal").
+                            },
+                          },
+                        },
+                      },
+                    ],
+                  },
+                },
+                "sheetsChart": { # A PageElement kind representing a linked chart embedded from Google Sheets. # A linked chart embedded from Google Sheets. Unlinked charts are represented as images.
+                  "chartId": 42, # The ID of the specific chart in the Google Sheets spreadsheet that is embedded.
+                  "contentUrl": "A String", # The URL of an image of the embedded chart, with a default lifetime of 30 minutes. This URL is tagged with the account of the requester. Anyone with the URL effectively accesses the image as the original requester. Access to the image may be lost if the presentation's sharing settings change.
+                  "sheetsChartProperties": { # The properties of the SheetsChart. # The properties of the Sheets chart.
+                    "chartImageProperties": { # The properties of the Image. # The properties of the embedded chart image.
+                      "brightness": 3.14, # The brightness effect of the image. The value should be in the interval [-1.0, 1.0], where 0 means no effect. This property is read-only.
+                      "contrast": 3.14, # The contrast effect of the image. The value should be in the interval [-1.0, 1.0], where 0 means no effect. This property is read-only.
+                      "cropProperties": { # The crop properties of an object enclosed in a container. For example, an Image. The crop properties is represented by the offsets of four edges which define a crop rectangle. The offsets are measured in percentage from the corresponding edges of the object's original bounding rectangle towards inside, relative to the object's original dimensions. - If the offset is in the interval (0, 1), the corresponding edge of crop rectangle is positioned inside of the object's original bounding rectangle. - If the offset is negative or greater than 1, the corresponding edge of crop rectangle is positioned outside of the object's original bounding rectangle. - If the left edge of the crop rectangle is on the right side of its right edge, the object will be flipped horizontally. - If the top edge of the crop rectangle is below its bottom edge, the object will be flipped vertically. - If all offsets and rotation angle is 0, the object is not cropped. After cropping, the content in the crop rectangle will be stretched to fit its container. # The crop properties of the image. If not set, the image is not cropped. This property is read-only.
+                        "angle": 3.14, # The rotation angle of the crop window around its center, in radians. Rotation angle is applied after the offset.
+                        "bottomOffset": 3.14, # The offset specifies the bottom edge of the crop rectangle that is located above the original bounding rectangle bottom edge, relative to the object's original height.
+                        "leftOffset": 3.14, # The offset specifies the left edge of the crop rectangle that is located to the right of the original bounding rectangle left edge, relative to the object's original width.
+                        "rightOffset": 3.14, # The offset specifies the right edge of the crop rectangle that is located to the left of the original bounding rectangle right edge, relative to the object's original width.
+                        "topOffset": 3.14, # The offset specifies the top edge of the crop rectangle that is located below the original bounding rectangle top edge, relative to the object's original height.
+                      },
+                      "link": { # A hypertext link. # The hyperlink destination of the image. If unset, there is no link.
+                        "pageObjectId": "A String", # If set, indicates this is a link to the specific page in this presentation with this ID. A page with this ID may not exist.
+                        "relativeLink": "A String", # If set, indicates this is a link to a slide in this presentation, addressed by its position.
+                        "slideIndex": 42, # If set, indicates this is a link to the slide at this zero-based index in the presentation. There may not be a slide at this index.
+                        "url": "A String", # If set, indicates this is a link to the external web page at this URL.
+                      },
+                      "outline": { # The outline of a PageElement. If these fields are unset, they may be inherited from a parent placeholder if it exists. If there is no parent, the fields will default to the value used for new page elements created in the Slides editor, which may depend on the page element kind. # The outline of the image. If not set, the image has no outline.
+                        "dashStyle": "A String", # The dash style of the outline.
+                        "outlineFill": { # The fill of the outline. # The fill of the outline.
+                          "solidFill": { # A solid color fill. The page or page element is filled entirely with the specified color value. If any field is unset, its value may be inherited from a parent placeholder if it exists. # Solid color fill.
+                            "alpha": 3.14, # The fraction of this `color` that should be applied to the pixel. That is, the final pixel color is defined by the equation: pixel color = alpha * (color) + (1.0 - alpha) * (background color) This means that a value of 1.0 corresponds to a solid color, whereas a value of 0.0 corresponds to a completely transparent color.
+                            "color": { # A themeable solid color value. # The color value of the solid fill.
+                              "rgbColor": { # An RGB color. # An opaque RGB color.
+                                "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+                                "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+                                "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+                              },
+                              "themeColor": "A String", # An opaque theme color.
+                            },
+                          },
+                        },
+                        "propertyState": "A String", # The outline property state. Updating the outline on a page element will implicitly update this field to `RENDERED`, unless another value is specified in the same request. To have no outline on a page element, set this field to `NOT_RENDERED`. In this case, any other outline fields set in the same request will be ignored.
+                        "weight": { # A magnitude in a single direction in the specified units. # The thickness of the outline.
+                          "magnitude": 3.14, # The magnitude.
+                          "unit": "A String", # The units for magnitude.
+                        },
+                      },
+                      "recolor": { # A recolor effect applied on an image. # The recolor effect of the image. If not set, the image is not recolored. This property is read-only.
+                        "name": "A String", # The name of the recolor effect. The name is determined from the `recolor_stops` by matching the gradient against the colors in the page's current color scheme. This property is read-only.
+                        "recolorStops": [ # The recolor effect is represented by a gradient, which is a list of color stops. The colors in the gradient will replace the corresponding colors at the same position in the color palette and apply to the image. This property is read-only.
+                          { # A color and position in a gradient band.
+                            "alpha": 3.14, # The alpha value of this color in the gradient band. Defaults to 1.0, fully opaque.
+                            "color": { # A themeable solid color value. # The color of the gradient stop.
+                              "rgbColor": { # An RGB color. # An opaque RGB color.
+                                "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+                                "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+                                "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+                              },
+                              "themeColor": "A String", # An opaque theme color.
+                            },
+                            "position": 3.14, # The relative position of the color stop in the gradient band measured in percentage. The value should be in the interval [0.0, 1.0].
+                          },
+                        ],
+                      },
+                      "shadow": { # The shadow properties of a page element. If these fields are unset, they may be inherited from a parent placeholder if it exists. If there is no parent, the fields will default to the value used for new page elements created in the Slides editor, which may depend on the page element kind. # The shadow of the image. If not set, the image has no shadow. This property is read-only.
+                        "alignment": "A String", # The alignment point of the shadow, that sets the origin for translate, scale and skew of the shadow. This property is read-only.
+                        "alpha": 3.14, # The alpha of the shadow's color, from 0.0 to 1.0.
+                        "blurRadius": { # A magnitude in a single direction in the specified units. # The radius of the shadow blur. The larger the radius, the more diffuse the shadow becomes.
+                          "magnitude": 3.14, # The magnitude.
+                          "unit": "A String", # The units for magnitude.
+                        },
+                        "color": { # A themeable solid color value. # The shadow color value.
+                          "rgbColor": { # An RGB color. # An opaque RGB color.
+                            "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+                            "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+                            "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+                          },
+                          "themeColor": "A String", # An opaque theme color.
+                        },
+                        "propertyState": "A String", # The shadow property state. Updating the shadow on a page element will implicitly update this field to `RENDERED`, unless another value is specified in the same request. To have no shadow on a page element, set this field to `NOT_RENDERED`. In this case, any other shadow fields set in the same request will be ignored.
+                        "rotateWithShape": True or False, # Whether the shadow should rotate with the shape. This property is read-only.
+                        "transform": { # AffineTransform uses a 3x3 matrix with an implied last row of [ 0 0 1 ] to transform source coordinates (x,y) into destination coordinates (x', y') according to: x' x = shear_y scale_y translate_y 1 [ 1 ] After transformation, x' = scale_x * x + shear_x * y + translate_x; y' = scale_y * y + shear_y * x + translate_y; This message is therefore composed of these six matrix elements. # Transform that encodes the translate, scale, and skew of the shadow, relative to the alignment position.
+                          "scaleX": 3.14, # The X coordinate scaling element.
+                          "scaleY": 3.14, # The Y coordinate scaling element.
+                          "shearX": 3.14, # The X coordinate shearing element.
+                          "shearY": 3.14, # The Y coordinate shearing element.
+                          "translateX": 3.14, # The X coordinate translation element.
+                          "translateY": 3.14, # The Y coordinate translation element.
+                          "unit": "A String", # The units for translate elements.
+                        },
+                        "type": "A String", # The type of the shadow. This property is read-only.
+                      },
+                      "transparency": 3.14, # The transparency effect of the image. The value should be in the interval [0.0, 1.0], where 0 means no effect and 1 means completely transparent. This property is read-only.
+                    },
+                  },
+                  "spreadsheetId": "A String", # The ID of the Google Sheets spreadsheet that contains the source chart.
+                },
+                "size": { # A width and height. # The size of the page element.
+                  "height": { # A magnitude in a single direction in the specified units. # The height of the object.
+                    "magnitude": 3.14, # The magnitude.
+                    "unit": "A String", # The units for magnitude.
+                  },
+                  "width": { # A magnitude in a single direction in the specified units. # The width of the object.
+                    "magnitude": 3.14, # The magnitude.
+                    "unit": "A String", # The units for magnitude.
+                  },
+                },
+                "table": { # A PageElement kind representing a table. # A table page element.
+                  "columns": 42, # Number of columns in the table.
+                  "horizontalBorderRows": [ # Properties of horizontal cell borders. A table's horizontal cell borders are represented as a grid. The grid has one more row than the number of rows in the table and the same number of columns as the table. For example, if the table is 3 x 3, its horizontal borders will be represented as a grid with 4 rows and 3 columns.
+                    { # Contents of each border row in a table.
+                      "tableBorderCells": [ # Properties of each border cell. When a border's adjacent table cells are merged, it is not included in the response.
+                        { # The properties of each border cell.
+                          "location": { # A location of a single table cell within a table. # The location of the border within the border table.
+                            "columnIndex": 42, # The 0-based column index.
+                            "rowIndex": 42, # The 0-based row index.
+                          },
+                          "tableBorderProperties": { # The border styling properties of the TableBorderCell. # The border properties.
+                            "dashStyle": "A String", # The dash style of the border.
+                            "tableBorderFill": { # The fill of the border. # The fill of the table border.
+                              "solidFill": { # A solid color fill. The page or page element is filled entirely with the specified color value. If any field is unset, its value may be inherited from a parent placeholder if it exists. # Solid fill.
+                                "alpha": 3.14, # The fraction of this `color` that should be applied to the pixel. That is, the final pixel color is defined by the equation: pixel color = alpha * (color) + (1.0 - alpha) * (background color) This means that a value of 1.0 corresponds to a solid color, whereas a value of 0.0 corresponds to a completely transparent color.
+                                "color": { # A themeable solid color value. # The color value of the solid fill.
+                                  "rgbColor": { # An RGB color. # An opaque RGB color.
+                                    "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+                                    "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+                                    "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+                                  },
+                                  "themeColor": "A String", # An opaque theme color.
+                                },
+                              },
+                            },
+                            "weight": { # A magnitude in a single direction in the specified units. # The thickness of the border.
+                              "magnitude": 3.14, # The magnitude.
+                              "unit": "A String", # The units for magnitude.
+                            },
+                          },
+                        },
+                      ],
+                    },
+                  ],
+                  "rows": 42, # Number of rows in the table.
+                  "tableColumns": [ # Properties of each column.
+                    { # Properties of each column in a table.
+                      "columnWidth": { # A magnitude in a single direction in the specified units. # Width of a column.
+                        "magnitude": 3.14, # The magnitude.
+                        "unit": "A String", # The units for magnitude.
+                      },
+                    },
+                  ],
+                  "tableRows": [ # Properties and contents of each row. Cells that span multiple rows are contained in only one of these rows and have a row_span greater than 1.
+                    { # Properties and contents of each row in a table.
+                      "rowHeight": { # A magnitude in a single direction in the specified units. # Height of a row.
+                        "magnitude": 3.14, # The magnitude.
+                        "unit": "A String", # The units for magnitude.
+                      },
+                      "tableCells": [ # Properties and contents of each cell. Cells that span multiple columns are represented only once with a column_span greater than 1. As a result, the length of this collection does not always match the number of columns of the entire table.
+                        { # Properties and contents of each table cell.
+                          "columnSpan": 42, # Column span of the cell.
+                          "location": { # A location of a single table cell within a table. # The location of the cell within the table.
+                            "columnIndex": 42, # The 0-based column index.
+                            "rowIndex": 42, # The 0-based row index.
+                          },
+                          "rowSpan": 42, # Row span of the cell.
+                          "tableCellProperties": { # The properties of the TableCell. # The properties of the table cell.
+                            "contentAlignment": "A String", # The alignment of the content in the table cell. The default alignment matches the alignment for newly created table cells in the Slides editor.
+                            "tableCellBackgroundFill": { # The table cell background fill. # The background fill of the table cell. The default fill matches the fill for newly created table cells in the Slides editor.
+                              "propertyState": "A String", # The background fill property state. Updating the fill on a table cell will implicitly update this field to `RENDERED`, unless another value is specified in the same request. To have no fill on a table cell, set this field to `NOT_RENDERED`. In this case, any other fill fields set in the same request will be ignored.
+                              "solidFill": { # A solid color fill. The page or page element is filled entirely with the specified color value. If any field is unset, its value may be inherited from a parent placeholder if it exists. # Solid color fill.
+                                "alpha": 3.14, # The fraction of this `color` that should be applied to the pixel. That is, the final pixel color is defined by the equation: pixel color = alpha * (color) + (1.0 - alpha) * (background color) This means that a value of 1.0 corresponds to a solid color, whereas a value of 0.0 corresponds to a completely transparent color.
+                                "color": { # A themeable solid color value. # The color value of the solid fill.
+                                  "rgbColor": { # An RGB color. # An opaque RGB color.
+                                    "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+                                    "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+                                    "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+                                  },
+                                  "themeColor": "A String", # An opaque theme color.
+                                },
+                              },
+                            },
+                          },
+                          "text": { # The general text content. The text must reside in a compatible shape (e.g. text box or rectangle) or a table cell in a page. # The text content of the cell.
+                            "lists": { # The bulleted lists contained in this text, keyed by list ID.
+                              "a_key": { # A List describes the look and feel of bullets belonging to paragraphs associated with a list. A paragraph that is part of a list has an implicit reference to that list's ID.
+                                "listId": "A String", # The ID of the list.
+                                "nestingLevel": { # A map of nesting levels to the properties of bullets at the associated level. A list has at most nine levels of nesting, so the possible values for the keys of this map are 0 through 8, inclusive.
+                                  "a_key": { # Contains properties describing the look and feel of a list bullet at a given level of nesting.
+                                    "bulletStyle": { # Represents the styling that can be applied to a TextRun. If this text is contained in a shape with a parent placeholder, then these text styles may be inherited from the parent. Which text styles are inherited depend on the nesting level of lists: * A text run in a paragraph that is not in a list will inherit its text style from the the newline character in the paragraph at the 0 nesting level of the list inside the parent placeholder. * A text run in a paragraph that is in a list will inherit its text style from the newline character in the paragraph at its corresponding nesting level of the list inside the parent placeholder. Inherited text styles are represented as unset fields in this message. If text is contained in a shape without a parent placeholder, unsetting these fields will revert the style to a value matching the defaults in the Slides editor. # The style of a bullet at this level of nesting.
+                                      "backgroundColor": { # A color that can either be fully opaque or fully transparent. # The background color of the text. If set, the color is either opaque or transparent, depending on if the `opaque_color` field in it is set.
+                                        "opaqueColor": { # A themeable solid color value. # If set, this will be used as an opaque color. If unset, this represents a transparent color.
+                                          "rgbColor": { # An RGB color. # An opaque RGB color.
+                                            "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+                                            "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+                                            "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+                                          },
+                                          "themeColor": "A String", # An opaque theme color.
+                                        },
+                                      },
+                                      "baselineOffset": "A String", # The text's vertical offset from its normal position. Text with `SUPERSCRIPT` or `SUBSCRIPT` baseline offsets is automatically rendered in a smaller font size, computed based on the `font_size` field. The `font_size` itself is not affected by changes in this field.
+                                      "bold": True or False, # Whether or not the text is rendered as bold.
+                                      "fontFamily": "A String", # The font family of the text. The font family can be any font from the Font menu in Slides or from [Google Fonts] (https://fonts.google.com/). If the font name is unrecognized, the text is rendered in `Arial`. Some fonts can affect the weight of the text. If an update request specifies values for both `font_family` and `bold`, the explicitly-set `bold` value is used.
+                                      "fontSize": { # A magnitude in a single direction in the specified units. # The size of the text's font. When read, the `font_size` will specified in points.
+                                        "magnitude": 3.14, # The magnitude.
+                                        "unit": "A String", # The units for magnitude.
+                                      },
+                                      "foregroundColor": { # A color that can either be fully opaque or fully transparent. # The color of the text itself. If set, the color is either opaque or transparent, depending on if the `opaque_color` field in it is set.
+                                        "opaqueColor": { # A themeable solid color value. # If set, this will be used as an opaque color. If unset, this represents a transparent color.
+                                          "rgbColor": { # An RGB color. # An opaque RGB color.
+                                            "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+                                            "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+                                            "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+                                          },
+                                          "themeColor": "A String", # An opaque theme color.
+                                        },
+                                      },
+                                      "italic": True or False, # Whether or not the text is italicized.
+                                      "link": { # A hypertext link. # The hyperlink destination of the text. If unset, there is no link. Links are not inherited from parent text. Changing the link in an update request causes some other changes to the text style of the range: * When setting a link, the text foreground color will be set to ThemeColorType.HYPERLINK and the text will be underlined. If these fields are modified in the same request, those values will be used instead of the link defaults. * Setting a link on a text range that overlaps with an existing link will also update the existing link to point to the new URL. * Links are not settable on newline characters. As a result, setting a link on a text range that crosses a paragraph boundary, such as `"ABC\n123"`, will separate the newline character(s) into their own text runs. The link will be applied separately to the runs before and after the newline. * Removing a link will update the text style of the range to match the style of the preceding text (or the default text styles if the preceding text is another link) unless different styles are being set in the same request.
+                                        "pageObjectId": "A String", # If set, indicates this is a link to the specific page in this presentation with this ID. A page with this ID may not exist.
+                                        "relativeLink": "A String", # If set, indicates this is a link to a slide in this presentation, addressed by its position.
+                                        "slideIndex": 42, # If set, indicates this is a link to the slide at this zero-based index in the presentation. There may not be a slide at this index.
+                                        "url": "A String", # If set, indicates this is a link to the external web page at this URL.
+                                      },
+                                      "smallCaps": True or False, # Whether or not the text is in small capital letters.
+                                      "strikethrough": True or False, # Whether or not the text is struck through.
+                                      "underline": True or False, # Whether or not the text is underlined.
+                                      "weightedFontFamily": { # Represents a font family and weight used to style a TextRun. # The font family and rendered weight of the text. This field is an extension of `font_family` meant to support explicit font weights without breaking backwards compatibility. As such, when reading the style of a range of text, the value of `weighted_font_family#font_family` will always be equal to that of `font_family`. However, when writing, if both fields are included in the field mask (either explicitly or through the wildcard `"*"`), their values are reconciled as follows: * If `font_family` is set and `weighted_font_family` is not, the value of `font_family` is applied with weight `400` ("normal"). * If both fields are set, the value of `font_family` must match that of `weighted_font_family#font_family`. If so, the font family and weight of `weighted_font_family` is applied. Otherwise, a 400 bad request error is returned. * If `weighted_font_family` is set and `font_family` is not, the font family and weight of `weighted_font_family` is applied. * If neither field is set, the font family and weight of the text inherit from the parent. Note that these properties cannot inherit separately from each other. If an update request specifies values for both `weighted_font_family` and `bold`, the `weighted_font_family` is applied first, then `bold`. If `weighted_font_family#weight` is not set, it defaults to `400`. If `weighted_font_family` is set, then `weighted_font_family#font_family` must also be set with a non-empty value. Otherwise, a 400 bad request error is returned.
+                                        "fontFamily": "A String", # The font family of the text. The font family can be any font from the Font menu in Slides or from [Google Fonts] (https://fonts.google.com/). If the font name is unrecognized, the text is rendered in `Arial`.
+                                        "weight": 42, # The rendered weight of the text. This field can have any value that is a multiple of `100` between `100` and `900`, inclusive. This range corresponds to the numerical values described in the CSS 2.1 Specification, [section 15.6](https://www.w3.org/TR/CSS21/fonts.html#font-boldness), with non-numerical values disallowed. Weights greater than or equal to `700` are considered bold, and weights less than `700`are not bold. The default value is `400` ("normal").
+                                      },
+                                    },
+                                  },
+                                },
+                              },
+                            },
+                            "textElements": [ # The text contents broken down into its component parts, including styling information. This property is read-only.
+                              { # A TextElement describes the content of a range of indices in the text content of a Shape or TableCell.
+                                "autoText": { # A TextElement kind that represents auto text. # A TextElement representing a spot in the text that is dynamically replaced with content that can change over time.
+                                  "content": "A String", # The rendered content of this auto text, if available.
+                                  "style": { # Represents the styling that can be applied to a TextRun. If this text is contained in a shape with a parent placeholder, then these text styles may be inherited from the parent. Which text styles are inherited depend on the nesting level of lists: * A text run in a paragraph that is not in a list will inherit its text style from the the newline character in the paragraph at the 0 nesting level of the list inside the parent placeholder. * A text run in a paragraph that is in a list will inherit its text style from the newline character in the paragraph at its corresponding nesting level of the list inside the parent placeholder. Inherited text styles are represented as unset fields in this message. If text is contained in a shape without a parent placeholder, unsetting these fields will revert the style to a value matching the defaults in the Slides editor. # The styling applied to this auto text.
+                                    "backgroundColor": { # A color that can either be fully opaque or fully transparent. # The background color of the text. If set, the color is either opaque or transparent, depending on if the `opaque_color` field in it is set.
+                                      "opaqueColor": { # A themeable solid color value. # If set, this will be used as an opaque color. If unset, this represents a transparent color.
+                                        "rgbColor": { # An RGB color. # An opaque RGB color.
+                                          "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+                                          "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+                                          "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+                                        },
+                                        "themeColor": "A String", # An opaque theme color.
+                                      },
+                                    },
+                                    "baselineOffset": "A String", # The text's vertical offset from its normal position. Text with `SUPERSCRIPT` or `SUBSCRIPT` baseline offsets is automatically rendered in a smaller font size, computed based on the `font_size` field. The `font_size` itself is not affected by changes in this field.
+                                    "bold": True or False, # Whether or not the text is rendered as bold.
+                                    "fontFamily": "A String", # The font family of the text. The font family can be any font from the Font menu in Slides or from [Google Fonts] (https://fonts.google.com/). If the font name is unrecognized, the text is rendered in `Arial`. Some fonts can affect the weight of the text. If an update request specifies values for both `font_family` and `bold`, the explicitly-set `bold` value is used.
+                                    "fontSize": { # A magnitude in a single direction in the specified units. # The size of the text's font. When read, the `font_size` will specified in points.
+                                      "magnitude": 3.14, # The magnitude.
+                                      "unit": "A String", # The units for magnitude.
+                                    },
+                                    "foregroundColor": { # A color that can either be fully opaque or fully transparent. # The color of the text itself. If set, the color is either opaque or transparent, depending on if the `opaque_color` field in it is set.
+                                      "opaqueColor": { # A themeable solid color value. # If set, this will be used as an opaque color. If unset, this represents a transparent color.
+                                        "rgbColor": { # An RGB color. # An opaque RGB color.
+                                          "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+                                          "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+                                          "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+                                        },
+                                        "themeColor": "A String", # An opaque theme color.
+                                      },
+                                    },
+                                    "italic": True or False, # Whether or not the text is italicized.
+                                    "link": { # A hypertext link. # The hyperlink destination of the text. If unset, there is no link. Links are not inherited from parent text. Changing the link in an update request causes some other changes to the text style of the range: * When setting a link, the text foreground color will be set to ThemeColorType.HYPERLINK and the text will be underlined. If these fields are modified in the same request, those values will be used instead of the link defaults. * Setting a link on a text range that overlaps with an existing link will also update the existing link to point to the new URL. * Links are not settable on newline characters. As a result, setting a link on a text range that crosses a paragraph boundary, such as `"ABC\n123"`, will separate the newline character(s) into their own text runs. The link will be applied separately to the runs before and after the newline. * Removing a link will update the text style of the range to match the style of the preceding text (or the default text styles if the preceding text is another link) unless different styles are being set in the same request.
+                                      "pageObjectId": "A String", # If set, indicates this is a link to the specific page in this presentation with this ID. A page with this ID may not exist.
+                                      "relativeLink": "A String", # If set, indicates this is a link to a slide in this presentation, addressed by its position.
+                                      "slideIndex": 42, # If set, indicates this is a link to the slide at this zero-based index in the presentation. There may not be a slide at this index.
+                                      "url": "A String", # If set, indicates this is a link to the external web page at this URL.
+                                    },
+                                    "smallCaps": True or False, # Whether or not the text is in small capital letters.
+                                    "strikethrough": True or False, # Whether or not the text is struck through.
+                                    "underline": True or False, # Whether or not the text is underlined.
+                                    "weightedFontFamily": { # Represents a font family and weight used to style a TextRun. # The font family and rendered weight of the text. This field is an extension of `font_family` meant to support explicit font weights without breaking backwards compatibility. As such, when reading the style of a range of text, the value of `weighted_font_family#font_family` will always be equal to that of `font_family`. However, when writing, if both fields are included in the field mask (either explicitly or through the wildcard `"*"`), their values are reconciled as follows: * If `font_family` is set and `weighted_font_family` is not, the value of `font_family` is applied with weight `400` ("normal"). * If both fields are set, the value of `font_family` must match that of `weighted_font_family#font_family`. If so, the font family and weight of `weighted_font_family` is applied. Otherwise, a 400 bad request error is returned. * If `weighted_font_family` is set and `font_family` is not, the font family and weight of `weighted_font_family` is applied. * If neither field is set, the font family and weight of the text inherit from the parent. Note that these properties cannot inherit separately from each other. If an update request specifies values for both `weighted_font_family` and `bold`, the `weighted_font_family` is applied first, then `bold`. If `weighted_font_family#weight` is not set, it defaults to `400`. If `weighted_font_family` is set, then `weighted_font_family#font_family` must also be set with a non-empty value. Otherwise, a 400 bad request error is returned.
+                                      "fontFamily": "A String", # The font family of the text. The font family can be any font from the Font menu in Slides or from [Google Fonts] (https://fonts.google.com/). If the font name is unrecognized, the text is rendered in `Arial`.
+                                      "weight": 42, # The rendered weight of the text. This field can have any value that is a multiple of `100` between `100` and `900`, inclusive. This range corresponds to the numerical values described in the CSS 2.1 Specification, [section 15.6](https://www.w3.org/TR/CSS21/fonts.html#font-boldness), with non-numerical values disallowed. Weights greater than or equal to `700` are considered bold, and weights less than `700`are not bold. The default value is `400` ("normal").
+                                    },
+                                  },
+                                  "type": "A String", # The type of this auto text.
+                                },
+                                "endIndex": 42, # The zero-based end index of this text element, exclusive, in Unicode code units.
+                                "paragraphMarker": { # A TextElement kind that represents the beginning of a new paragraph. # A marker representing the beginning of a new paragraph. The `start_index` and `end_index` of this TextElement represent the range of the paragraph. Other TextElements with an index range contained inside this paragraph's range are considered to be part of this paragraph. The range of indices of two separate paragraphs will never overlap.
+                                  "bullet": { # Describes the bullet of a paragraph. # The bullet for this paragraph. If not present, the paragraph does not belong to a list.
+                                    "bulletStyle": { # Represents the styling that can be applied to a TextRun. If this text is contained in a shape with a parent placeholder, then these text styles may be inherited from the parent. Which text styles are inherited depend on the nesting level of lists: * A text run in a paragraph that is not in a list will inherit its text style from the the newline character in the paragraph at the 0 nesting level of the list inside the parent placeholder. * A text run in a paragraph that is in a list will inherit its text style from the newline character in the paragraph at its corresponding nesting level of the list inside the parent placeholder. Inherited text styles are represented as unset fields in this message. If text is contained in a shape without a parent placeholder, unsetting these fields will revert the style to a value matching the defaults in the Slides editor. # The paragraph specific text style applied to this bullet.
+                                      "backgroundColor": { # A color that can either be fully opaque or fully transparent. # The background color of the text. If set, the color is either opaque or transparent, depending on if the `opaque_color` field in it is set.
+                                        "opaqueColor": { # A themeable solid color value. # If set, this will be used as an opaque color. If unset, this represents a transparent color.
+                                          "rgbColor": { # An RGB color. # An opaque RGB color.
+                                            "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+                                            "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+                                            "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+                                          },
+                                          "themeColor": "A String", # An opaque theme color.
+                                        },
+                                      },
+                                      "baselineOffset": "A String", # The text's vertical offset from its normal position. Text with `SUPERSCRIPT` or `SUBSCRIPT` baseline offsets is automatically rendered in a smaller font size, computed based on the `font_size` field. The `font_size` itself is not affected by changes in this field.
+                                      "bold": True or False, # Whether or not the text is rendered as bold.
+                                      "fontFamily": "A String", # The font family of the text. The font family can be any font from the Font menu in Slides or from [Google Fonts] (https://fonts.google.com/). If the font name is unrecognized, the text is rendered in `Arial`. Some fonts can affect the weight of the text. If an update request specifies values for both `font_family` and `bold`, the explicitly-set `bold` value is used.
+                                      "fontSize": { # A magnitude in a single direction in the specified units. # The size of the text's font. When read, the `font_size` will specified in points.
+                                        "magnitude": 3.14, # The magnitude.
+                                        "unit": "A String", # The units for magnitude.
+                                      },
+                                      "foregroundColor": { # A color that can either be fully opaque or fully transparent. # The color of the text itself. If set, the color is either opaque or transparent, depending on if the `opaque_color` field in it is set.
+                                        "opaqueColor": { # A themeable solid color value. # If set, this will be used as an opaque color. If unset, this represents a transparent color.
+                                          "rgbColor": { # An RGB color. # An opaque RGB color.
+                                            "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+                                            "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+                                            "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+                                          },
+                                          "themeColor": "A String", # An opaque theme color.
+                                        },
+                                      },
+                                      "italic": True or False, # Whether or not the text is italicized.
+                                      "link": { # A hypertext link. # The hyperlink destination of the text. If unset, there is no link. Links are not inherited from parent text. Changing the link in an update request causes some other changes to the text style of the range: * When setting a link, the text foreground color will be set to ThemeColorType.HYPERLINK and the text will be underlined. If these fields are modified in the same request, those values will be used instead of the link defaults. * Setting a link on a text range that overlaps with an existing link will also update the existing link to point to the new URL. * Links are not settable on newline characters. As a result, setting a link on a text range that crosses a paragraph boundary, such as `"ABC\n123"`, will separate the newline character(s) into their own text runs. The link will be applied separately to the runs before and after the newline. * Removing a link will update the text style of the range to match the style of the preceding text (or the default text styles if the preceding text is another link) unless different styles are being set in the same request.
+                                        "pageObjectId": "A String", # If set, indicates this is a link to the specific page in this presentation with this ID. A page with this ID may not exist.
+                                        "relativeLink": "A String", # If set, indicates this is a link to a slide in this presentation, addressed by its position.
+                                        "slideIndex": 42, # If set, indicates this is a link to the slide at this zero-based index in the presentation. There may not be a slide at this index.
+                                        "url": "A String", # If set, indicates this is a link to the external web page at this URL.
+                                      },
+                                      "smallCaps": True or False, # Whether or not the text is in small capital letters.
+                                      "strikethrough": True or False, # Whether or not the text is struck through.
+                                      "underline": True or False, # Whether or not the text is underlined.
+                                      "weightedFontFamily": { # Represents a font family and weight used to style a TextRun. # The font family and rendered weight of the text. This field is an extension of `font_family` meant to support explicit font weights without breaking backwards compatibility. As such, when reading the style of a range of text, the value of `weighted_font_family#font_family` will always be equal to that of `font_family`. However, when writing, if both fields are included in the field mask (either explicitly or through the wildcard `"*"`), their values are reconciled as follows: * If `font_family` is set and `weighted_font_family` is not, the value of `font_family` is applied with weight `400` ("normal"). * If both fields are set, the value of `font_family` must match that of `weighted_font_family#font_family`. If so, the font family and weight of `weighted_font_family` is applied. Otherwise, a 400 bad request error is returned. * If `weighted_font_family` is set and `font_family` is not, the font family and weight of `weighted_font_family` is applied. * If neither field is set, the font family and weight of the text inherit from the parent. Note that these properties cannot inherit separately from each other. If an update request specifies values for both `weighted_font_family` and `bold`, the `weighted_font_family` is applied first, then `bold`. If `weighted_font_family#weight` is not set, it defaults to `400`. If `weighted_font_family` is set, then `weighted_font_family#font_family` must also be set with a non-empty value. Otherwise, a 400 bad request error is returned.
+                                        "fontFamily": "A String", # The font family of the text. The font family can be any font from the Font menu in Slides or from [Google Fonts] (https://fonts.google.com/). If the font name is unrecognized, the text is rendered in `Arial`.
+                                        "weight": 42, # The rendered weight of the text. This field can have any value that is a multiple of `100` between `100` and `900`, inclusive. This range corresponds to the numerical values described in the CSS 2.1 Specification, [section 15.6](https://www.w3.org/TR/CSS21/fonts.html#font-boldness), with non-numerical values disallowed. Weights greater than or equal to `700` are considered bold, and weights less than `700`are not bold. The default value is `400` ("normal").
+                                      },
+                                    },
+                                    "glyph": "A String", # The rendered bullet glyph for this paragraph.
+                                    "listId": "A String", # The ID of the list this paragraph belongs to.
+                                    "nestingLevel": 42, # The nesting level of this paragraph in the list.
+                                  },
+                                  "style": { # Styles that apply to a whole paragraph. If this text is contained in a shape with a parent placeholder, then these paragraph styles may be inherited from the parent. Which paragraph styles are inherited depend on the nesting level of lists: * A paragraph not in a list will inherit its paragraph style from the paragraph at the 0 nesting level of the list inside the parent placeholder. * A paragraph in a list will inherit its paragraph style from the paragraph at its corresponding nesting level of the list inside the parent placeholder. Inherited paragraph styles are represented as unset fields in this message. # The paragraph's style
+                                    "alignment": "A String", # The text alignment for this paragraph.
+                                    "direction": "A String", # The text direction of this paragraph. If unset, the value defaults to LEFT_TO_RIGHT since text direction is not inherited.
+                                    "indentEnd": { # A magnitude in a single direction in the specified units. # The amount indentation for the paragraph on the side that corresponds to the end of the text, based on the current text direction. If unset, the value is inherited from the parent.
+                                      "magnitude": 3.14, # The magnitude.
+                                      "unit": "A String", # The units for magnitude.
+                                    },
+                                    "indentFirstLine": { # A magnitude in a single direction in the specified units. # The amount of indentation for the start of the first line of the paragraph. If unset, the value is inherited from the parent.
+                                      "magnitude": 3.14, # The magnitude.
+                                      "unit": "A String", # The units for magnitude.
+                                    },
+                                    "indentStart": { # A magnitude in a single direction in the specified units. # The amount indentation for the paragraph on the side that corresponds to the start of the text, based on the current text direction. If unset, the value is inherited from the parent.
+                                      "magnitude": 3.14, # The magnitude.
+                                      "unit": "A String", # The units for magnitude.
+                                    },
+                                    "lineSpacing": 3.14, # The amount of space between lines, as a percentage of normal, where normal is represented as 100.0. If unset, the value is inherited from the parent.
+                                    "spaceAbove": { # A magnitude in a single direction in the specified units. # The amount of extra space above the paragraph. If unset, the value is inherited from the parent.
+                                      "magnitude": 3.14, # The magnitude.
+                                      "unit": "A String", # The units for magnitude.
+                                    },
+                                    "spaceBelow": { # A magnitude in a single direction in the specified units. # The amount of extra space below the paragraph. If unset, the value is inherited from the parent.
+                                      "magnitude": 3.14, # The magnitude.
+                                      "unit": "A String", # The units for magnitude.
+                                    },
+                                    "spacingMode": "A String", # The spacing mode for the paragraph.
+                                  },
+                                },
+                                "startIndex": 42, # The zero-based start index of this text element, in Unicode code units.
+                                "textRun": { # A TextElement kind that represents a run of text that all has the same styling. # A TextElement representing a run of text where all of the characters in the run have the same TextStyle. The `start_index` and `end_index` of TextRuns will always be fully contained in the index range of a single `paragraph_marker` TextElement. In other words, a TextRun will never span multiple paragraphs.
+                                  "content": "A String", # The text of this run.
+                                  "style": { # Represents the styling that can be applied to a TextRun. If this text is contained in a shape with a parent placeholder, then these text styles may be inherited from the parent. Which text styles are inherited depend on the nesting level of lists: * A text run in a paragraph that is not in a list will inherit its text style from the the newline character in the paragraph at the 0 nesting level of the list inside the parent placeholder. * A text run in a paragraph that is in a list will inherit its text style from the newline character in the paragraph at its corresponding nesting level of the list inside the parent placeholder. Inherited text styles are represented as unset fields in this message. If text is contained in a shape without a parent placeholder, unsetting these fields will revert the style to a value matching the defaults in the Slides editor. # The styling applied to this run.
+                                    "backgroundColor": { # A color that can either be fully opaque or fully transparent. # The background color of the text. If set, the color is either opaque or transparent, depending on if the `opaque_color` field in it is set.
+                                      "opaqueColor": { # A themeable solid color value. # If set, this will be used as an opaque color. If unset, this represents a transparent color.
+                                        "rgbColor": { # An RGB color. # An opaque RGB color.
+                                          "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+                                          "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+                                          "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+                                        },
+                                        "themeColor": "A String", # An opaque theme color.
+                                      },
+                                    },
+                                    "baselineOffset": "A String", # The text's vertical offset from its normal position. Text with `SUPERSCRIPT` or `SUBSCRIPT` baseline offsets is automatically rendered in a smaller font size, computed based on the `font_size` field. The `font_size` itself is not affected by changes in this field.
+                                    "bold": True or False, # Whether or not the text is rendered as bold.
+                                    "fontFamily": "A String", # The font family of the text. The font family can be any font from the Font menu in Slides or from [Google Fonts] (https://fonts.google.com/). If the font name is unrecognized, the text is rendered in `Arial`. Some fonts can affect the weight of the text. If an update request specifies values for both `font_family` and `bold`, the explicitly-set `bold` value is used.
+                                    "fontSize": { # A magnitude in a single direction in the specified units. # The size of the text's font. When read, the `font_size` will specified in points.
+                                      "magnitude": 3.14, # The magnitude.
+                                      "unit": "A String", # The units for magnitude.
+                                    },
+                                    "foregroundColor": { # A color that can either be fully opaque or fully transparent. # The color of the text itself. If set, the color is either opaque or transparent, depending on if the `opaque_color` field in it is set.
+                                      "opaqueColor": { # A themeable solid color value. # If set, this will be used as an opaque color. If unset, this represents a transparent color.
+                                        "rgbColor": { # An RGB color. # An opaque RGB color.
+                                          "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+                                          "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+                                          "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+                                        },
+                                        "themeColor": "A String", # An opaque theme color.
+                                      },
+                                    },
+                                    "italic": True or False, # Whether or not the text is italicized.
+                                    "link": { # A hypertext link. # The hyperlink destination of the text. If unset, there is no link. Links are not inherited from parent text. Changing the link in an update request causes some other changes to the text style of the range: * When setting a link, the text foreground color will be set to ThemeColorType.HYPERLINK and the text will be underlined. If these fields are modified in the same request, those values will be used instead of the link defaults. * Setting a link on a text range that overlaps with an existing link will also update the existing link to point to the new URL. * Links are not settable on newline characters. As a result, setting a link on a text range that crosses a paragraph boundary, such as `"ABC\n123"`, will separate the newline character(s) into their own text runs. The link will be applied separately to the runs before and after the newline. * Removing a link will update the text style of the range to match the style of the preceding text (or the default text styles if the preceding text is another link) unless different styles are being set in the same request.
+                                      "pageObjectId": "A String", # If set, indicates this is a link to the specific page in this presentation with this ID. A page with this ID may not exist.
+                                      "relativeLink": "A String", # If set, indicates this is a link to a slide in this presentation, addressed by its position.
+                                      "slideIndex": 42, # If set, indicates this is a link to the slide at this zero-based index in the presentation. There may not be a slide at this index.
+                                      "url": "A String", # If set, indicates this is a link to the external web page at this URL.
+                                    },
+                                    "smallCaps": True or False, # Whether or not the text is in small capital letters.
+                                    "strikethrough": True or False, # Whether or not the text is struck through.
+                                    "underline": True or False, # Whether or not the text is underlined.
+                                    "weightedFontFamily": { # Represents a font family and weight used to style a TextRun. # The font family and rendered weight of the text. This field is an extension of `font_family` meant to support explicit font weights without breaking backwards compatibility. As such, when reading the style of a range of text, the value of `weighted_font_family#font_family` will always be equal to that of `font_family`. However, when writing, if both fields are included in the field mask (either explicitly or through the wildcard `"*"`), their values are reconciled as follows: * If `font_family` is set and `weighted_font_family` is not, the value of `font_family` is applied with weight `400` ("normal"). * If both fields are set, the value of `font_family` must match that of `weighted_font_family#font_family`. If so, the font family and weight of `weighted_font_family` is applied. Otherwise, a 400 bad request error is returned. * If `weighted_font_family` is set and `font_family` is not, the font family and weight of `weighted_font_family` is applied. * If neither field is set, the font family and weight of the text inherit from the parent. Note that these properties cannot inherit separately from each other. If an update request specifies values for both `weighted_font_family` and `bold`, the `weighted_font_family` is applied first, then `bold`. If `weighted_font_family#weight` is not set, it defaults to `400`. If `weighted_font_family` is set, then `weighted_font_family#font_family` must also be set with a non-empty value. Otherwise, a 400 bad request error is returned.
+                                      "fontFamily": "A String", # The font family of the text. The font family can be any font from the Font menu in Slides or from [Google Fonts] (https://fonts.google.com/). If the font name is unrecognized, the text is rendered in `Arial`.
+                                      "weight": 42, # The rendered weight of the text. This field can have any value that is a multiple of `100` between `100` and `900`, inclusive. This range corresponds to the numerical values described in the CSS 2.1 Specification, [section 15.6](https://www.w3.org/TR/CSS21/fonts.html#font-boldness), with non-numerical values disallowed. Weights greater than or equal to `700` are considered bold, and weights less than `700`are not bold. The default value is `400` ("normal").
+                                    },
+                                  },
+                                },
+                              },
+                            ],
+                          },
+                        },
+                      ],
+                      "tableRowProperties": { # Properties of each row in a table. # Properties of the row.
+                        "minRowHeight": { # A magnitude in a single direction in the specified units. # Minimum height of the row. The row will be rendered in the Slides editor at a height equal to or greater than this value in order to show all the text in the row's cell(s).
+                          "magnitude": 3.14, # The magnitude.
+                          "unit": "A String", # The units for magnitude.
+                        },
+                      },
+                    },
+                  ],
+                  "verticalBorderRows": [ # Properties of vertical cell borders. A table's vertical cell borders are represented as a grid. The grid has the same number of rows as the table and one more column than the number of columns in the table. For example, if the table is 3 x 3, its vertical borders will be represented as a grid with 3 rows and 4 columns.
+                    { # Contents of each border row in a table.
+                      "tableBorderCells": [ # Properties of each border cell. When a border's adjacent table cells are merged, it is not included in the response.
+                        { # The properties of each border cell.
+                          "location": { # A location of a single table cell within a table. # The location of the border within the border table.
+                            "columnIndex": 42, # The 0-based column index.
+                            "rowIndex": 42, # The 0-based row index.
+                          },
+                          "tableBorderProperties": { # The border styling properties of the TableBorderCell. # The border properties.
+                            "dashStyle": "A String", # The dash style of the border.
+                            "tableBorderFill": { # The fill of the border. # The fill of the table border.
+                              "solidFill": { # A solid color fill. The page or page element is filled entirely with the specified color value. If any field is unset, its value may be inherited from a parent placeholder if it exists. # Solid fill.
+                                "alpha": 3.14, # The fraction of this `color` that should be applied to the pixel. That is, the final pixel color is defined by the equation: pixel color = alpha * (color) + (1.0 - alpha) * (background color) This means that a value of 1.0 corresponds to a solid color, whereas a value of 0.0 corresponds to a completely transparent color.
+                                "color": { # A themeable solid color value. # The color value of the solid fill.
+                                  "rgbColor": { # An RGB color. # An opaque RGB color.
+                                    "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+                                    "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+                                    "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+                                  },
+                                  "themeColor": "A String", # An opaque theme color.
+                                },
+                              },
+                            },
+                            "weight": { # A magnitude in a single direction in the specified units. # The thickness of the border.
+                              "magnitude": 3.14, # The magnitude.
+                              "unit": "A String", # The units for magnitude.
+                            },
+                          },
+                        },
+                      ],
+                    },
+                  ],
+                },
+                "title": "A String", # The title of the page element. Combined with description to display alt text. The field is not supported for Group elements.
+                "transform": { # AffineTransform uses a 3x3 matrix with an implied last row of [ 0 0 1 ] to transform source coordinates (x,y) into destination coordinates (x', y') according to: x' x = shear_y scale_y translate_y 1 [ 1 ] After transformation, x' = scale_x * x + shear_x * y + translate_x; y' = scale_y * y + shear_y * x + translate_y; This message is therefore composed of these six matrix elements. # The transform of the page element. The visual appearance of the page element is determined by its absolute transform. To compute the absolute transform, preconcatenate a page element's transform with the transforms of all of its parent groups. If the page element is not in a group, its absolute transform is the same as the value in this field. The initial transform for the newly created Group is always the identity transform.
+                  "scaleX": 3.14, # The X coordinate scaling element.
+                  "scaleY": 3.14, # The Y coordinate scaling element.
+                  "shearX": 3.14, # The X coordinate shearing element.
+                  "shearY": 3.14, # The Y coordinate shearing element.
+                  "translateX": 3.14, # The X coordinate translation element.
+                  "translateY": 3.14, # The Y coordinate translation element.
+                  "unit": "A String", # The units for translate elements.
+                },
+                "video": { # A PageElement kind representing a video. # A video page element.
+                  "id": "A String", # The video source's unique identifier for this video.
+                  "source": "A String", # The video source.
+                  "url": "A String", # An URL to a video. The URL is valid as long as the source video exists and sharing settings do not change.
+                  "videoProperties": { # The properties of the Video. # The properties of the video.
+                    "autoPlay": True or False, # Whether to enable video autoplay when the page is displayed in present mode. Defaults to false.
+                    "end": 42, # The time at which to end playback, measured in seconds from the beginning of the video. If set, the end time should be after the start time. If not set or if you set this to a value that exceeds the video's length, the video will be played until its end.
+                    "mute": True or False, # Whether to mute the audio during video playback. Defaults to false.
+                    "outline": { # The outline of a PageElement. If these fields are unset, they may be inherited from a parent placeholder if it exists. If there is no parent, the fields will default to the value used for new page elements created in the Slides editor, which may depend on the page element kind. # The outline of the video. The default outline matches the defaults for new videos created in the Slides editor.
+                      "dashStyle": "A String", # The dash style of the outline.
+                      "outlineFill": { # The fill of the outline. # The fill of the outline.
+                        "solidFill": { # A solid color fill. The page or page element is filled entirely with the specified color value. If any field is unset, its value may be inherited from a parent placeholder if it exists. # Solid color fill.
+                          "alpha": 3.14, # The fraction of this `color` that should be applied to the pixel. That is, the final pixel color is defined by the equation: pixel color = alpha * (color) + (1.0 - alpha) * (background color) This means that a value of 1.0 corresponds to a solid color, whereas a value of 0.0 corresponds to a completely transparent color.
+                          "color": { # A themeable solid color value. # The color value of the solid fill.
+                            "rgbColor": { # An RGB color. # An opaque RGB color.
+                              "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+                              "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+                              "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+                            },
+                            "themeColor": "A String", # An opaque theme color.
+                          },
+                        },
+                      },
+                      "propertyState": "A String", # The outline property state. Updating the outline on a page element will implicitly update this field to `RENDERED`, unless another value is specified in the same request. To have no outline on a page element, set this field to `NOT_RENDERED`. In this case, any other outline fields set in the same request will be ignored.
+                      "weight": { # A magnitude in a single direction in the specified units. # The thickness of the outline.
+                        "magnitude": 3.14, # The magnitude.
+                        "unit": "A String", # The units for magnitude.
+                      },
+                    },
+                    "start": 42, # The time at which to start playback, measured in seconds from the beginning of the video. If set, the start time should be before the end time. If you set this to a value that exceeds the video's length in seconds, the video will be played from the last second. If not set, the video will be played from the beginning.
+                  },
+                },
+                "wordArt": { # A PageElement kind representing word art. # A word art page element.
+                  "renderedText": "A String", # The text rendered as word art.
+                },
+              },
+            ],
+            "pageProperties": { # The properties of the Page. The page will inherit properties from the parent page. Depending on the page type the hierarchy is defined in either SlideProperties or LayoutProperties. # The properties of the page.
+              "colorScheme": { # The palette of predefined colors for a page. # The color scheme of the page. If unset, the color scheme is inherited from a parent page. If the page has no parent, the color scheme uses a default Slides color scheme, matching the defaults in the Slides editor. Only the concrete colors of the first 12 ThemeColorTypes are editable. In addition, only the color scheme on `Master` pages can be updated. To update the field, a color scheme containing mappings from all the first 12 ThemeColorTypes to their concrete colors must be provided. Colors for the remaining ThemeColorTypes will be ignored.
+                "colors": [ # The ThemeColorType and corresponding concrete color pairs.
+                  { # A pair mapping a theme color type to the concrete color it represents.
+                    "color": { # An RGB color. # The concrete color corresponding to the theme color type above.
+                      "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+                      "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+                      "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+                    },
+                    "type": "A String", # The type of the theme color.
+                  },
+                ],
+              },
+              "pageBackgroundFill": { # The page background fill. # The background fill of the page. If unset, the background fill is inherited from a parent page if it exists. If the page has no parent, then the background fill defaults to the corresponding fill in the Slides editor.
+                "propertyState": "A String", # The background fill property state. Updating the fill on a page will implicitly update this field to `RENDERED`, unless another value is specified in the same request. To have no fill on a page, set this field to `NOT_RENDERED`. In this case, any other fill fields set in the same request will be ignored.
+                "solidFill": { # A solid color fill. The page or page element is filled entirely with the specified color value. If any field is unset, its value may be inherited from a parent placeholder if it exists. # Solid color fill.
+                  "alpha": 3.14, # The fraction of this `color` that should be applied to the pixel. That is, the final pixel color is defined by the equation: pixel color = alpha * (color) + (1.0 - alpha) * (background color) This means that a value of 1.0 corresponds to a solid color, whereas a value of 0.0 corresponds to a completely transparent color.
+                  "color": { # A themeable solid color value. # The color value of the solid fill.
+                    "rgbColor": { # An RGB color. # An opaque RGB color.
+                      "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+                      "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+                      "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+                    },
+                    "themeColor": "A String", # An opaque theme color.
+                  },
+                },
+                "stretchedPictureFill": { # The stretched picture fill. The page or page element is filled entirely with the specified picture. The picture is stretched to fit its container. # Stretched picture fill.
+                  "contentUrl": "A String", # Reading the content_url: An URL to a picture with a default lifetime of 30 minutes. This URL is tagged with the account of the requester. Anyone with the URL effectively accesses the picture as the original requester. Access to the picture may be lost if the presentation's sharing settings change. Writing the content_url: The picture is fetched once at insertion time and a copy is stored for display inside the presentation. Pictures must be less than 50MB in size, cannot exceed 25 megapixels, and must be in one of PNG, JPEG, or GIF format. The provided URL can be at most 2 kB in length.
+                  "size": { # A width and height. # The original size of the picture fill. This field is read-only.
+                    "height": { # A magnitude in a single direction in the specified units. # The height of the object.
+                      "magnitude": 3.14, # The magnitude.
+                      "unit": "A String", # The units for magnitude.
+                    },
+                    "width": { # A magnitude in a single direction in the specified units. # The width of the object.
+                      "magnitude": 3.14, # The magnitude.
+                      "unit": "A String", # The units for magnitude.
+                    },
+                  },
+                },
+              },
+            },
+            "pageType": "A String", # The type of the page.
+            "revisionId": "A String", # The revision ID of the presentation containing this page. Can be used in update requests to assert that the presentation revision hasn't changed since the last read operation. Only populated if the user has edit access to the presentation. The format of the revision ID may change over time, so it should be treated opaquely. A returned revision ID is only guaranteed to be valid for 24 hours after it has been returned and cannot be shared across users. If the revision ID is unchanged between calls, then the presentation has not changed. Conversely, a changed ID (for the same presentation and user) usually means the presentation has been updated; however, a changed ID can also be due to internal factors such as ID format changes.
+            "slideProperties": # Object with schema name: SlideProperties # Slide specific properties. Only set if page_type = SLIDE.
+          },
         },
       },
       "updateSlidesPosition": { # Updates the position of slides in the presentation. # Updates the position of a set of slides in the presentation.
@@ -2045,12 +3052,7 @@ 
Method Details

       },
       "pageType": "A String", # The type of the page.
       "revisionId": "A String", # The revision ID of the presentation containing this page. Can be used in update requests to assert that the presentation revision hasn't changed since the last read operation. Only populated if the user has edit access to the presentation. The format of the revision ID may change over time, so it should be treated opaquely. A returned revision ID is only guaranteed to be valid for 24 hours after it has been returned and cannot be shared across users. If the revision ID is unchanged between calls, then the presentation has not changed. Conversely, a changed ID (for the same presentation and user) usually means the presentation has been updated; however, a changed ID can also be due to internal factors such as ID format changes.
-      "slideProperties": { # The properties of Page that are only relevant for pages with page_type SLIDE. # Slide specific properties. Only set if page_type = SLIDE.
-        "isSkipped": True or False, # Whether the slide is skipped in the presentation mode. Defaults to false.
-        "layoutObjectId": "A String", # The object ID of the layout that this slide is based on. This property is read-only.
-        "masterObjectId": "A String", # The object ID of the master that this slide is based on. This property is read-only.
-        "notesPage": # Object with schema name: Page # The notes page that this slide is associated with. It defines the visual appearance of a notes page when printing or exporting slides with speaker notes. A notes page inherits properties from the notes master. The placeholder shape with type BODY on the notes page contains the speaker notes for this slide. The ID of this shape is identified by the speakerNotesObjectId field. The notes page is read-only except for the text content and styles of the speaker notes shape. This property is read-only.
-      },
+      "slideProperties": # Object with schema name: SlideProperties # Slide specific properties. Only set if page_type = SLIDE.
     },
   ],
   "locale": "A String", # The locale of the presentation, as an IETF BCP 47 language tag.
@@ -3061,12 +4063,7 @@ 
Method Details

       },
       "pageType": "A String", # The type of the page.
       "revisionId": "A String", # The revision ID of the presentation containing this page. Can be used in update requests to assert that the presentation revision hasn't changed since the last read operation. Only populated if the user has edit access to the presentation. The format of the revision ID may change over time, so it should be treated opaquely. A returned revision ID is only guaranteed to be valid for 24 hours after it has been returned and cannot be shared across users. If the revision ID is unchanged between calls, then the presentation has not changed. Conversely, a changed ID (for the same presentation and user) usually means the presentation has been updated; however, a changed ID can also be due to internal factors such as ID format changes.
-      "slideProperties": { # The properties of Page that are only relevant for pages with page_type SLIDE. # Slide specific properties. Only set if page_type = SLIDE.
-        "isSkipped": True or False, # Whether the slide is skipped in the presentation mode. Defaults to false.
-        "layoutObjectId": "A String", # The object ID of the layout that this slide is based on. This property is read-only.
-        "masterObjectId": "A String", # The object ID of the master that this slide is based on. This property is read-only.
-        "notesPage": # Object with schema name: Page # The notes page that this slide is associated with. It defines the visual appearance of a notes page when printing or exporting slides with speaker notes. A notes page inherits properties from the notes master. The placeholder shape with type BODY on the notes page contains the speaker notes for this slide. The ID of this shape is identified by the speakerNotesObjectId field. The notes page is read-only except for the text content and styles of the speaker notes shape. This property is read-only.
-      },
+      "slideProperties": # Object with schema name: SlideProperties # Slide specific properties. Only set if page_type = SLIDE.
     },
   ],
   "notesMaster": { # A page in a presentation. # The notes master in the presentation. It serves three purposes: - Placeholder shapes on a notes master contain the default text styles and shape properties of all placeholder shapes on notes pages. Specifically, a `SLIDE_IMAGE` placeholder shape contains the slide thumbnail, and a `BODY` placeholder shape contains the speaker notes. - The notes master page properties define the common page properties inherited by all notes pages. - Any other shapes on the notes master appear on all notes pages. The notes master is read-only.
@@ -4075,12 +5072,7 @@ 
Method Details

     },
     "pageType": "A String", # The type of the page.
     "revisionId": "A String", # The revision ID of the presentation containing this page. Can be used in update requests to assert that the presentation revision hasn't changed since the last read operation. Only populated if the user has edit access to the presentation. The format of the revision ID may change over time, so it should be treated opaquely. A returned revision ID is only guaranteed to be valid for 24 hours after it has been returned and cannot be shared across users. If the revision ID is unchanged between calls, then the presentation has not changed. Conversely, a changed ID (for the same presentation and user) usually means the presentation has been updated; however, a changed ID can also be due to internal factors such as ID format changes.
-    "slideProperties": { # The properties of Page that are only relevant for pages with page_type SLIDE. # Slide specific properties. Only set if page_type = SLIDE.
-      "isSkipped": True or False, # Whether the slide is skipped in the presentation mode. Defaults to false.
-      "layoutObjectId": "A String", # The object ID of the layout that this slide is based on. This property is read-only.
-      "masterObjectId": "A String", # The object ID of the master that this slide is based on. This property is read-only.
-      "notesPage": # Object with schema name: Page # The notes page that this slide is associated with. It defines the visual appearance of a notes page when printing or exporting slides with speaker notes. A notes page inherits properties from the notes master. The placeholder shape with type BODY on the notes page contains the speaker notes for this slide. The ID of this shape is identified by the speakerNotesObjectId field. The notes page is read-only except for the text content and styles of the speaker notes shape. This property is read-only.
-    },
+    "slideProperties": # Object with schema name: SlideProperties # Slide specific properties. Only set if page_type = SLIDE.
   },
   "pageSize": { # A width and height. # The size of pages in the presentation.
     "height": { # A magnitude in a single direction in the specified units. # The height of the object.
@@ -5101,12 +6093,7 @@ 
Method Details

       },
       "pageType": "A String", # The type of the page.
       "revisionId": "A String", # The revision ID of the presentation containing this page. Can be used in update requests to assert that the presentation revision hasn't changed since the last read operation. Only populated if the user has edit access to the presentation. The format of the revision ID may change over time, so it should be treated opaquely. A returned revision ID is only guaranteed to be valid for 24 hours after it has been returned and cannot be shared across users. If the revision ID is unchanged between calls, then the presentation has not changed. Conversely, a changed ID (for the same presentation and user) usually means the presentation has been updated; however, a changed ID can also be due to internal factors such as ID format changes.
-      "slideProperties": { # The properties of Page that are only relevant for pages with page_type SLIDE. # Slide specific properties. Only set if page_type = SLIDE.
-        "isSkipped": True or False, # Whether the slide is skipped in the presentation mode. Defaults to false.
-        "layoutObjectId": "A String", # The object ID of the layout that this slide is based on. This property is read-only.
-        "masterObjectId": "A String", # The object ID of the master that this slide is based on. This property is read-only.
-        "notesPage": # Object with schema name: Page # The notes page that this slide is associated with. It defines the visual appearance of a notes page when printing or exporting slides with speaker notes. A notes page inherits properties from the notes master. The placeholder shape with type BODY on the notes page contains the speaker notes for this slide. The ID of this shape is identified by the speakerNotesObjectId field. The notes page is read-only except for the text content and styles of the speaker notes shape. This property is read-only.
-      },
+      "slideProperties": # Object with schema name: SlideProperties # Slide specific properties. Only set if page_type = SLIDE.
     },
   ],
   "title": "A String", # The title of the presentation.
@@ -6128,12 +7115,7 @@ 
Method Details

       },
       "pageType": "A String", # The type of the page.
       "revisionId": "A String", # The revision ID of the presentation containing this page. Can be used in update requests to assert that the presentation revision hasn't changed since the last read operation. Only populated if the user has edit access to the presentation. The format of the revision ID may change over time, so it should be treated opaquely. A returned revision ID is only guaranteed to be valid for 24 hours after it has been returned and cannot be shared across users. If the revision ID is unchanged between calls, then the presentation has not changed. Conversely, a changed ID (for the same presentation and user) usually means the presentation has been updated; however, a changed ID can also be due to internal factors such as ID format changes.
-      "slideProperties": { # The properties of Page that are only relevant for pages with page_type SLIDE. # Slide specific properties. Only set if page_type = SLIDE.
-        "isSkipped": True or False, # Whether the slide is skipped in the presentation mode. Defaults to false.
-        "layoutObjectId": "A String", # The object ID of the layout that this slide is based on. This property is read-only.
-        "masterObjectId": "A String", # The object ID of the master that this slide is based on. This property is read-only.
-        "notesPage": # Object with schema name: Page # The notes page that this slide is associated with. It defines the visual appearance of a notes page when printing or exporting slides with speaker notes. A notes page inherits properties from the notes master. The placeholder shape with type BODY on the notes page contains the speaker notes for this slide. The ID of this shape is identified by the speakerNotesObjectId field. The notes page is read-only except for the text content and styles of the speaker notes shape. This property is read-only.
-      },
+      "slideProperties": # Object with schema name: SlideProperties # Slide specific properties. Only set if page_type = SLIDE.
     },
   ],
   "locale": "A String", # The locale of the presentation, as an IETF BCP 47 language tag.
@@ -7144,12 +8126,7 @@ 
Method Details

       },
       "pageType": "A String", # The type of the page.
       "revisionId": "A String", # The revision ID of the presentation containing this page. Can be used in update requests to assert that the presentation revision hasn't changed since the last read operation. Only populated if the user has edit access to the presentation. The format of the revision ID may change over time, so it should be treated opaquely. A returned revision ID is only guaranteed to be valid for 24 hours after it has been returned and cannot be shared across users. If the revision ID is unchanged between calls, then the presentation has not changed. Conversely, a changed ID (for the same presentation and user) usually means the presentation has been updated; however, a changed ID can also be due to internal factors such as ID format changes.
-      "slideProperties": { # The properties of Page that are only relevant for pages with page_type SLIDE. # Slide specific properties. Only set if page_type = SLIDE.
-        "isSkipped": True or False, # Whether the slide is skipped in the presentation mode. Defaults to false.
-        "layoutObjectId": "A String", # The object ID of the layout that this slide is based on. This property is read-only.
-        "masterObjectId": "A String", # The object ID of the master that this slide is based on. This property is read-only.
-        "notesPage": # Object with schema name: Page # The notes page that this slide is associated with. It defines the visual appearance of a notes page when printing or exporting slides with speaker notes. A notes page inherits properties from the notes master. The placeholder shape with type BODY on the notes page contains the speaker notes for this slide. The ID of this shape is identified by the speakerNotesObjectId field. The notes page is read-only except for the text content and styles of the speaker notes shape. This property is read-only.
-      },
+      "slideProperties": # Object with schema name: SlideProperties # Slide specific properties. Only set if page_type = SLIDE.
     },
   ],
   "notesMaster": { # A page in a presentation. # The notes master in the presentation. It serves three purposes: - Placeholder shapes on a notes master contain the default text styles and shape properties of all placeholder shapes on notes pages. Specifically, a `SLIDE_IMAGE` placeholder shape contains the slide thumbnail, and a `BODY` placeholder shape contains the speaker notes. - The notes master page properties define the common page properties inherited by all notes pages. - Any other shapes on the notes master appear on all notes pages. The notes master is read-only.
@@ -8158,12 +9135,7 @@ 
Method Details

     },
     "pageType": "A String", # The type of the page.
     "revisionId": "A String", # The revision ID of the presentation containing this page. Can be used in update requests to assert that the presentation revision hasn't changed since the last read operation. Only populated if the user has edit access to the presentation. The format of the revision ID may change over time, so it should be treated opaquely. A returned revision ID is only guaranteed to be valid for 24 hours after it has been returned and cannot be shared across users. If the revision ID is unchanged between calls, then the presentation has not changed. Conversely, a changed ID (for the same presentation and user) usually means the presentation has been updated; however, a changed ID can also be due to internal factors such as ID format changes.
-    "slideProperties": { # The properties of Page that are only relevant for pages with page_type SLIDE. # Slide specific properties. Only set if page_type = SLIDE.
-      "isSkipped": True or False, # Whether the slide is skipped in the presentation mode. Defaults to false.
-      "layoutObjectId": "A String", # The object ID of the layout that this slide is based on. This property is read-only.
-      "masterObjectId": "A String", # The object ID of the master that this slide is based on. This property is read-only.
-      "notesPage": # Object with schema name: Page # The notes page that this slide is associated with. It defines the visual appearance of a notes page when printing or exporting slides with speaker notes. A notes page inherits properties from the notes master. The placeholder shape with type BODY on the notes page contains the speaker notes for this slide. The ID of this shape is identified by the speakerNotesObjectId field. The notes page is read-only except for the text content and styles of the speaker notes shape. This property is read-only.
-    },
+    "slideProperties": # Object with schema name: SlideProperties # Slide specific properties. Only set if page_type = SLIDE.
   },
   "pageSize": { # A width and height. # The size of pages in the presentation.
     "height": { # A magnitude in a single direction in the specified units. # The height of the object.
@@ -9184,12 +10156,7 @@ 
Method Details

       },
       "pageType": "A String", # The type of the page.
       "revisionId": "A String", # The revision ID of the presentation containing this page. Can be used in update requests to assert that the presentation revision hasn't changed since the last read operation. Only populated if the user has edit access to the presentation. The format of the revision ID may change over time, so it should be treated opaquely. A returned revision ID is only guaranteed to be valid for 24 hours after it has been returned and cannot be shared across users. If the revision ID is unchanged between calls, then the presentation has not changed. Conversely, a changed ID (for the same presentation and user) usually means the presentation has been updated; however, a changed ID can also be due to internal factors such as ID format changes.
-      "slideProperties": { # The properties of Page that are only relevant for pages with page_type SLIDE. # Slide specific properties. Only set if page_type = SLIDE.
-        "isSkipped": True or False, # Whether the slide is skipped in the presentation mode. Defaults to false.
-        "layoutObjectId": "A String", # The object ID of the layout that this slide is based on. This property is read-only.
-        "masterObjectId": "A String", # The object ID of the master that this slide is based on. This property is read-only.
-        "notesPage": # Object with schema name: Page # The notes page that this slide is associated with. It defines the visual appearance of a notes page when printing or exporting slides with speaker notes. A notes page inherits properties from the notes master. The placeholder shape with type BODY on the notes page contains the speaker notes for this slide. The ID of this shape is identified by the speakerNotesObjectId field. The notes page is read-only except for the text content and styles of the speaker notes shape. This property is read-only.
-      },
+      "slideProperties": # Object with schema name: SlideProperties # Slide specific properties. Only set if page_type = SLIDE.
     },
   ],
   "title": "A String", # The title of the presentation.
@@ -10218,12 +11185,7 @@ 
Method Details

       },
       "pageType": "A String", # The type of the page.
       "revisionId": "A String", # The revision ID of the presentation containing this page. Can be used in update requests to assert that the presentation revision hasn't changed since the last read operation. Only populated if the user has edit access to the presentation. The format of the revision ID may change over time, so it should be treated opaquely. A returned revision ID is only guaranteed to be valid for 24 hours after it has been returned and cannot be shared across users. If the revision ID is unchanged between calls, then the presentation has not changed. Conversely, a changed ID (for the same presentation and user) usually means the presentation has been updated; however, a changed ID can also be due to internal factors such as ID format changes.
-      "slideProperties": { # The properties of Page that are only relevant for pages with page_type SLIDE. # Slide specific properties. Only set if page_type = SLIDE.
-        "isSkipped": True or False, # Whether the slide is skipped in the presentation mode. Defaults to false.
-        "layoutObjectId": "A String", # The object ID of the layout that this slide is based on. This property is read-only.
-        "masterObjectId": "A String", # The object ID of the master that this slide is based on. This property is read-only.
-        "notesPage": # Object with schema name: Page # The notes page that this slide is associated with. It defines the visual appearance of a notes page when printing or exporting slides with speaker notes. A notes page inherits properties from the notes master. The placeholder shape with type BODY on the notes page contains the speaker notes for this slide. The ID of this shape is identified by the speakerNotesObjectId field. The notes page is read-only except for the text content and styles of the speaker notes shape. This property is read-only.
-      },
+      "slideProperties": # Object with schema name: SlideProperties # Slide specific properties. Only set if page_type = SLIDE.
     },
   ],
   "locale": "A String", # The locale of the presentation, as an IETF BCP 47 language tag.
@@ -11234,12 +12196,7 @@ 
Method Details

       },
       "pageType": "A String", # The type of the page.
       "revisionId": "A String", # The revision ID of the presentation containing this page. Can be used in update requests to assert that the presentation revision hasn't changed since the last read operation. Only populated if the user has edit access to the presentation. The format of the revision ID may change over time, so it should be treated opaquely. A returned revision ID is only guaranteed to be valid for 24 hours after it has been returned and cannot be shared across users. If the revision ID is unchanged between calls, then the presentation has not changed. Conversely, a changed ID (for the same presentation and user) usually means the presentation has been updated; however, a changed ID can also be due to internal factors such as ID format changes.
-      "slideProperties": { # The properties of Page that are only relevant for pages with page_type SLIDE. # Slide specific properties. Only set if page_type = SLIDE.
-        "isSkipped": True or False, # Whether the slide is skipped in the presentation mode. Defaults to false.
-        "layoutObjectId": "A String", # The object ID of the layout that this slide is based on. This property is read-only.
-        "masterObjectId": "A String", # The object ID of the master that this slide is based on. This property is read-only.
-        "notesPage": # Object with schema name: Page # The notes page that this slide is associated with. It defines the visual appearance of a notes page when printing or exporting slides with speaker notes. A notes page inherits properties from the notes master. The placeholder shape with type BODY on the notes page contains the speaker notes for this slide. The ID of this shape is identified by the speakerNotesObjectId field. The notes page is read-only except for the text content and styles of the speaker notes shape. This property is read-only.
-      },
+      "slideProperties": # Object with schema name: SlideProperties # Slide specific properties. Only set if page_type = SLIDE.
     },
   ],
   "notesMaster": { # A page in a presentation. # The notes master in the presentation. It serves three purposes: - Placeholder shapes on a notes master contain the default text styles and shape properties of all placeholder shapes on notes pages. Specifically, a `SLIDE_IMAGE` placeholder shape contains the slide thumbnail, and a `BODY` placeholder shape contains the speaker notes. - The notes master page properties define the common page properties inherited by all notes pages. - Any other shapes on the notes master appear on all notes pages. The notes master is read-only.
@@ -12248,12 +13205,7 @@ 
Method Details

     },
     "pageType": "A String", # The type of the page.
     "revisionId": "A String", # The revision ID of the presentation containing this page. Can be used in update requests to assert that the presentation revision hasn't changed since the last read operation. Only populated if the user has edit access to the presentation. The format of the revision ID may change over time, so it should be treated opaquely. A returned revision ID is only guaranteed to be valid for 24 hours after it has been returned and cannot be shared across users. If the revision ID is unchanged between calls, then the presentation has not changed. Conversely, a changed ID (for the same presentation and user) usually means the presentation has been updated; however, a changed ID can also be due to internal factors such as ID format changes.
-    "slideProperties": { # The properties of Page that are only relevant for pages with page_type SLIDE. # Slide specific properties. Only set if page_type = SLIDE.
-      "isSkipped": True or False, # Whether the slide is skipped in the presentation mode. Defaults to false.
-      "layoutObjectId": "A String", # The object ID of the layout that this slide is based on. This property is read-only.
-      "masterObjectId": "A String", # The object ID of the master that this slide is based on. This property is read-only.
-      "notesPage": # Object with schema name: Page # The notes page that this slide is associated with. It defines the visual appearance of a notes page when printing or exporting slides with speaker notes. A notes page inherits properties from the notes master. The placeholder shape with type BODY on the notes page contains the speaker notes for this slide. The ID of this shape is identified by the speakerNotesObjectId field. The notes page is read-only except for the text content and styles of the speaker notes shape. This property is read-only.
-    },
+    "slideProperties": # Object with schema name: SlideProperties # Slide specific properties. Only set if page_type = SLIDE.
   },
   "pageSize": { # A width and height. # The size of pages in the presentation.
     "height": { # A magnitude in a single direction in the specified units. # The height of the object.
@@ -13274,12 +14226,7 @@ 
Method Details

       },
       "pageType": "A String", # The type of the page.
       "revisionId": "A String", # The revision ID of the presentation containing this page. Can be used in update requests to assert that the presentation revision hasn't changed since the last read operation. Only populated if the user has edit access to the presentation. The format of the revision ID may change over time, so it should be treated opaquely. A returned revision ID is only guaranteed to be valid for 24 hours after it has been returned and cannot be shared across users. If the revision ID is unchanged between calls, then the presentation has not changed. Conversely, a changed ID (for the same presentation and user) usually means the presentation has been updated; however, a changed ID can also be due to internal factors such as ID format changes.
-      "slideProperties": { # The properties of Page that are only relevant for pages with page_type SLIDE. # Slide specific properties. Only set if page_type = SLIDE.
-        "isSkipped": True or False, # Whether the slide is skipped in the presentation mode. Defaults to false.
-        "layoutObjectId": "A String", # The object ID of the layout that this slide is based on. This property is read-only.
-        "masterObjectId": "A String", # The object ID of the master that this slide is based on. This property is read-only.
-        "notesPage": # Object with schema name: Page # The notes page that this slide is associated with. It defines the visual appearance of a notes page when printing or exporting slides with speaker notes. A notes page inherits properties from the notes master. The placeholder shape with type BODY on the notes page contains the speaker notes for this slide. The ID of this shape is identified by the speakerNotesObjectId field. The notes page is read-only except for the text content and styles of the speaker notes shape. This property is read-only.
-      },
+      "slideProperties": # Object with schema name: SlideProperties # Slide specific properties. Only set if page_type = SLIDE.
     },
   ],
   "title": "A String", # The title of the presentation.
diff --git a/docs/dyn/slides_v1.presentations.pages.html b/docs/dyn/slides_v1.presentations.pages.html
index aab9b5ea3d9..68f1bdaf0f9 100644
--- a/docs/dyn/slides_v1.presentations.pages.html
+++ b/docs/dyn/slides_v1.presentations.pages.html
@@ -1110,12 +1110,7 @@ 
Method Details

   },
   "pageType": "A String", # The type of the page.
   "revisionId": "A String", # The revision ID of the presentation containing this page. Can be used in update requests to assert that the presentation revision hasn't changed since the last read operation. Only populated if the user has edit access to the presentation. The format of the revision ID may change over time, so it should be treated opaquely. A returned revision ID is only guaranteed to be valid for 24 hours after it has been returned and cannot be shared across users. If the revision ID is unchanged between calls, then the presentation has not changed. Conversely, a changed ID (for the same presentation and user) usually means the presentation has been updated; however, a changed ID can also be due to internal factors such as ID format changes.
-  "slideProperties": { # The properties of Page that are only relevant for pages with page_type SLIDE. # Slide specific properties. Only set if page_type = SLIDE.
-    "isSkipped": True or False, # Whether the slide is skipped in the presentation mode. Defaults to false.
-    "layoutObjectId": "A String", # The object ID of the layout that this slide is based on. This property is read-only.
-    "masterObjectId": "A String", # The object ID of the master that this slide is based on. This property is read-only.
-    "notesPage": # Object with schema name: Page # The notes page that this slide is associated with. It defines the visual appearance of a notes page when printing or exporting slides with speaker notes. A notes page inherits properties from the notes master. The placeholder shape with type BODY on the notes page contains the speaker notes for this slide. The ID of this shape is identified by the speakerNotesObjectId field. The notes page is read-only except for the text content and styles of the speaker notes shape. This property is read-only.
-  },
+  "slideProperties": # Object with schema name: SlideProperties # Slide specific properties. Only set if page_type = SLIDE.
 }

 

 
diff --git a/docs/dyn/spanner_v1.projects.instances.databases.sessions.html b/docs/dyn/spanner_v1.projects.instances.databases.sessions.html
index 0dce47116b9..f59904240bc 100644
--- a/docs/dyn/spanner_v1.projects.instances.databases.sessions.html
+++ b/docs/dyn/spanner_v1.projects.instances.databases.sessions.html
@@ -421,7 +421,14 @@ 
Method Details

         "a_key": { # `Type` indicates the type of a Cloud Spanner value, as might be stored in a table cell or returned from an SQL query.
           "arrayElementType": # Object with schema name: Type # If code == ARRAY, then `array_element_type` is the type of the array elements.
           "code": "A String", # Required. The TypeCode for this type.
-          "structType": # Object with schema name: StructType # If code == STRUCT, then `struct_type` provides type information for the struct's fields.
+          "structType": { # `StructType` defines the fields of a STRUCT type. # If code == STRUCT, then `struct_type` provides type information for the struct's fields.
+            "fields": [ # The list of fields that make up this struct. Order is significant, because values of this struct type are represented as lists, where the order of field values matches the order of fields in the StructType. In turn, the order of fields matches the order of columns in a read request, or the order of fields in the `SELECT` clause of a query.
+              { # Message representing a single field of a struct.
+                "name": "A String", # The name of the field. For reads, this is the column name. For SQL queries, it is the column alias (e.g., `"Word"` in the query `"SELECT 'hello' AS Word"`), or the column name (e.g., `"ColName"` in the query `"SELECT ColName FROM Table"`). Some columns might have an empty name (e.g., `"SELECT UPPER(ColName)"`). Note that a query result can contain multiple fields with the same name.
+                "type": # Object with schema name: Type # The type of the field.
+              },
+            ],
+          },
         },
       },
       "params": { # Parameter names and values that bind to placeholders in the DML string. A parameter placeholder consists of the `@` character followed by the parameter name (for example, `@firstName`). Parameter names can contain letters, numbers, and underscores. Parameters can appear anywhere that a literal value is expected. The same parameter name can be used more than once, for example: `"WHERE id > @msg_id AND id < @msg_id + 100"` It is an error to execute a SQL statement with unbound parameters.
@@ -479,11 +486,7 @@ 
Method Details

           "fields": [ # The list of fields that make up this struct. Order is significant, because values of this struct type are represented as lists, where the order of field values matches the order of fields in the StructType. In turn, the order of fields matches the order of columns in a read request, or the order of fields in the `SELECT` clause of a query.
             { # Message representing a single field of a struct.
               "name": "A String", # The name of the field. For reads, this is the column name. For SQL queries, it is the column alias (e.g., `"Word"` in the query `"SELECT 'hello' AS Word"`), or the column name (e.g., `"ColName"` in the query `"SELECT ColName FROM Table"`). Some columns might have an empty name (e.g., `"SELECT UPPER(ColName)"`). Note that a query result can contain multiple fields with the same name.
-              "type": { # `Type` indicates the type of a Cloud Spanner value, as might be stored in a table cell or returned from an SQL query. # The type of the field.
-                "arrayElementType": # Object with schema name: Type # If code == ARRAY, then `array_element_type` is the type of the array elements.
-                "code": "A String", # Required. The TypeCode for this type.
-                "structType": # Object with schema name: StructType # If code == STRUCT, then `struct_type` provides type information for the struct's fields.
-              },
+              "type": # Object with schema name: Type # The type of the field.
             },
           ],
         },
@@ -560,7 +563,14 @@ 
Method Details

     "a_key": { # `Type` indicates the type of a Cloud Spanner value, as might be stored in a table cell or returned from an SQL query.
       "arrayElementType": # Object with schema name: Type # If code == ARRAY, then `array_element_type` is the type of the array elements.
       "code": "A String", # Required. The TypeCode for this type.
-      "structType": # Object with schema name: StructType # If code == STRUCT, then `struct_type` provides type information for the struct's fields.
+      "structType": { # `StructType` defines the fields of a STRUCT type. # If code == STRUCT, then `struct_type` provides type information for the struct's fields.
+        "fields": [ # The list of fields that make up this struct. Order is significant, because values of this struct type are represented as lists, where the order of field values matches the order of fields in the StructType. In turn, the order of fields matches the order of columns in a read request, or the order of fields in the `SELECT` clause of a query.
+          { # Message representing a single field of a struct.
+            "name": "A String", # The name of the field. For reads, this is the column name. For SQL queries, it is the column alias (e.g., `"Word"` in the query `"SELECT 'hello' AS Word"`), or the column name (e.g., `"ColName"` in the query `"SELECT ColName FROM Table"`). Some columns might have an empty name (e.g., `"SELECT UPPER(ColName)"`). Note that a query result can contain multiple fields with the same name.
+            "type": # Object with schema name: Type # The type of the field.
+          },
+        ],
+      },
     },
   },
   "params": { # Parameter names and values that bind to placeholders in the SQL string. A parameter placeholder consists of the `@` character followed by the parameter name (for example, `@firstName`). Parameter names must conform to the naming requirements of identifiers as specified at https://cloud.google.com/spanner/docs/lexical#identifiers. Parameters can appear anywhere that a literal value is expected. The same parameter name can be used more than once, for example: `"WHERE id > @msg_id AND id < @msg_id + 100"` It is an error to execute a SQL statement with unbound parameters.
@@ -627,11 +637,7 @@ 
Method Details

       "fields": [ # The list of fields that make up this struct. Order is significant, because values of this struct type are represented as lists, where the order of field values matches the order of fields in the StructType. In turn, the order of fields matches the order of columns in a read request, or the order of fields in the `SELECT` clause of a query.
         { # Message representing a single field of a struct.
           "name": "A String", # The name of the field. For reads, this is the column name. For SQL queries, it is the column alias (e.g., `"Word"` in the query `"SELECT 'hello' AS Word"`), or the column name (e.g., `"ColName"` in the query `"SELECT ColName FROM Table"`). Some columns might have an empty name (e.g., `"SELECT UPPER(ColName)"`). Note that a query result can contain multiple fields with the same name.
-          "type": { # `Type` indicates the type of a Cloud Spanner value, as might be stored in a table cell or returned from an SQL query. # The type of the field.
-            "arrayElementType": # Object with schema name: Type # If code == ARRAY, then `array_element_type` is the type of the array elements.
-            "code": "A String", # Required. The TypeCode for this type.
-            "structType": # Object with schema name: StructType # If code == STRUCT, then `struct_type` provides type information for the struct's fields.
-          },
+          "type": # Object with schema name: Type # The type of the field.
         },
       ],
     },
@@ -697,7 +703,14 @@ 
Method Details

     "a_key": { # `Type` indicates the type of a Cloud Spanner value, as might be stored in a table cell or returned from an SQL query.
       "arrayElementType": # Object with schema name: Type # If code == ARRAY, then `array_element_type` is the type of the array elements.
       "code": "A String", # Required. The TypeCode for this type.
-      "structType": # Object with schema name: StructType # If code == STRUCT, then `struct_type` provides type information for the struct's fields.
+      "structType": { # `StructType` defines the fields of a STRUCT type. # If code == STRUCT, then `struct_type` provides type information for the struct's fields.
+        "fields": [ # The list of fields that make up this struct. Order is significant, because values of this struct type are represented as lists, where the order of field values matches the order of fields in the StructType. In turn, the order of fields matches the order of columns in a read request, or the order of fields in the `SELECT` clause of a query.
+          { # Message representing a single field of a struct.
+            "name": "A String", # The name of the field. For reads, this is the column name. For SQL queries, it is the column alias (e.g., `"Word"` in the query `"SELECT 'hello' AS Word"`), or the column name (e.g., `"ColName"` in the query `"SELECT ColName FROM Table"`). Some columns might have an empty name (e.g., `"SELECT UPPER(ColName)"`). Note that a query result can contain multiple fields with the same name.
+            "type": # Object with schema name: Type # The type of the field.
+          },
+        ],
+      },
     },
   },
   "params": { # Parameter names and values that bind to placeholders in the SQL string. A parameter placeholder consists of the `@` character followed by the parameter name (for example, `@firstName`). Parameter names must conform to the naming requirements of identifiers as specified at https://cloud.google.com/spanner/docs/lexical#identifiers. Parameters can appear anywhere that a literal value is expected. The same parameter name can be used more than once, for example: `"WHERE id > @msg_id AND id < @msg_id + 100"` It is an error to execute a SQL statement with unbound parameters.
@@ -765,11 +778,7 @@ 
Method Details

       "fields": [ # The list of fields that make up this struct. Order is significant, because values of this struct type are represented as lists, where the order of field values matches the order of fields in the StructType. In turn, the order of fields matches the order of columns in a read request, or the order of fields in the `SELECT` clause of a query.
         { # Message representing a single field of a struct.
           "name": "A String", # The name of the field. For reads, this is the column name. For SQL queries, it is the column alias (e.g., `"Word"` in the query `"SELECT 'hello' AS Word"`), or the column name (e.g., `"ColName"` in the query `"SELECT ColName FROM Table"`). Some columns might have an empty name (e.g., `"SELECT UPPER(ColName)"`). Note that a query result can contain multiple fields with the same name.
-          "type": { # `Type` indicates the type of a Cloud Spanner value, as might be stored in a table cell or returned from an SQL query. # The type of the field.
-            "arrayElementType": # Object with schema name: Type # If code == ARRAY, then `array_element_type` is the type of the array elements.
-            "code": "A String", # Required. The TypeCode for this type.
-            "structType": # Object with schema name: StructType # If code == STRUCT, then `struct_type` provides type information for the struct's fields.
-          },
+          "type": # Object with schema name: Type # The type of the field.
         },
       ],
     },
@@ -904,7 +913,14 @@ 
Method Details

     "a_key": { # `Type` indicates the type of a Cloud Spanner value, as might be stored in a table cell or returned from an SQL query.
       "arrayElementType": # Object with schema name: Type # If code == ARRAY, then `array_element_type` is the type of the array elements.
       "code": "A String", # Required. The TypeCode for this type.
-      "structType": # Object with schema name: StructType # If code == STRUCT, then `struct_type` provides type information for the struct's fields.
+      "structType": { # `StructType` defines the fields of a STRUCT type. # If code == STRUCT, then `struct_type` provides type information for the struct's fields.
+        "fields": [ # The list of fields that make up this struct. Order is significant, because values of this struct type are represented as lists, where the order of field values matches the order of fields in the StructType. In turn, the order of fields matches the order of columns in a read request, or the order of fields in the `SELECT` clause of a query.
+          { # Message representing a single field of a struct.
+            "name": "A String", # The name of the field. For reads, this is the column name. For SQL queries, it is the column alias (e.g., `"Word"` in the query `"SELECT 'hello' AS Word"`), or the column name (e.g., `"ColName"` in the query `"SELECT ColName FROM Table"`). Some columns might have an empty name (e.g., `"SELECT UPPER(ColName)"`). Note that a query result can contain multiple fields with the same name.
+            "type": # Object with schema name: Type # The type of the field.
+          },
+        ],
+      },
     },
   },
   "params": { # Parameter names and values that bind to placeholders in the SQL string. A parameter placeholder consists of the `@` character followed by the parameter name (for example, `@firstName`). Parameter names can contain letters, numbers, and underscores. Parameters can appear anywhere that a literal value is expected. The same parameter name can be used more than once, for example: `"WHERE id > @msg_id AND id < @msg_id + 100"` It is an error to execute a SQL statement with unbound parameters.
@@ -1160,11 +1176,7 @@ 
Method Details

       "fields": [ # The list of fields that make up this struct. Order is significant, because values of this struct type are represented as lists, where the order of field values matches the order of fields in the StructType. In turn, the order of fields matches the order of columns in a read request, or the order of fields in the `SELECT` clause of a query.
         { # Message representing a single field of a struct.
           "name": "A String", # The name of the field. For reads, this is the column name. For SQL queries, it is the column alias (e.g., `"Word"` in the query `"SELECT 'hello' AS Word"`), or the column name (e.g., `"ColName"` in the query `"SELECT ColName FROM Table"`). Some columns might have an empty name (e.g., `"SELECT UPPER(ColName)"`). Note that a query result can contain multiple fields with the same name.
-          "type": { # `Type` indicates the type of a Cloud Spanner value, as might be stored in a table cell or returned from an SQL query. # The type of the field.
-            "arrayElementType": # Object with schema name: Type # If code == ARRAY, then `array_element_type` is the type of the array elements.
-            "code": "A String", # Required. The TypeCode for this type.
-            "structType": # Object with schema name: StructType # If code == STRUCT, then `struct_type` provides type information for the struct's fields.
-          },
+          "type": # Object with schema name: Type # The type of the field.
         },
       ],
     },
@@ -1336,11 +1348,7 @@ 
Method Details

       "fields": [ # The list of fields that make up this struct. Order is significant, because values of this struct type are represented as lists, where the order of field values matches the order of fields in the StructType. In turn, the order of fields matches the order of columns in a read request, or the order of fields in the `SELECT` clause of a query.
         { # Message representing a single field of a struct.
           "name": "A String", # The name of the field. For reads, this is the column name. For SQL queries, it is the column alias (e.g., `"Word"` in the query `"SELECT 'hello' AS Word"`), or the column name (e.g., `"ColName"` in the query `"SELECT ColName FROM Table"`). Some columns might have an empty name (e.g., `"SELECT UPPER(ColName)"`). Note that a query result can contain multiple fields with the same name.
-          "type": { # `Type` indicates the type of a Cloud Spanner value, as might be stored in a table cell or returned from an SQL query. # The type of the field.
-            "arrayElementType": # Object with schema name: Type # If code == ARRAY, then `array_element_type` is the type of the array elements.
-            "code": "A String", # Required. The TypeCode for this type.
-            "structType": # Object with schema name: StructType # If code == STRUCT, then `struct_type` provides type information for the struct's fields.
-          },
+          "type": # Object with schema name: Type # The type of the field.
         },
       ],
     },
diff --git a/docs/dyn/speech_v1.html b/docs/dyn/speech_v1.html
index f97648ff364..f99b8e3bdf2 100644
--- a/docs/dyn/speech_v1.html
+++ b/docs/dyn/speech_v1.html
@@ -79,6 +79,11 @@ 
Instance Methods

 

 
Returns the operations Resource.

 
+

+  projects()
+

+
Returns the projects Resource.

+
 

   speech()
 

diff --git a/docs/dyn/speech_v1.projects.locations.customClasses.html b/docs/dyn/speech_v1.projects.locations.customClasses.html
new file mode 100644
index 00000000000..8d84265cea3
--- /dev/null
+++ b/docs/dyn/speech_v1.projects.locations.customClasses.html
@@ -0,0 +1,273 @@
+
+
+
+
Cloud Speech-to-Text API . projects . locations . customClasses

+
Instance Methods

+

+  close()

+
Close httplib2 connections.

+

+  create(parent, body=None, x__xgafv=None)

+
Create a custom class.

+

+  delete(name, x__xgafv=None)

+
Delete a custom class.

+

+  get(name, x__xgafv=None)

+
Get a custom class.

+

+  list(parent, pageSize=None, pageToken=None, x__xgafv=None)

+
List custom classes.

+

+  list_next(previous_request, previous_response)

+
Retrieves the next page of results.

+

+  patch(name, body=None, updateMask=None, x__xgafv=None)

+
Update a custom class.

+
Method Details

+

+    close()
+  
Close httplib2 connections.

+

+
+

+    create(parent, body=None, x__xgafv=None)
+  
Create a custom class.
+
+Args:
+  parent: string, Required. The parent resource where this custom class will be created. Format: {api_version}/projects/{project}/locations/{location}/customClasses (required)
+  body: object, The request body.
+    The object takes the form of:
+
+{ # Message sent by the client for the `CreateCustomClass` method.
+  "customClass": { # A set of words or phrases that represents a common concept likely to appear in your audio, for example a list of passenger ship names. CustomClass items can be substituted into placeholders that you set in PhraseSet phrases. # Required. The custom class to create.
+    "customClassId": "A String", # If this custom class is a resource, the custom_class_id is the resource id of the CustomClass. Case sensitive.
+    "items": [ # A collection of class items.
+      { # An item of the class.
+        "value": "A String", # The class item's value.
+      },
+    ],
+    "name": "A String", # The resource name of the custom class.
+  },
+  "customClassId": "A String", # Required. The ID to use for the custom class, which will become the final component of the custom class' resource name. This value should be 4-63 characters, and valid characters are /a-z-/.
+}
+
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # A set of words or phrases that represents a common concept likely to appear in your audio, for example a list of passenger ship names. CustomClass items can be substituted into placeholders that you set in PhraseSet phrases.
+  "customClassId": "A String", # If this custom class is a resource, the custom_class_id is the resource id of the CustomClass. Case sensitive.
+  "items": [ # A collection of class items.
+    { # An item of the class.
+      "value": "A String", # The class item's value.
+    },
+  ],
+  "name": "A String", # The resource name of the custom class.
+}

+

+
+

+    delete(name, x__xgafv=None)
+  
Delete a custom class.
+
+Args:
+  name: string, Required. The name of the custom class to delete. Format: {api_version}/projects/{project}/locations/{location}/customClasses/{custom_class} (required)
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for `Empty` is empty JSON object `{}`.
+}

+

+
+

+    get(name, x__xgafv=None)
+  
Get a custom class.
+
+Args:
+  name: string, Required. The name of the custom class to retrieve. Format: {api_version}/projects/{project}/locations/{location}/customClasses/{custom_class} (required)
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # A set of words or phrases that represents a common concept likely to appear in your audio, for example a list of passenger ship names. CustomClass items can be substituted into placeholders that you set in PhraseSet phrases.
+  "customClassId": "A String", # If this custom class is a resource, the custom_class_id is the resource id of the CustomClass. Case sensitive.
+  "items": [ # A collection of class items.
+    { # An item of the class.
+      "value": "A String", # The class item's value.
+    },
+  ],
+  "name": "A String", # The resource name of the custom class.
+}

+

+
+

+    list(parent, pageSize=None, pageToken=None, x__xgafv=None)
+  
List custom classes.
+
+Args:
+  parent: string, Required. The parent, which owns this collection of custom classes. Format: {api_version}/projects/{project}/locations/{location}/customClasses (required)
+  pageSize: integer, The maximum number of custom classes to return. The service may return fewer than this value. If unspecified, at most 50 custom classes will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
+  pageToken: string, A page token, received from a previous `ListCustomClass` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListCustomClass` must match the call that provided the page token.
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # Message returned to the client by the `ListCustomClasses` method.
+  "customClasses": [ # The custom classes.
+    { # A set of words or phrases that represents a common concept likely to appear in your audio, for example a list of passenger ship names. CustomClass items can be substituted into placeholders that you set in PhraseSet phrases.
+      "customClassId": "A String", # If this custom class is a resource, the custom_class_id is the resource id of the CustomClass. Case sensitive.
+      "items": [ # A collection of class items.
+        { # An item of the class.
+          "value": "A String", # The class item's value.
+        },
+      ],
+      "name": "A String", # The resource name of the custom class.
+    },
+  ],
+  "nextPageToken": "A String", # A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.
+}

+

+
+

+    list_next(previous_request, previous_response)
+  
Retrieves the next page of results.
+
+Args:
+  previous_request: The request for the previous page. (required)
+  previous_response: The response from the request for the previous page. (required)
+
+Returns:
+  A request object that you can call 'execute()' on to request the next
+  page. Returns None if there are no more items in the collection.
+    

+

+
+

+    patch(name, body=None, updateMask=None, x__xgafv=None)
+  
Update a custom class.
+
+Args:
+  name: string, The resource name of the custom class. (required)
+  body: object, The request body.
+    The object takes the form of:
+
+{ # A set of words or phrases that represents a common concept likely to appear in your audio, for example a list of passenger ship names. CustomClass items can be substituted into placeholders that you set in PhraseSet phrases.
+  "customClassId": "A String", # If this custom class is a resource, the custom_class_id is the resource id of the CustomClass. Case sensitive.
+  "items": [ # A collection of class items.
+    { # An item of the class.
+      "value": "A String", # The class item's value.
+    },
+  ],
+  "name": "A String", # The resource name of the custom class.
+}
+
+  updateMask: string, The list of fields to be updated.
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # A set of words or phrases that represents a common concept likely to appear in your audio, for example a list of passenger ship names. CustomClass items can be substituted into placeholders that you set in PhraseSet phrases.
+  "customClassId": "A String", # If this custom class is a resource, the custom_class_id is the resource id of the CustomClass. Case sensitive.
+  "items": [ # A collection of class items.
+    { # An item of the class.
+      "value": "A String", # The class item's value.
+    },
+  ],
+  "name": "A String", # The resource name of the custom class.
+}

+

+
+
\ No newline at end of file
diff --git a/docs/dyn/speech_v1.projects.locations.html b/docs/dyn/speech_v1.projects.locations.html
index f88e5313414..e92f8ae8d4e 100644
--- a/docs/dyn/speech_v1.projects.locations.html
+++ b/docs/dyn/speech_v1.projects.locations.html
@@ -75,9 +75,14 @@
 
Cloud Speech-to-Text API . projects . locations

 
Instance Methods

 

-  operations()
+  customClasses()
 

-
Returns the operations Resource.

+
Returns the customClasses Resource.

+
+

+  phraseSets()
+

+
Returns the phraseSets Resource.

 
 

   close()

diff --git a/docs/dyn/speech_v1.projects.locations.phraseSets.html b/docs/dyn/speech_v1.projects.locations.phraseSets.html
new file mode 100644
index 00000000000..df16ee78f8d
--- /dev/null
+++ b/docs/dyn/speech_v1.projects.locations.phraseSets.html
@@ -0,0 +1,279 @@
+
+
+
+
Cloud Speech-to-Text API . projects . locations . phraseSets

+
Instance Methods

+

+  close()

+
Close httplib2 connections.

+

+  create(parent, body=None, x__xgafv=None)

+
Create a set of phrase hints. Each item in the set can be a single word or a multi-word phrase. The items in the PhraseSet are favored by the recognition model when you send a call that includes the PhraseSet.

+

+  delete(name, x__xgafv=None)

+
Delete a phrase set.

+

+  get(name, x__xgafv=None)

+
Get a phrase set.

+

+  list(parent, pageSize=None, pageToken=None, x__xgafv=None)

+
List phrase sets.

+

+  list_next(previous_request, previous_response)

+
Retrieves the next page of results.

+

+  patch(name, body=None, updateMask=None, x__xgafv=None)

+
Update a phrase set.

+
Method Details

+

+    close()
+  
Close httplib2 connections.

+

+
+

+    create(parent, body=None, x__xgafv=None)
+  
Create a set of phrase hints. Each item in the set can be a single word or a multi-word phrase. The items in the PhraseSet are favored by the recognition model when you send a call that includes the PhraseSet.
+
+Args:
+  parent: string, Required. The parent resource where this phrase set will be created. Format: {api_version}/projects/{project}/locations/{location}/phraseSets (required)
+  body: object, The request body.
+    The object takes the form of:
+
+{ # Message sent by the client for the `CreatePhraseSet` method.
+  "phraseSet": { # Provides "hints" to the speech recognizer to favor specific words and phrases in the results. # Required. The phrase set to create.
+    "boost": 3.14, # Hint Boost. Positive value will increase the probability that a specific phrase will be recognized over other similar sounding phrases. The higher the boost, the higher the chance of false positive recognition as well. Negative boost values would correspond to anti-biasing. Anti-biasing is not enabled, so negative boost will simply be ignored. Though `boost` can accept a wide range of positive values, most use cases are best served with values between 0 (exclusive) and 20. We recommend using a binary search approach to finding the optimal value for your use case. Speech recognition will skip PhraseSets with a boost value of 0.
+    "name": "A String", # The resource name of the phrase set.
+    "phrases": [ # A list of word and phrases.
+      { # A phrases containing words and phrase "hints" so that the speech recognition is more likely to recognize them. This can be used to improve the accuracy for specific words and phrases, for example, if specific commands are typically spoken by the user. This can also be used to add additional words to the vocabulary of the recognizer. See [usage limits](https://cloud.google.com/speech-to-text/quotas#content). List items can also include pre-built or custom classes containing groups of words that represent common concepts that occur in natural language. For example, rather than providing a phrase hint for every month of the year (e.g. "i was born in january", "i was born in febuary", ...), use the pre-built `$MONTH` class improves the likelihood of correctly transcribing audio that includes months (e.g. "i was born in $month"). To refer to pre-built classes, use the class' symbol prepended with `$` e.g. `$MONTH`. To refer to custom classes that were defined inline in the request, set the class's `custom_class_id` to a string unique to all class resources and inline classes. Then use the class' id wrapped in $`{...}` e.g. "${my-months}". To refer to custom classes resources, use the class' id wrapped in `${}` (e.g. `${my-months}`).
+        "boost": 3.14, # Hint Boost. Overrides the boost set at the phrase set level. Positive value will increase the probability that a specific phrase will be recognized over other similar sounding phrases. The higher the boost, the higher the chance of false positive recognition as well. Negative boost will simply be ignored. Though `boost` can accept a wide range of positive values, most use cases are best served with values between 0 and 20. We recommend using a binary search approach to finding the optimal value for your use case. Speech recognition will skip PhraseSets with a boost value of 0.
+        "value": "A String", # The phrase itself.
+      },
+    ],
+  },
+  "phraseSetId": "A String", # Required. The ID to use for the phrase set, which will become the final component of the phrase set's resource name. This value should be 4-63 characters, and valid characters are /a-z-/.
+}
+
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # Provides "hints" to the speech recognizer to favor specific words and phrases in the results.
+  "boost": 3.14, # Hint Boost. Positive value will increase the probability that a specific phrase will be recognized over other similar sounding phrases. The higher the boost, the higher the chance of false positive recognition as well. Negative boost values would correspond to anti-biasing. Anti-biasing is not enabled, so negative boost will simply be ignored. Though `boost` can accept a wide range of positive values, most use cases are best served with values between 0 (exclusive) and 20. We recommend using a binary search approach to finding the optimal value for your use case. Speech recognition will skip PhraseSets with a boost value of 0.
+  "name": "A String", # The resource name of the phrase set.
+  "phrases": [ # A list of word and phrases.
+    { # A phrases containing words and phrase "hints" so that the speech recognition is more likely to recognize them. This can be used to improve the accuracy for specific words and phrases, for example, if specific commands are typically spoken by the user. This can also be used to add additional words to the vocabulary of the recognizer. See [usage limits](https://cloud.google.com/speech-to-text/quotas#content). List items can also include pre-built or custom classes containing groups of words that represent common concepts that occur in natural language. For example, rather than providing a phrase hint for every month of the year (e.g. "i was born in january", "i was born in febuary", ...), use the pre-built `$MONTH` class improves the likelihood of correctly transcribing audio that includes months (e.g. "i was born in $month"). To refer to pre-built classes, use the class' symbol prepended with `$` e.g. `$MONTH`. To refer to custom classes that were defined inline in the request, set the class's `custom_class_id` to a string unique to all class resources and inline classes. Then use the class' id wrapped in $`{...}` e.g. "${my-months}". To refer to custom classes resources, use the class' id wrapped in `${}` (e.g. `${my-months}`).
+      "boost": 3.14, # Hint Boost. Overrides the boost set at the phrase set level. Positive value will increase the probability that a specific phrase will be recognized over other similar sounding phrases. The higher the boost, the higher the chance of false positive recognition as well. Negative boost will simply be ignored. Though `boost` can accept a wide range of positive values, most use cases are best served with values between 0 and 20. We recommend using a binary search approach to finding the optimal value for your use case. Speech recognition will skip PhraseSets with a boost value of 0.
+      "value": "A String", # The phrase itself.
+    },
+  ],
+}

+

+
+

+    delete(name, x__xgafv=None)
+  
Delete a phrase set.
+
+Args:
+  name: string, Required. The name of the phrase set to delete. Format: {api_version}/projects/{project}/locations/{location}/phraseSets/{phrase_set} (required)
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for `Empty` is empty JSON object `{}`.
+}

+

+
+

+    get(name, x__xgafv=None)
+  
Get a phrase set.
+
+Args:
+  name: string, Required. The name of the phrase set to retrieve. Format: {api_version}/projects/{project}/locations/{location}/phraseSets/{phrase_set} (required)
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # Provides "hints" to the speech recognizer to favor specific words and phrases in the results.
+  "boost": 3.14, # Hint Boost. Positive value will increase the probability that a specific phrase will be recognized over other similar sounding phrases. The higher the boost, the higher the chance of false positive recognition as well. Negative boost values would correspond to anti-biasing. Anti-biasing is not enabled, so negative boost will simply be ignored. Though `boost` can accept a wide range of positive values, most use cases are best served with values between 0 (exclusive) and 20. We recommend using a binary search approach to finding the optimal value for your use case. Speech recognition will skip PhraseSets with a boost value of 0.
+  "name": "A String", # The resource name of the phrase set.
+  "phrases": [ # A list of word and phrases.
+    { # A phrases containing words and phrase "hints" so that the speech recognition is more likely to recognize them. This can be used to improve the accuracy for specific words and phrases, for example, if specific commands are typically spoken by the user. This can also be used to add additional words to the vocabulary of the recognizer. See [usage limits](https://cloud.google.com/speech-to-text/quotas#content). List items can also include pre-built or custom classes containing groups of words that represent common concepts that occur in natural language. For example, rather than providing a phrase hint for every month of the year (e.g. "i was born in january", "i was born in febuary", ...), use the pre-built `$MONTH` class improves the likelihood of correctly transcribing audio that includes months (e.g. "i was born in $month"). To refer to pre-built classes, use the class' symbol prepended with `$` e.g. `$MONTH`. To refer to custom classes that were defined inline in the request, set the class's `custom_class_id` to a string unique to all class resources and inline classes. Then use the class' id wrapped in $`{...}` e.g. "${my-months}". To refer to custom classes resources, use the class' id wrapped in `${}` (e.g. `${my-months}`).
+      "boost": 3.14, # Hint Boost. Overrides the boost set at the phrase set level. Positive value will increase the probability that a specific phrase will be recognized over other similar sounding phrases. The higher the boost, the higher the chance of false positive recognition as well. Negative boost will simply be ignored. Though `boost` can accept a wide range of positive values, most use cases are best served with values between 0 and 20. We recommend using a binary search approach to finding the optimal value for your use case. Speech recognition will skip PhraseSets with a boost value of 0.
+      "value": "A String", # The phrase itself.
+    },
+  ],
+}

+

+
+

+    list(parent, pageSize=None, pageToken=None, x__xgafv=None)
+  
List phrase sets.
+
+Args:
+  parent: string, Required. The parent, which owns this collection of phrase set. Format: projects/{project}/locations/{location} (required)
+  pageSize: integer, The maximum number of phrase sets to return. The service may return fewer than this value. If unspecified, at most 50 phrase sets will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
+  pageToken: string, A page token, received from a previous `ListPhraseSet` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListPhraseSet` must match the call that provided the page token.
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # Message returned to the client by the `ListPhraseSet` method.
+  "nextPageToken": "A String", # A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.
+  "phraseSets": [ # The phrase set.
+    { # Provides "hints" to the speech recognizer to favor specific words and phrases in the results.
+      "boost": 3.14, # Hint Boost. Positive value will increase the probability that a specific phrase will be recognized over other similar sounding phrases. The higher the boost, the higher the chance of false positive recognition as well. Negative boost values would correspond to anti-biasing. Anti-biasing is not enabled, so negative boost will simply be ignored. Though `boost` can accept a wide range of positive values, most use cases are best served with values between 0 (exclusive) and 20. We recommend using a binary search approach to finding the optimal value for your use case. Speech recognition will skip PhraseSets with a boost value of 0.
+      "name": "A String", # The resource name of the phrase set.
+      "phrases": [ # A list of word and phrases.
+        { # A phrases containing words and phrase "hints" so that the speech recognition is more likely to recognize them. This can be used to improve the accuracy for specific words and phrases, for example, if specific commands are typically spoken by the user. This can also be used to add additional words to the vocabulary of the recognizer. See [usage limits](https://cloud.google.com/speech-to-text/quotas#content). List items can also include pre-built or custom classes containing groups of words that represent common concepts that occur in natural language. For example, rather than providing a phrase hint for every month of the year (e.g. "i was born in january", "i was born in febuary", ...), use the pre-built `$MONTH` class improves the likelihood of correctly transcribing audio that includes months (e.g. "i was born in $month"). To refer to pre-built classes, use the class' symbol prepended with `$` e.g. `$MONTH`. To refer to custom classes that were defined inline in the request, set the class's `custom_class_id` to a string unique to all class resources and inline classes. Then use the class' id wrapped in $`{...}` e.g. "${my-months}". To refer to custom classes resources, use the class' id wrapped in `${}` (e.g. `${my-months}`).
+          "boost": 3.14, # Hint Boost. Overrides the boost set at the phrase set level. Positive value will increase the probability that a specific phrase will be recognized over other similar sounding phrases. The higher the boost, the higher the chance of false positive recognition as well. Negative boost will simply be ignored. Though `boost` can accept a wide range of positive values, most use cases are best served with values between 0 and 20. We recommend using a binary search approach to finding the optimal value for your use case. Speech recognition will skip PhraseSets with a boost value of 0.
+          "value": "A String", # The phrase itself.
+        },
+      ],
+    },
+  ],
+}

+

+
+

+    list_next(previous_request, previous_response)
+  
Retrieves the next page of results.
+
+Args:
+  previous_request: The request for the previous page. (required)
+  previous_response: The response from the request for the previous page. (required)
+
+Returns:
+  A request object that you can call 'execute()' on to request the next
+  page. Returns None if there are no more items in the collection.
+    

+

+
+

+    patch(name, body=None, updateMask=None, x__xgafv=None)
+  
Update a phrase set.
+
+Args:
+  name: string, The resource name of the phrase set. (required)
+  body: object, The request body.
+    The object takes the form of:
+
+{ # Provides "hints" to the speech recognizer to favor specific words and phrases in the results.
+  "boost": 3.14, # Hint Boost. Positive value will increase the probability that a specific phrase will be recognized over other similar sounding phrases. The higher the boost, the higher the chance of false positive recognition as well. Negative boost values would correspond to anti-biasing. Anti-biasing is not enabled, so negative boost will simply be ignored. Though `boost` can accept a wide range of positive values, most use cases are best served with values between 0 (exclusive) and 20. We recommend using a binary search approach to finding the optimal value for your use case. Speech recognition will skip PhraseSets with a boost value of 0.
+  "name": "A String", # The resource name of the phrase set.
+  "phrases": [ # A list of word and phrases.
+    { # A phrases containing words and phrase "hints" so that the speech recognition is more likely to recognize them. This can be used to improve the accuracy for specific words and phrases, for example, if specific commands are typically spoken by the user. This can also be used to add additional words to the vocabulary of the recognizer. See [usage limits](https://cloud.google.com/speech-to-text/quotas#content). List items can also include pre-built or custom classes containing groups of words that represent common concepts that occur in natural language. For example, rather than providing a phrase hint for every month of the year (e.g. "i was born in january", "i was born in febuary", ...), use the pre-built `$MONTH` class improves the likelihood of correctly transcribing audio that includes months (e.g. "i was born in $month"). To refer to pre-built classes, use the class' symbol prepended with `$` e.g. `$MONTH`. To refer to custom classes that were defined inline in the request, set the class's `custom_class_id` to a string unique to all class resources and inline classes. Then use the class' id wrapped in $`{...}` e.g. "${my-months}". To refer to custom classes resources, use the class' id wrapped in `${}` (e.g. `${my-months}`).
+      "boost": 3.14, # Hint Boost. Overrides the boost set at the phrase set level. Positive value will increase the probability that a specific phrase will be recognized over other similar sounding phrases. The higher the boost, the higher the chance of false positive recognition as well. Negative boost will simply be ignored. Though `boost` can accept a wide range of positive values, most use cases are best served with values between 0 and 20. We recommend using a binary search approach to finding the optimal value for your use case. Speech recognition will skip PhraseSets with a boost value of 0.
+      "value": "A String", # The phrase itself.
+    },
+  ],
+}
+
+  updateMask: string, The list of fields to be updated.
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # Provides "hints" to the speech recognizer to favor specific words and phrases in the results.
+  "boost": 3.14, # Hint Boost. Positive value will increase the probability that a specific phrase will be recognized over other similar sounding phrases. The higher the boost, the higher the chance of false positive recognition as well. Negative boost values would correspond to anti-biasing. Anti-biasing is not enabled, so negative boost will simply be ignored. Though `boost` can accept a wide range of positive values, most use cases are best served with values between 0 (exclusive) and 20. We recommend using a binary search approach to finding the optimal value for your use case. Speech recognition will skip PhraseSets with a boost value of 0.
+  "name": "A String", # The resource name of the phrase set.
+  "phrases": [ # A list of word and phrases.
+    { # A phrases containing words and phrase "hints" so that the speech recognition is more likely to recognize them. This can be used to improve the accuracy for specific words and phrases, for example, if specific commands are typically spoken by the user. This can also be used to add additional words to the vocabulary of the recognizer. See [usage limits](https://cloud.google.com/speech-to-text/quotas#content). List items can also include pre-built or custom classes containing groups of words that represent common concepts that occur in natural language. For example, rather than providing a phrase hint for every month of the year (e.g. "i was born in january", "i was born in febuary", ...), use the pre-built `$MONTH` class improves the likelihood of correctly transcribing audio that includes months (e.g. "i was born in $month"). To refer to pre-built classes, use the class' symbol prepended with `$` e.g. `$MONTH`. To refer to custom classes that were defined inline in the request, set the class's `custom_class_id` to a string unique to all class resources and inline classes. Then use the class' id wrapped in $`{...}` e.g. "${my-months}". To refer to custom classes resources, use the class' id wrapped in `${}` (e.g. `${my-months}`).
+      "boost": 3.14, # Hint Boost. Overrides the boost set at the phrase set level. Positive value will increase the probability that a specific phrase will be recognized over other similar sounding phrases. The higher the boost, the higher the chance of false positive recognition as well. Negative boost will simply be ignored. Though `boost` can accept a wide range of positive values, most use cases are best served with values between 0 and 20. We recommend using a binary search approach to finding the optimal value for your use case. Speech recognition will skip PhraseSets with a boost value of 0.
+      "value": "A String", # The phrase itself.
+    },
+  ],
+}

+

+
+
\ No newline at end of file
diff --git a/docs/dyn/speech_v1.speech.html b/docs/dyn/speech_v1.speech.html
index bd6eacd0c75..700556f7802 100644
--- a/docs/dyn/speech_v1.speech.html
+++ b/docs/dyn/speech_v1.speech.html
@@ -103,6 +103,34 @@ 
Method Details

     "uri": "A String", # URI that points to a file that contains audio data bytes as specified in `RecognitionConfig`. The file must not be compressed (for example, gzip). Currently, only Google Cloud Storage URIs are supported, which must be specified in the following format: `gs://bucket_name/object_name` (other URI formats return google.rpc.Code.INVALID_ARGUMENT). For more information, see [Request URIs](https://cloud.google.com/storage/docs/reference-uris).
   },
   "config": { # Provides information to the recognizer that specifies how to process the request. # Required. Provides information to the recognizer that specifies how to process the request.
+    "adaptation": { # Speech adaptation configuration. # Speech adaptation configuration improves the accuracy of speech recognition. For more information, see the [speech adaptation](https://cloud.google.com/speech-to-text/docs/adaptation) documentation. When speech adaptation is set it supersedes the `speech_contexts` field.
+      "customClasses": [ # A collection of custom classes. To specify the classes inline, leave the class' `name` blank and fill in the rest of its fields, giving it a unique `custom_class_id`. Refer to the inline defined class in phrase hints by its `custom_class_id`.
+        { # A set of words or phrases that represents a common concept likely to appear in your audio, for example a list of passenger ship names. CustomClass items can be substituted into placeholders that you set in PhraseSet phrases.
+          "customClassId": "A String", # If this custom class is a resource, the custom_class_id is the resource id of the CustomClass. Case sensitive.
+          "items": [ # A collection of class items.
+            { # An item of the class.
+              "value": "A String", # The class item's value.
+            },
+          ],
+          "name": "A String", # The resource name of the custom class.
+        },
+      ],
+      "phraseSetReferences": [ # A collection of phrase set resource names to use.
+        "A String",
+      ],
+      "phraseSets": [ # A collection of phrase sets. To specify the hints inline, leave the phrase set's `name` blank and fill in the rest of its fields. Any phrase set can use any custom class.
+        { # Provides "hints" to the speech recognizer to favor specific words and phrases in the results.
+          "boost": 3.14, # Hint Boost. Positive value will increase the probability that a specific phrase will be recognized over other similar sounding phrases. The higher the boost, the higher the chance of false positive recognition as well. Negative boost values would correspond to anti-biasing. Anti-biasing is not enabled, so negative boost will simply be ignored. Though `boost` can accept a wide range of positive values, most use cases are best served with values between 0 (exclusive) and 20. We recommend using a binary search approach to finding the optimal value for your use case. Speech recognition will skip PhraseSets with a boost value of 0.
+          "name": "A String", # The resource name of the phrase set.
+          "phrases": [ # A list of word and phrases.
+            { # A phrases containing words and phrase "hints" so that the speech recognition is more likely to recognize them. This can be used to improve the accuracy for specific words and phrases, for example, if specific commands are typically spoken by the user. This can also be used to add additional words to the vocabulary of the recognizer. See [usage limits](https://cloud.google.com/speech-to-text/quotas#content). List items can also include pre-built or custom classes containing groups of words that represent common concepts that occur in natural language. For example, rather than providing a phrase hint for every month of the year (e.g. "i was born in january", "i was born in febuary", ...), use the pre-built `$MONTH` class improves the likelihood of correctly transcribing audio that includes months (e.g. "i was born in $month"). To refer to pre-built classes, use the class' symbol prepended with `$` e.g. `$MONTH`. To refer to custom classes that were defined inline in the request, set the class's `custom_class_id` to a string unique to all class resources and inline classes. Then use the class' id wrapped in $`{...}` e.g. "${my-months}". To refer to custom classes resources, use the class' id wrapped in `${}` (e.g. `${my-months}`).
+              "boost": 3.14, # Hint Boost. Overrides the boost set at the phrase set level. Positive value will increase the probability that a specific phrase will be recognized over other similar sounding phrases. The higher the boost, the higher the chance of false positive recognition as well. Negative boost will simply be ignored. Though `boost` can accept a wide range of positive values, most use cases are best served with values between 0 and 20. We recommend using a binary search approach to finding the optimal value for your use case. Speech recognition will skip PhraseSets with a boost value of 0.
+              "value": "A String", # The phrase itself.
+            },
+          ],
+        },
+      ],
+    },
     "alternativeLanguageCodes": [ # A list of up to 3 additional [BCP-47](https://www.rfc-editor.org/rfc/bcp/bcp47.txt) language tags, listing possible alternative languages of the supplied audio. See [Language Support](https://cloud.google.com/speech-to-text/docs/languages) for a list of the currently supported language codes. If alternative languages are listed, recognition result will contain recognition in the most likely language detected including the main language_code. The recognition result will include the language tag of the language detected in the audio. Note: This feature is only supported for Voice Command and Voice Search use cases and performance may vary for other use cases (e.g., phone call transcription).
       "A String",
     ],
@@ -137,6 +165,7 @@ 
Method Details

     "sampleRateHertz": 42, # Sample rate in Hertz of the audio data sent in all `RecognitionAudio` messages. Valid values are: 8000-48000. 16000 is optimal. For best results, set the sampling rate of the audio source to 16000 Hz. If that's not possible, use the native sample rate of the audio source (instead of re-sampling). This field is optional for FLAC and WAV audio files, but is required for all other audio formats. For details, see AudioEncoding.
     "speechContexts": [ # Array of SpeechContext. A means to provide context to assist the speech recognition. For more information, see [speech adaptation](https://cloud.google.com/speech-to-text/docs/adaptation).
       { # Provides "hints" to the speech recognizer to favor specific words and phrases in the results.
+        "boost": 3.14, # Hint Boost. Positive value will increase the probability that a specific phrase will be recognized over other similar sounding phrases. The higher the boost, the higher the chance of false positive recognition as well. Negative boost values would correspond to anti-biasing. Anti-biasing is not enabled, so negative boost will simply be ignored. Though `boost` can accept a wide range of positive values, most use cases are best served with values between 0 and 20. We recommend using a binary search approach to finding the optimal value for your use case.
         "phrases": [ # A list of strings containing words and phrases "hints" so that the speech recognition is more likely to recognize them. This can be used to improve the accuracy for specific words and phrases, for example, if specific commands are typically spoken by the user. This can also be used to add additional words to the vocabulary of the recognizer. See [usage limits](https://cloud.google.com/speech-to-text/quotas#content). List items can also be set to classes for groups of words that represent common concepts that occur in natural language. For example, rather than providing phrase hints for every month of the year, using the $MONTH class improves the likelihood of correctly transcribing audio that includes months.
           "A String",
         ],
@@ -192,6 +221,34 @@ 
Method Details

     "uri": "A String", # URI that points to a file that contains audio data bytes as specified in `RecognitionConfig`. The file must not be compressed (for example, gzip). Currently, only Google Cloud Storage URIs are supported, which must be specified in the following format: `gs://bucket_name/object_name` (other URI formats return google.rpc.Code.INVALID_ARGUMENT). For more information, see [Request URIs](https://cloud.google.com/storage/docs/reference-uris).
   },
   "config": { # Provides information to the recognizer that specifies how to process the request. # Required. Provides information to the recognizer that specifies how to process the request.
+    "adaptation": { # Speech adaptation configuration. # Speech adaptation configuration improves the accuracy of speech recognition. For more information, see the [speech adaptation](https://cloud.google.com/speech-to-text/docs/adaptation) documentation. When speech adaptation is set it supersedes the `speech_contexts` field.
+      "customClasses": [ # A collection of custom classes. To specify the classes inline, leave the class' `name` blank and fill in the rest of its fields, giving it a unique `custom_class_id`. Refer to the inline defined class in phrase hints by its `custom_class_id`.
+        { # A set of words or phrases that represents a common concept likely to appear in your audio, for example a list of passenger ship names. CustomClass items can be substituted into placeholders that you set in PhraseSet phrases.
+          "customClassId": "A String", # If this custom class is a resource, the custom_class_id is the resource id of the CustomClass. Case sensitive.
+          "items": [ # A collection of class items.
+            { # An item of the class.
+              "value": "A String", # The class item's value.
+            },
+          ],
+          "name": "A String", # The resource name of the custom class.
+        },
+      ],
+      "phraseSetReferences": [ # A collection of phrase set resource names to use.
+        "A String",
+      ],
+      "phraseSets": [ # A collection of phrase sets. To specify the hints inline, leave the phrase set's `name` blank and fill in the rest of its fields. Any phrase set can use any custom class.
+        { # Provides "hints" to the speech recognizer to favor specific words and phrases in the results.
+          "boost": 3.14, # Hint Boost. Positive value will increase the probability that a specific phrase will be recognized over other similar sounding phrases. The higher the boost, the higher the chance of false positive recognition as well. Negative boost values would correspond to anti-biasing. Anti-biasing is not enabled, so negative boost will simply be ignored. Though `boost` can accept a wide range of positive values, most use cases are best served with values between 0 (exclusive) and 20. We recommend using a binary search approach to finding the optimal value for your use case. Speech recognition will skip PhraseSets with a boost value of 0.
+          "name": "A String", # The resource name of the phrase set.
+          "phrases": [ # A list of word and phrases.
+            { # A phrases containing words and phrase "hints" so that the speech recognition is more likely to recognize them. This can be used to improve the accuracy for specific words and phrases, for example, if specific commands are typically spoken by the user. This can also be used to add additional words to the vocabulary of the recognizer. See [usage limits](https://cloud.google.com/speech-to-text/quotas#content). List items can also include pre-built or custom classes containing groups of words that represent common concepts that occur in natural language. For example, rather than providing a phrase hint for every month of the year (e.g. "i was born in january", "i was born in febuary", ...), use the pre-built `$MONTH` class improves the likelihood of correctly transcribing audio that includes months (e.g. "i was born in $month"). To refer to pre-built classes, use the class' symbol prepended with `$` e.g. `$MONTH`. To refer to custom classes that were defined inline in the request, set the class's `custom_class_id` to a string unique to all class resources and inline classes. Then use the class' id wrapped in $`{...}` e.g. "${my-months}". To refer to custom classes resources, use the class' id wrapped in `${}` (e.g. `${my-months}`).
+              "boost": 3.14, # Hint Boost. Overrides the boost set at the phrase set level. Positive value will increase the probability that a specific phrase will be recognized over other similar sounding phrases. The higher the boost, the higher the chance of false positive recognition as well. Negative boost will simply be ignored. Though `boost` can accept a wide range of positive values, most use cases are best served with values between 0 and 20. We recommend using a binary search approach to finding the optimal value for your use case. Speech recognition will skip PhraseSets with a boost value of 0.
+              "value": "A String", # The phrase itself.
+            },
+          ],
+        },
+      ],
+    },
     "alternativeLanguageCodes": [ # A list of up to 3 additional [BCP-47](https://www.rfc-editor.org/rfc/bcp/bcp47.txt) language tags, listing possible alternative languages of the supplied audio. See [Language Support](https://cloud.google.com/speech-to-text/docs/languages) for a list of the currently supported language codes. If alternative languages are listed, recognition result will contain recognition in the most likely language detected including the main language_code. The recognition result will include the language tag of the language detected in the audio. Note: This feature is only supported for Voice Command and Voice Search use cases and performance may vary for other use cases (e.g., phone call transcription).
       "A String",
     ],
@@ -226,6 +283,7 @@ 
Method Details

     "sampleRateHertz": 42, # Sample rate in Hertz of the audio data sent in all `RecognitionAudio` messages. Valid values are: 8000-48000. 16000 is optimal. For best results, set the sampling rate of the audio source to 16000 Hz. If that's not possible, use the native sample rate of the audio source (instead of re-sampling). This field is optional for FLAC and WAV audio files, but is required for all other audio formats. For details, see AudioEncoding.
     "speechContexts": [ # Array of SpeechContext. A means to provide context to assist the speech recognition. For more information, see [speech adaptation](https://cloud.google.com/speech-to-text/docs/adaptation).
       { # Provides "hints" to the speech recognizer to favor specific words and phrases in the results.
+        "boost": 3.14, # Hint Boost. Positive value will increase the probability that a specific phrase will be recognized over other similar sounding phrases. The higher the boost, the higher the chance of false positive recognition as well. Negative boost values would correspond to anti-biasing. Anti-biasing is not enabled, so negative boost will simply be ignored. Though `boost` can accept a wide range of positive values, most use cases are best served with values between 0 and 20. We recommend using a binary search approach to finding the optimal value for your use case.
         "phrases": [ # A list of strings containing words and phrases "hints" so that the speech recognition is more likely to recognize them. This can be used to improve the accuracy for specific words and phrases, for example, if specific commands are typically spoken by the user. This can also be used to add additional words to the vocabulary of the recognizer. See [usage limits](https://cloud.google.com/speech-to-text/quotas#content). List items can also be set to classes for groups of words that represent common concepts that occur in natural language. For example, rather than providing phrase hints for every month of the year, using the $MONTH class improves the likelihood of correctly transcribing audio that includes months.
           "A String",
         ],
@@ -263,6 +321,7 @@ 
Method Details

       ],
       "channelTag": 42, # For multi-channel audio, this is the channel number corresponding to the recognized result for the audio from that channel. For audio_channel_count = N, its output values can range from '1' to 'N'.
       "languageCode": "A String", # Output only. The [BCP-47](https://www.rfc-editor.org/rfc/bcp/bcp47.txt) language tag of the language in this result. This language code was detected to have the most likelihood of being spoken in the audio.
+      "resultEndTime": "A String", # Time offset of the end of this result relative to the beginning of the audio.
     },
   ],
   "totalBilledTime": "A String", # When available, billed audio seconds for the corresponding request.
diff --git a/docs/dyn/speech_v1p1beta1.projects.locations.phraseSets.html b/docs/dyn/speech_v1p1beta1.projects.locations.phraseSets.html
index bdc0d2dc094..cafc5159841 100644
--- a/docs/dyn/speech_v1p1beta1.projects.locations.phraseSets.html
+++ b/docs/dyn/speech_v1p1beta1.projects.locations.phraseSets.html
@@ -116,7 +116,7 @@ 
Method Details

     "name": "A String", # The resource name of the phrase set.
     "phrases": [ # A list of word and phrases.
       { # A phrases containing words and phrase "hints" so that the speech recognition is more likely to recognize them. This can be used to improve the accuracy for specific words and phrases, for example, if specific commands are typically spoken by the user. This can also be used to add additional words to the vocabulary of the recognizer. See [usage limits](https://cloud.google.com/speech-to-text/quotas#content). List items can also include pre-built or custom classes containing groups of words that represent common concepts that occur in natural language. For example, rather than providing a phrase hint for every month of the year (e.g. "i was born in january", "i was born in febuary", ...), use the pre-built `$MONTH` class improves the likelihood of correctly transcribing audio that includes months (e.g. "i was born in $month"). To refer to pre-built classes, use the class' symbol prepended with `$` e.g. `$MONTH`. To refer to custom classes that were defined inline in the request, set the class's `custom_class_id` to a string unique to all class resources and inline classes. Then use the class' id wrapped in $`{...}` e.g. "${my-months}". To refer to custom classes resources, use the class' id wrapped in `${}` (e.g. `${my-months}`).
-        "boost": 3.14, # Hint Boost. Overrides the boost set at the phrase set level. Positive value will increase the probability that a specific phrase will be recognized over other similar sounding phrases. The higher the boost, the higher the chance of false positive recognition as well. Negative boost values would correspond to anti-biasing. Anti-biasing is not enabled, so negative boost will simply be ignored. Though `boost` can accept a wide range of positive values, most use cases are best served with values between 0 and 20. We recommend using a binary search approach to finding the optimal value for your use case. Speech recognition will skip PhraseSets with a boost value of 0.
+        "boost": 3.14, # Hint Boost. Overrides the boost set at the phrase set level. Positive value will increase the probability that a specific phrase will be recognized over other similar sounding phrases. The higher the boost, the higher the chance of false positive recognition as well. Negative boost will simply be ignored. Though `boost` can accept a wide range of positive values, most use cases are best served with values between 0 and 20. We recommend using a binary search approach to finding the optimal value for your use case. Speech recognition will skip PhraseSets with a boost value of 0.
         "value": "A String", # The phrase itself.
       },
     ],
@@ -137,7 +137,7 @@ 
Method Details

   "name": "A String", # The resource name of the phrase set.
   "phrases": [ # A list of word and phrases.
     { # A phrases containing words and phrase "hints" so that the speech recognition is more likely to recognize them. This can be used to improve the accuracy for specific words and phrases, for example, if specific commands are typically spoken by the user. This can also be used to add additional words to the vocabulary of the recognizer. See [usage limits](https://cloud.google.com/speech-to-text/quotas#content). List items can also include pre-built or custom classes containing groups of words that represent common concepts that occur in natural language. For example, rather than providing a phrase hint for every month of the year (e.g. "i was born in january", "i was born in febuary", ...), use the pre-built `$MONTH` class improves the likelihood of correctly transcribing audio that includes months (e.g. "i was born in $month"). To refer to pre-built classes, use the class' symbol prepended with `$` e.g. `$MONTH`. To refer to custom classes that were defined inline in the request, set the class's `custom_class_id` to a string unique to all class resources and inline classes. Then use the class' id wrapped in $`{...}` e.g. "${my-months}". To refer to custom classes resources, use the class' id wrapped in `${}` (e.g. `${my-months}`).
-      "boost": 3.14, # Hint Boost. Overrides the boost set at the phrase set level. Positive value will increase the probability that a specific phrase will be recognized over other similar sounding phrases. The higher the boost, the higher the chance of false positive recognition as well. Negative boost values would correspond to anti-biasing. Anti-biasing is not enabled, so negative boost will simply be ignored. Though `boost` can accept a wide range of positive values, most use cases are best served with values between 0 and 20. We recommend using a binary search approach to finding the optimal value for your use case. Speech recognition will skip PhraseSets with a boost value of 0.
+      "boost": 3.14, # Hint Boost. Overrides the boost set at the phrase set level. Positive value will increase the probability that a specific phrase will be recognized over other similar sounding phrases. The higher the boost, the higher the chance of false positive recognition as well. Negative boost will simply be ignored. Though `boost` can accept a wide range of positive values, most use cases are best served with values between 0 and 20. We recommend using a binary search approach to finding the optimal value for your use case. Speech recognition will skip PhraseSets with a boost value of 0.
       "value": "A String", # The phrase itself.
     },
   ],
@@ -181,7 +181,7 @@ 
Method Details

   "name": "A String", # The resource name of the phrase set.
   "phrases": [ # A list of word and phrases.
     { # A phrases containing words and phrase "hints" so that the speech recognition is more likely to recognize them. This can be used to improve the accuracy for specific words and phrases, for example, if specific commands are typically spoken by the user. This can also be used to add additional words to the vocabulary of the recognizer. See [usage limits](https://cloud.google.com/speech-to-text/quotas#content). List items can also include pre-built or custom classes containing groups of words that represent common concepts that occur in natural language. For example, rather than providing a phrase hint for every month of the year (e.g. "i was born in january", "i was born in febuary", ...), use the pre-built `$MONTH` class improves the likelihood of correctly transcribing audio that includes months (e.g. "i was born in $month"). To refer to pre-built classes, use the class' symbol prepended with `$` e.g. `$MONTH`. To refer to custom classes that were defined inline in the request, set the class's `custom_class_id` to a string unique to all class resources and inline classes. Then use the class' id wrapped in $`{...}` e.g. "${my-months}". To refer to custom classes resources, use the class' id wrapped in `${}` (e.g. `${my-months}`).
-      "boost": 3.14, # Hint Boost. Overrides the boost set at the phrase set level. Positive value will increase the probability that a specific phrase will be recognized over other similar sounding phrases. The higher the boost, the higher the chance of false positive recognition as well. Negative boost values would correspond to anti-biasing. Anti-biasing is not enabled, so negative boost will simply be ignored. Though `boost` can accept a wide range of positive values, most use cases are best served with values between 0 and 20. We recommend using a binary search approach to finding the optimal value for your use case. Speech recognition will skip PhraseSets with a boost value of 0.
+      "boost": 3.14, # Hint Boost. Overrides the boost set at the phrase set level. Positive value will increase the probability that a specific phrase will be recognized over other similar sounding phrases. The higher the boost, the higher the chance of false positive recognition as well. Negative boost will simply be ignored. Though `boost` can accept a wide range of positive values, most use cases are best served with values between 0 and 20. We recommend using a binary search approach to finding the optimal value for your use case. Speech recognition will skip PhraseSets with a boost value of 0.
       "value": "A String", # The phrase itself.
     },
   ],
@@ -212,7 +212,7 @@ 
Method Details

       "name": "A String", # The resource name of the phrase set.
       "phrases": [ # A list of word and phrases.
         { # A phrases containing words and phrase "hints" so that the speech recognition is more likely to recognize them. This can be used to improve the accuracy for specific words and phrases, for example, if specific commands are typically spoken by the user. This can also be used to add additional words to the vocabulary of the recognizer. See [usage limits](https://cloud.google.com/speech-to-text/quotas#content). List items can also include pre-built or custom classes containing groups of words that represent common concepts that occur in natural language. For example, rather than providing a phrase hint for every month of the year (e.g. "i was born in january", "i was born in febuary", ...), use the pre-built `$MONTH` class improves the likelihood of correctly transcribing audio that includes months (e.g. "i was born in $month"). To refer to pre-built classes, use the class' symbol prepended with `$` e.g. `$MONTH`. To refer to custom classes that were defined inline in the request, set the class's `custom_class_id` to a string unique to all class resources and inline classes. Then use the class' id wrapped in $`{...}` e.g. "${my-months}". To refer to custom classes resources, use the class' id wrapped in `${}` (e.g. `${my-months}`).
-          "boost": 3.14, # Hint Boost. Overrides the boost set at the phrase set level. Positive value will increase the probability that a specific phrase will be recognized over other similar sounding phrases. The higher the boost, the higher the chance of false positive recognition as well. Negative boost values would correspond to anti-biasing. Anti-biasing is not enabled, so negative boost will simply be ignored. Though `boost` can accept a wide range of positive values, most use cases are best served with values between 0 and 20. We recommend using a binary search approach to finding the optimal value for your use case. Speech recognition will skip PhraseSets with a boost value of 0.
+          "boost": 3.14, # Hint Boost. Overrides the boost set at the phrase set level. Positive value will increase the probability that a specific phrase will be recognized over other similar sounding phrases. The higher the boost, the higher the chance of false positive recognition as well. Negative boost will simply be ignored. Though `boost` can accept a wide range of positive values, most use cases are best served with values between 0 and 20. We recommend using a binary search approach to finding the optimal value for your use case. Speech recognition will skip PhraseSets with a boost value of 0.
           "value": "A String", # The phrase itself.
         },
       ],
@@ -249,7 +249,7 @@ 
Method Details

   "name": "A String", # The resource name of the phrase set.
   "phrases": [ # A list of word and phrases.
     { # A phrases containing words and phrase "hints" so that the speech recognition is more likely to recognize them. This can be used to improve the accuracy for specific words and phrases, for example, if specific commands are typically spoken by the user. This can also be used to add additional words to the vocabulary of the recognizer. See [usage limits](https://cloud.google.com/speech-to-text/quotas#content). List items can also include pre-built or custom classes containing groups of words that represent common concepts that occur in natural language. For example, rather than providing a phrase hint for every month of the year (e.g. "i was born in january", "i was born in febuary", ...), use the pre-built `$MONTH` class improves the likelihood of correctly transcribing audio that includes months (e.g. "i was born in $month"). To refer to pre-built classes, use the class' symbol prepended with `$` e.g. `$MONTH`. To refer to custom classes that were defined inline in the request, set the class's `custom_class_id` to a string unique to all class resources and inline classes. Then use the class' id wrapped in $`{...}` e.g. "${my-months}". To refer to custom classes resources, use the class' id wrapped in `${}` (e.g. `${my-months}`).
-      "boost": 3.14, # Hint Boost. Overrides the boost set at the phrase set level. Positive value will increase the probability that a specific phrase will be recognized over other similar sounding phrases. The higher the boost, the higher the chance of false positive recognition as well. Negative boost values would correspond to anti-biasing. Anti-biasing is not enabled, so negative boost will simply be ignored. Though `boost` can accept a wide range of positive values, most use cases are best served with values between 0 and 20. We recommend using a binary search approach to finding the optimal value for your use case. Speech recognition will skip PhraseSets with a boost value of 0.
+      "boost": 3.14, # Hint Boost. Overrides the boost set at the phrase set level. Positive value will increase the probability that a specific phrase will be recognized over other similar sounding phrases. The higher the boost, the higher the chance of false positive recognition as well. Negative boost will simply be ignored. Though `boost` can accept a wide range of positive values, most use cases are best served with values between 0 and 20. We recommend using a binary search approach to finding the optimal value for your use case. Speech recognition will skip PhraseSets with a boost value of 0.
       "value": "A String", # The phrase itself.
     },
   ],
@@ -269,7 +269,7 @@ 
Method Details

   "name": "A String", # The resource name of the phrase set.
   "phrases": [ # A list of word and phrases.
     { # A phrases containing words and phrase "hints" so that the speech recognition is more likely to recognize them. This can be used to improve the accuracy for specific words and phrases, for example, if specific commands are typically spoken by the user. This can also be used to add additional words to the vocabulary of the recognizer. See [usage limits](https://cloud.google.com/speech-to-text/quotas#content). List items can also include pre-built or custom classes containing groups of words that represent common concepts that occur in natural language. For example, rather than providing a phrase hint for every month of the year (e.g. "i was born in january", "i was born in febuary", ...), use the pre-built `$MONTH` class improves the likelihood of correctly transcribing audio that includes months (e.g. "i was born in $month"). To refer to pre-built classes, use the class' symbol prepended with `$` e.g. `$MONTH`. To refer to custom classes that were defined inline in the request, set the class's `custom_class_id` to a string unique to all class resources and inline classes. Then use the class' id wrapped in $`{...}` e.g. "${my-months}". To refer to custom classes resources, use the class' id wrapped in `${}` (e.g. `${my-months}`).
-      "boost": 3.14, # Hint Boost. Overrides the boost set at the phrase set level. Positive value will increase the probability that a specific phrase will be recognized over other similar sounding phrases. The higher the boost, the higher the chance of false positive recognition as well. Negative boost values would correspond to anti-biasing. Anti-biasing is not enabled, so negative boost will simply be ignored. Though `boost` can accept a wide range of positive values, most use cases are best served with values between 0 and 20. We recommend using a binary search approach to finding the optimal value for your use case. Speech recognition will skip PhraseSets with a boost value of 0.
+      "boost": 3.14, # Hint Boost. Overrides the boost set at the phrase set level. Positive value will increase the probability that a specific phrase will be recognized over other similar sounding phrases. The higher the boost, the higher the chance of false positive recognition as well. Negative boost will simply be ignored. Though `boost` can accept a wide range of positive values, most use cases are best served with values between 0 and 20. We recommend using a binary search approach to finding the optimal value for your use case. Speech recognition will skip PhraseSets with a boost value of 0.
       "value": "A String", # The phrase itself.
     },
   ],
diff --git a/docs/dyn/speech_v1p1beta1.speech.html b/docs/dyn/speech_v1p1beta1.speech.html
index 6a2316ecf90..bb77766a18b 100644
--- a/docs/dyn/speech_v1p1beta1.speech.html
+++ b/docs/dyn/speech_v1p1beta1.speech.html
@@ -103,7 +103,7 @@ 
Method Details

     "uri": "A String", # URI that points to a file that contains audio data bytes as specified in `RecognitionConfig`. The file must not be compressed (for example, gzip). Currently, only Google Cloud Storage URIs are supported, which must be specified in the following format: `gs://bucket_name/object_name` (other URI formats return google.rpc.Code.INVALID_ARGUMENT). For more information, see [Request URIs](https://cloud.google.com/storage/docs/reference-uris).
   },
   "config": { # Provides information to the recognizer that specifies how to process the request. # Required. Provides information to the recognizer that specifies how to process the request.
-    "adaptation": { # Speech adaptation configuration. # Speech adaptation configuration improves the accuracy of speech recognition. When speech adaptation is set it supersedes the `speech_contexts` field. For more information, see the [speech adaptation](https://cloud.google.com/speech-to-text/docs/adaptation) documentation.
+    "adaptation": { # Speech adaptation configuration. # Speech adaptation configuration improves the accuracy of speech recognition. For more information, see the [speech adaptation](https://cloud.google.com/speech-to-text/docs/adaptation) documentation. When speech adaptation is set it supersedes the `speech_contexts` field.
       "customClasses": [ # A collection of custom classes. To specify the classes inline, leave the class' `name` blank and fill in the rest of its fields, giving it a unique `custom_class_id`. Refer to the inline defined class in phrase hints by its `custom_class_id`.
         { # A set of words or phrases that represents a common concept likely to appear in your audio, for example a list of passenger ship names. CustomClass items can be substituted into placeholders that you set in PhraseSet phrases.
           "customClassId": "A String", # If this custom class is a resource, the custom_class_id is the resource id of the CustomClass. Case sensitive.
@@ -124,7 +124,7 @@ 
Method Details

           "name": "A String", # The resource name of the phrase set.
           "phrases": [ # A list of word and phrases.
             { # A phrases containing words and phrase "hints" so that the speech recognition is more likely to recognize them. This can be used to improve the accuracy for specific words and phrases, for example, if specific commands are typically spoken by the user. This can also be used to add additional words to the vocabulary of the recognizer. See [usage limits](https://cloud.google.com/speech-to-text/quotas#content). List items can also include pre-built or custom classes containing groups of words that represent common concepts that occur in natural language. For example, rather than providing a phrase hint for every month of the year (e.g. "i was born in january", "i was born in febuary", ...), use the pre-built `$MONTH` class improves the likelihood of correctly transcribing audio that includes months (e.g. "i was born in $month"). To refer to pre-built classes, use the class' symbol prepended with `$` e.g. `$MONTH`. To refer to custom classes that were defined inline in the request, set the class's `custom_class_id` to a string unique to all class resources and inline classes. Then use the class' id wrapped in $`{...}` e.g. "${my-months}". To refer to custom classes resources, use the class' id wrapped in `${}` (e.g. `${my-months}`).
-              "boost": 3.14, # Hint Boost. Overrides the boost set at the phrase set level. Positive value will increase the probability that a specific phrase will be recognized over other similar sounding phrases. The higher the boost, the higher the chance of false positive recognition as well. Negative boost values would correspond to anti-biasing. Anti-biasing is not enabled, so negative boost will simply be ignored. Though `boost` can accept a wide range of positive values, most use cases are best served with values between 0 and 20. We recommend using a binary search approach to finding the optimal value for your use case. Speech recognition will skip PhraseSets with a boost value of 0.
+              "boost": 3.14, # Hint Boost. Overrides the boost set at the phrase set level. Positive value will increase the probability that a specific phrase will be recognized over other similar sounding phrases. The higher the boost, the higher the chance of false positive recognition as well. Negative boost will simply be ignored. Though `boost` can accept a wide range of positive values, most use cases are best served with values between 0 and 20. We recommend using a binary search approach to finding the optimal value for your use case. Speech recognition will skip PhraseSets with a boost value of 0.
               "value": "A String", # The phrase itself.
             },
           ],
@@ -233,7 +233,7 @@ 
Method Details

     "uri": "A String", # URI that points to a file that contains audio data bytes as specified in `RecognitionConfig`. The file must not be compressed (for example, gzip). Currently, only Google Cloud Storage URIs are supported, which must be specified in the following format: `gs://bucket_name/object_name` (other URI formats return google.rpc.Code.INVALID_ARGUMENT). For more information, see [Request URIs](https://cloud.google.com/storage/docs/reference-uris).
   },
   "config": { # Provides information to the recognizer that specifies how to process the request. # Required. Provides information to the recognizer that specifies how to process the request.
-    "adaptation": { # Speech adaptation configuration. # Speech adaptation configuration improves the accuracy of speech recognition. When speech adaptation is set it supersedes the `speech_contexts` field. For more information, see the [speech adaptation](https://cloud.google.com/speech-to-text/docs/adaptation) documentation.
+    "adaptation": { # Speech adaptation configuration. # Speech adaptation configuration improves the accuracy of speech recognition. For more information, see the [speech adaptation](https://cloud.google.com/speech-to-text/docs/adaptation) documentation. When speech adaptation is set it supersedes the `speech_contexts` field.
       "customClasses": [ # A collection of custom classes. To specify the classes inline, leave the class' `name` blank and fill in the rest of its fields, giving it a unique `custom_class_id`. Refer to the inline defined class in phrase hints by its `custom_class_id`.
         { # A set of words or phrases that represents a common concept likely to appear in your audio, for example a list of passenger ship names. CustomClass items can be substituted into placeholders that you set in PhraseSet phrases.
           "customClassId": "A String", # If this custom class is a resource, the custom_class_id is the resource id of the CustomClass. Case sensitive.
@@ -254,7 +254,7 @@ 
Method Details

           "name": "A String", # The resource name of the phrase set.
           "phrases": [ # A list of word and phrases.
             { # A phrases containing words and phrase "hints" so that the speech recognition is more likely to recognize them. This can be used to improve the accuracy for specific words and phrases, for example, if specific commands are typically spoken by the user. This can also be used to add additional words to the vocabulary of the recognizer. See [usage limits](https://cloud.google.com/speech-to-text/quotas#content). List items can also include pre-built or custom classes containing groups of words that represent common concepts that occur in natural language. For example, rather than providing a phrase hint for every month of the year (e.g. "i was born in january", "i was born in febuary", ...), use the pre-built `$MONTH` class improves the likelihood of correctly transcribing audio that includes months (e.g. "i was born in $month"). To refer to pre-built classes, use the class' symbol prepended with `$` e.g. `$MONTH`. To refer to custom classes that were defined inline in the request, set the class's `custom_class_id` to a string unique to all class resources and inline classes. Then use the class' id wrapped in $`{...}` e.g. "${my-months}". To refer to custom classes resources, use the class' id wrapped in `${}` (e.g. `${my-months}`).
-              "boost": 3.14, # Hint Boost. Overrides the boost set at the phrase set level. Positive value will increase the probability that a specific phrase will be recognized over other similar sounding phrases. The higher the boost, the higher the chance of false positive recognition as well. Negative boost values would correspond to anti-biasing. Anti-biasing is not enabled, so negative boost will simply be ignored. Though `boost` can accept a wide range of positive values, most use cases are best served with values between 0 and 20. We recommend using a binary search approach to finding the optimal value for your use case. Speech recognition will skip PhraseSets with a boost value of 0.
+              "boost": 3.14, # Hint Boost. Overrides the boost set at the phrase set level. Positive value will increase the probability that a specific phrase will be recognized over other similar sounding phrases. The higher the boost, the higher the chance of false positive recognition as well. Negative boost will simply be ignored. Though `boost` can accept a wide range of positive values, most use cases are best served with values between 0 and 20. We recommend using a binary search approach to finding the optimal value for your use case. Speech recognition will skip PhraseSets with a boost value of 0.
               "value": "A String", # The phrase itself.
             },
           ],
@@ -345,6 +345,7 @@ 
Method Details

       ],
       "channelTag": 42, # For multi-channel audio, this is the channel number corresponding to the recognized result for the audio from that channel. For audio_channel_count = N, its output values can range from '1' to 'N'.
       "languageCode": "A String", # Output only. The [BCP-47](https://www.rfc-editor.org/rfc/bcp/bcp47.txt) language tag of the language in this result. This language code was detected to have the most likelihood of being spoken in the audio.
+      "resultEndTime": "A String", # Time offset of the end of this result relative to the beginning of the audio.
     },
   ],
   "totalBilledTime": "A String", # When available, billed audio seconds for the corresponding request.
diff --git a/docs/dyn/sqladmin_v1.backupRuns.html b/docs/dyn/sqladmin_v1.backupRuns.html
index 2b2a1e7bfe4..d6cc0d7c06f 100644
--- a/docs/dyn/sqladmin_v1.backupRuns.html
+++ b/docs/dyn/sqladmin_v1.backupRuns.html
@@ -138,15 +138,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -185,7 +185,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
@@ -310,15 +310,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -357,7 +357,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
diff --git a/docs/dyn/sqladmin_v1.databases.html b/docs/dyn/sqladmin_v1.databases.html
index 7a8c0f867e6..298e9eff64d 100644
--- a/docs/dyn/sqladmin_v1.databases.html
+++ b/docs/dyn/sqladmin_v1.databases.html
@@ -141,15 +141,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -188,7 +188,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
@@ -285,15 +285,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -332,7 +332,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
@@ -434,15 +434,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -481,7 +481,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
@@ -547,15 +547,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -594,7 +594,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
diff --git a/docs/dyn/sqladmin_v1.instances.html b/docs/dyn/sqladmin_v1.instances.html
index 5855bbe970b..0c0d47ba7ce 100644
--- a/docs/dyn/sqladmin_v1.instances.html
+++ b/docs/dyn/sqladmin_v1.instances.html
@@ -183,15 +183,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -230,7 +230,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
@@ -294,15 +294,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -341,7 +341,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
@@ -393,15 +393,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -440,7 +440,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
@@ -510,15 +510,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -557,7 +557,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
@@ -584,15 +584,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -635,15 +635,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -682,7 +682,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
@@ -739,15 +739,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -786,7 +786,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
@@ -814,6 +814,7 @@ 
Method Details

   "connectionName": "A String", # Connection name of the Cloud SQL instance used in connection strings.
   "createTime": "A String", # Output only. The time when the instance was created in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
   "currentDiskSize": "A String", # The current disk usage of the instance in bytes. This property has been deprecated. Use the "cloudsql.googleapis.com/database/disk/bytes_used" metric in Cloud Monitoring API instead. Please see [this announcement](https://groups.google.com/d/msg/google-cloud-sql-announce/I_7-F9EBhT0/BtvFtdFeAgAJ) for details.
+  "databaseInstalledVersion": "A String", # Output only. The databaseInstalledVersion stores the current fully resolved database version running on the instance including minor version such as MYSQL_5_6_50
   "databaseVersion": "A String", # The database engine type and version. The **databaseVersion** field cannot be changed after instance creation.
   "diskEncryptionConfiguration": { # Disk encryption configuration for an instance. # Disk encryption configuration specific to an instance.
     "kind": "A String", # This is always **sql#diskEncryptionConfiguration**.
@@ -829,7 +830,7 @@ 
Method Details

     "name": "A String", # The name of the failover replica. If specified at instance creation, a failover replica is created for the instance. The name doesn't include the project ID.
   },
   "gceZone": "A String", # The Compute Engine zone that the instance is currently serving from. This value could be different from the zone that was specified when the instance was created if the instance has failed over to its secondary zone.
-  "instanceType": "A String", # The instance type. This can be one of the following: * **CLOUD_SQL_INSTANCE**: A Cloud SQL instance that is not replicating from a primary instance. * **ON_PREMISES_INSTANCE**: An instance running on the customer's premises. * **READ_REPLICA_INSTANCE**: A Cloud SQL instance configured as a read-replica.
+  "instanceType": "A String", # The instance type.
   "ipAddresses": [ # The assigned IP addresses for the instance.
     { # Database instance IP Mapping.
       "ipAddress": "A String", # The IP address assigned.
@@ -955,7 +956,7 @@ 
Method Details

       "recordClientAddress": True or False, # Whether Query Insights will record client address when enabled.
     },
     "ipConfiguration": { # IP Management configuration. # The settings for IP Management. This allows to enable or disable the instance IP and manage which external networks can connect to the instance. The IPv4 address cannot be disabled for Second Generation instances.
-      "allocatedIpRange": "A String", # The name of the allocated ip range for the private ip CloudSQL instance. For example: "google-managed-services-default". If set, the instance ip will be created in the allocated range. The range name must comply with [RFC 1035](https://tools.ietf.org/html/rfc1035). Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?.` Reserved for future use.
+      "allocatedIpRange": "A String", # The name of the allocated ip range for the private ip CloudSQL instance. For example: "google-managed-services-default". If set, the instance ip will be created in the allocated range. The range name must comply with [RFC 1035](https://tools.ietf.org/html/rfc1035). Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?.`
       "authorizedNetworks": [ # The list of external networks that are allowed to connect to the instance using the IP. In 'CIDR' notation, also known as 'slash' notation (for example: **192.168.100.0/24**).
         { # An entry for an Access Control list.
           "expirationTime": "A String", # The time when this access control entry expires in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
@@ -981,6 +982,13 @@ 
Method Details

       "kind": "A String", # This is always **sql#maintenanceWindow**.
       "updateTrack": "A String", # Maintenance timing setting: **canary** (Earlier) or **stable** (Later). [Learn more](https://cloud.google.com/sql/docs/mysql/instance-settings#maintenance-timing-2ndgen).
     },
+    "passwordValidationPolicy": { # Database instance local user password validation policy # The local user password validation policy of the instance.
+      "complexity": "A String", # The complexity of the password.
+      "disallowUsernameSubstring": True or False, # Disallow username as a part of the password.
+      "minLength": 42, # Minimum number of characters allowed.
+      "passwordChangeInterval": "A String", # Minimum interval after which the password can be changed.
+      "reuseInterval": 42, # Number of previous passwords that cannot be reused.
+    },
     "pricingPlan": "A String", # The pricing plan for this instance. This can be either **PER_USE** or **PACKAGE**. Only **PER_USE** is supported for Second Generation instances.
     "replicationType": "A String", # The type of replication this instance uses. This can be either **ASYNCHRONOUS** or **SYNCHRONOUS**. (Deprecated) This property was only applicable to First Generation instances.
     "settingsVersion": "A String", # The version of instance settings. This is a required field for update method to make sure concurrent updates are handled properly. During update, use the most recent settingsVersion value for this instance and do not try to update this value.
@@ -1071,15 +1079,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -1118,7 +1126,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
@@ -1140,6 +1148,7 @@ 
Method Details

   "connectionName": "A String", # Connection name of the Cloud SQL instance used in connection strings.
   "createTime": "A String", # Output only. The time when the instance was created in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
   "currentDiskSize": "A String", # The current disk usage of the instance in bytes. This property has been deprecated. Use the "cloudsql.googleapis.com/database/disk/bytes_used" metric in Cloud Monitoring API instead. Please see [this announcement](https://groups.google.com/d/msg/google-cloud-sql-announce/I_7-F9EBhT0/BtvFtdFeAgAJ) for details.
+  "databaseInstalledVersion": "A String", # Output only. The databaseInstalledVersion stores the current fully resolved database version running on the instance including minor version such as MYSQL_5_6_50
   "databaseVersion": "A String", # The database engine type and version. The **databaseVersion** field cannot be changed after instance creation.
   "diskEncryptionConfiguration": { # Disk encryption configuration for an instance. # Disk encryption configuration specific to an instance.
     "kind": "A String", # This is always **sql#diskEncryptionConfiguration**.
@@ -1155,7 +1164,7 @@ 
Method Details

     "name": "A String", # The name of the failover replica. If specified at instance creation, a failover replica is created for the instance. The name doesn't include the project ID.
   },
   "gceZone": "A String", # The Compute Engine zone that the instance is currently serving from. This value could be different from the zone that was specified when the instance was created if the instance has failed over to its secondary zone.
-  "instanceType": "A String", # The instance type. This can be one of the following: * **CLOUD_SQL_INSTANCE**: A Cloud SQL instance that is not replicating from a primary instance. * **ON_PREMISES_INSTANCE**: An instance running on the customer's premises. * **READ_REPLICA_INSTANCE**: A Cloud SQL instance configured as a read-replica.
+  "instanceType": "A String", # The instance type.
   "ipAddresses": [ # The assigned IP addresses for the instance.
     { # Database instance IP Mapping.
       "ipAddress": "A String", # The IP address assigned.
@@ -1281,7 +1290,7 @@ 
Method Details

       "recordClientAddress": True or False, # Whether Query Insights will record client address when enabled.
     },
     "ipConfiguration": { # IP Management configuration. # The settings for IP Management. This allows to enable or disable the instance IP and manage which external networks can connect to the instance. The IPv4 address cannot be disabled for Second Generation instances.
-      "allocatedIpRange": "A String", # The name of the allocated ip range for the private ip CloudSQL instance. For example: "google-managed-services-default". If set, the instance ip will be created in the allocated range. The range name must comply with [RFC 1035](https://tools.ietf.org/html/rfc1035). Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?.` Reserved for future use.
+      "allocatedIpRange": "A String", # The name of the allocated ip range for the private ip CloudSQL instance. For example: "google-managed-services-default". If set, the instance ip will be created in the allocated range. The range name must comply with [RFC 1035](https://tools.ietf.org/html/rfc1035). Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?.`
       "authorizedNetworks": [ # The list of external networks that are allowed to connect to the instance using the IP. In 'CIDR' notation, also known as 'slash' notation (for example: **192.168.100.0/24**).
         { # An entry for an Access Control list.
           "expirationTime": "A String", # The time when this access control entry expires in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
@@ -1307,6 +1316,13 @@ 
Method Details

       "kind": "A String", # This is always **sql#maintenanceWindow**.
       "updateTrack": "A String", # Maintenance timing setting: **canary** (Earlier) or **stable** (Later). [Learn more](https://cloud.google.com/sql/docs/mysql/instance-settings#maintenance-timing-2ndgen).
     },
+    "passwordValidationPolicy": { # Database instance local user password validation policy # The local user password validation policy of the instance.
+      "complexity": "A String", # The complexity of the password.
+      "disallowUsernameSubstring": True or False, # Disallow username as a part of the password.
+      "minLength": 42, # Minimum number of characters allowed.
+      "passwordChangeInterval": "A String", # Minimum interval after which the password can be changed.
+      "reuseInterval": 42, # Number of previous passwords that cannot be reused.
+    },
     "pricingPlan": "A String", # The pricing plan for this instance. This can be either **PER_USE** or **PACKAGE**. Only **PER_USE** is supported for Second Generation instances.
     "replicationType": "A String", # The type of replication this instance uses. This can be either **ASYNCHRONOUS** or **SYNCHRONOUS**. (Deprecated) This property was only applicable to First Generation instances.
     "settingsVersion": "A String", # The version of instance settings. This is a required field for update method to make sure concurrent updates are handled properly. During update, use the most recent settingsVersion value for this instance and do not try to update this value.
@@ -1359,15 +1375,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -1406,7 +1422,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
@@ -1438,6 +1454,7 @@ 
Method Details

       "connectionName": "A String", # Connection name of the Cloud SQL instance used in connection strings.
       "createTime": "A String", # Output only. The time when the instance was created in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
       "currentDiskSize": "A String", # The current disk usage of the instance in bytes. This property has been deprecated. Use the "cloudsql.googleapis.com/database/disk/bytes_used" metric in Cloud Monitoring API instead. Please see [this announcement](https://groups.google.com/d/msg/google-cloud-sql-announce/I_7-F9EBhT0/BtvFtdFeAgAJ) for details.
+      "databaseInstalledVersion": "A String", # Output only. The databaseInstalledVersion stores the current fully resolved database version running on the instance including minor version such as MYSQL_5_6_50
       "databaseVersion": "A String", # The database engine type and version. The **databaseVersion** field cannot be changed after instance creation.
       "diskEncryptionConfiguration": { # Disk encryption configuration for an instance. # Disk encryption configuration specific to an instance.
         "kind": "A String", # This is always **sql#diskEncryptionConfiguration**.
@@ -1453,7 +1470,7 @@ 
Method Details

         "name": "A String", # The name of the failover replica. If specified at instance creation, a failover replica is created for the instance. The name doesn't include the project ID.
       },
       "gceZone": "A String", # The Compute Engine zone that the instance is currently serving from. This value could be different from the zone that was specified when the instance was created if the instance has failed over to its secondary zone.
-      "instanceType": "A String", # The instance type. This can be one of the following: * **CLOUD_SQL_INSTANCE**: A Cloud SQL instance that is not replicating from a primary instance. * **ON_PREMISES_INSTANCE**: An instance running on the customer's premises. * **READ_REPLICA_INSTANCE**: A Cloud SQL instance configured as a read-replica.
+      "instanceType": "A String", # The instance type.
       "ipAddresses": [ # The assigned IP addresses for the instance.
         { # Database instance IP Mapping.
           "ipAddress": "A String", # The IP address assigned.
@@ -1579,7 +1596,7 @@ 
Method Details

           "recordClientAddress": True or False, # Whether Query Insights will record client address when enabled.
         },
         "ipConfiguration": { # IP Management configuration. # The settings for IP Management. This allows to enable or disable the instance IP and manage which external networks can connect to the instance. The IPv4 address cannot be disabled for Second Generation instances.
-          "allocatedIpRange": "A String", # The name of the allocated ip range for the private ip CloudSQL instance. For example: "google-managed-services-default". If set, the instance ip will be created in the allocated range. The range name must comply with [RFC 1035](https://tools.ietf.org/html/rfc1035). Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?.` Reserved for future use.
+          "allocatedIpRange": "A String", # The name of the allocated ip range for the private ip CloudSQL instance. For example: "google-managed-services-default". If set, the instance ip will be created in the allocated range. The range name must comply with [RFC 1035](https://tools.ietf.org/html/rfc1035). Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?.`
           "authorizedNetworks": [ # The list of external networks that are allowed to connect to the instance using the IP. In 'CIDR' notation, also known as 'slash' notation (for example: **192.168.100.0/24**).
             { # An entry for an Access Control list.
               "expirationTime": "A String", # The time when this access control entry expires in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
@@ -1605,6 +1622,13 @@ 
Method Details

           "kind": "A String", # This is always **sql#maintenanceWindow**.
           "updateTrack": "A String", # Maintenance timing setting: **canary** (Earlier) or **stable** (Later). [Learn more](https://cloud.google.com/sql/docs/mysql/instance-settings#maintenance-timing-2ndgen).
         },
+        "passwordValidationPolicy": { # Database instance local user password validation policy # The local user password validation policy of the instance.
+          "complexity": "A String", # The complexity of the password.
+          "disallowUsernameSubstring": True or False, # Disallow username as a part of the password.
+          "minLength": 42, # Minimum number of characters allowed.
+          "passwordChangeInterval": "A String", # Minimum interval after which the password can be changed.
+          "reuseInterval": 42, # Number of previous passwords that cannot be reused.
+        },
         "pricingPlan": "A String", # The pricing plan for this instance. This can be either **PER_USE** or **PACKAGE**. Only **PER_USE** is supported for Second Generation instances.
         "replicationType": "A String", # The type of replication this instance uses. This can be either **ASYNCHRONOUS** or **SYNCHRONOUS**. (Deprecated) This property was only applicable to First Generation instances.
         "settingsVersion": "A String", # The version of instance settings. This is a required field for update method to make sure concurrent updates are handled properly. During update, use the most recent settingsVersion value for this instance and do not try to update this value.
@@ -1700,6 +1724,7 @@ 
Method Details

   "connectionName": "A String", # Connection name of the Cloud SQL instance used in connection strings.
   "createTime": "A String", # Output only. The time when the instance was created in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
   "currentDiskSize": "A String", # The current disk usage of the instance in bytes. This property has been deprecated. Use the "cloudsql.googleapis.com/database/disk/bytes_used" metric in Cloud Monitoring API instead. Please see [this announcement](https://groups.google.com/d/msg/google-cloud-sql-announce/I_7-F9EBhT0/BtvFtdFeAgAJ) for details.
+  "databaseInstalledVersion": "A String", # Output only. The databaseInstalledVersion stores the current fully resolved database version running on the instance including minor version such as MYSQL_5_6_50
   "databaseVersion": "A String", # The database engine type and version. The **databaseVersion** field cannot be changed after instance creation.
   "diskEncryptionConfiguration": { # Disk encryption configuration for an instance. # Disk encryption configuration specific to an instance.
     "kind": "A String", # This is always **sql#diskEncryptionConfiguration**.
@@ -1715,7 +1740,7 @@ 
Method Details

     "name": "A String", # The name of the failover replica. If specified at instance creation, a failover replica is created for the instance. The name doesn't include the project ID.
   },
   "gceZone": "A String", # The Compute Engine zone that the instance is currently serving from. This value could be different from the zone that was specified when the instance was created if the instance has failed over to its secondary zone.
-  "instanceType": "A String", # The instance type. This can be one of the following: * **CLOUD_SQL_INSTANCE**: A Cloud SQL instance that is not replicating from a primary instance. * **ON_PREMISES_INSTANCE**: An instance running on the customer's premises. * **READ_REPLICA_INSTANCE**: A Cloud SQL instance configured as a read-replica.
+  "instanceType": "A String", # The instance type.
   "ipAddresses": [ # The assigned IP addresses for the instance.
     { # Database instance IP Mapping.
       "ipAddress": "A String", # The IP address assigned.
@@ -1841,7 +1866,7 @@ 
Method Details

       "recordClientAddress": True or False, # Whether Query Insights will record client address when enabled.
     },
     "ipConfiguration": { # IP Management configuration. # The settings for IP Management. This allows to enable or disable the instance IP and manage which external networks can connect to the instance. The IPv4 address cannot be disabled for Second Generation instances.
-      "allocatedIpRange": "A String", # The name of the allocated ip range for the private ip CloudSQL instance. For example: "google-managed-services-default". If set, the instance ip will be created in the allocated range. The range name must comply with [RFC 1035](https://tools.ietf.org/html/rfc1035). Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?.` Reserved for future use.
+      "allocatedIpRange": "A String", # The name of the allocated ip range for the private ip CloudSQL instance. For example: "google-managed-services-default". If set, the instance ip will be created in the allocated range. The range name must comply with [RFC 1035](https://tools.ietf.org/html/rfc1035). Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?.`
       "authorizedNetworks": [ # The list of external networks that are allowed to connect to the instance using the IP. In 'CIDR' notation, also known as 'slash' notation (for example: **192.168.100.0/24**).
         { # An entry for an Access Control list.
           "expirationTime": "A String", # The time when this access control entry expires in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
@@ -1867,6 +1892,13 @@ 
Method Details

       "kind": "A String", # This is always **sql#maintenanceWindow**.
       "updateTrack": "A String", # Maintenance timing setting: **canary** (Earlier) or **stable** (Later). [Learn more](https://cloud.google.com/sql/docs/mysql/instance-settings#maintenance-timing-2ndgen).
     },
+    "passwordValidationPolicy": { # Database instance local user password validation policy # The local user password validation policy of the instance.
+      "complexity": "A String", # The complexity of the password.
+      "disallowUsernameSubstring": True or False, # Disallow username as a part of the password.
+      "minLength": 42, # Minimum number of characters allowed.
+      "passwordChangeInterval": "A String", # Minimum interval after which the password can be changed.
+      "reuseInterval": 42, # Number of previous passwords that cannot be reused.
+    },
     "pricingPlan": "A String", # The pricing plan for this instance. This can be either **PER_USE** or **PACKAGE**. Only **PER_USE** is supported for Second Generation instances.
     "replicationType": "A String", # The type of replication this instance uses. This can be either **ASYNCHRONOUS** or **SYNCHRONOUS**. (Deprecated) This property was only applicable to First Generation instances.
     "settingsVersion": "A String", # The version of instance settings. This is a required field for update method to make sure concurrent updates are handled properly. During update, use the most recent settingsVersion value for this instance and do not try to update this value.
@@ -1919,15 +1951,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -1966,7 +1998,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
@@ -2013,15 +2045,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -2060,7 +2092,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
@@ -2107,15 +2139,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -2154,7 +2186,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
@@ -2201,15 +2233,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -2248,7 +2280,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
@@ -2307,15 +2339,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -2354,7 +2386,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
@@ -2411,15 +2443,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -2458,7 +2490,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
@@ -2505,15 +2537,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -2552,7 +2584,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
@@ -2599,15 +2631,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -2646,7 +2678,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
@@ -2703,15 +2735,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -2750,7 +2782,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
@@ -2773,6 +2805,7 @@ 
Method Details

   "connectionName": "A String", # Connection name of the Cloud SQL instance used in connection strings.
   "createTime": "A String", # Output only. The time when the instance was created in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
   "currentDiskSize": "A String", # The current disk usage of the instance in bytes. This property has been deprecated. Use the "cloudsql.googleapis.com/database/disk/bytes_used" metric in Cloud Monitoring API instead. Please see [this announcement](https://groups.google.com/d/msg/google-cloud-sql-announce/I_7-F9EBhT0/BtvFtdFeAgAJ) for details.
+  "databaseInstalledVersion": "A String", # Output only. The databaseInstalledVersion stores the current fully resolved database version running on the instance including minor version such as MYSQL_5_6_50
   "databaseVersion": "A String", # The database engine type and version. The **databaseVersion** field cannot be changed after instance creation.
   "diskEncryptionConfiguration": { # Disk encryption configuration for an instance. # Disk encryption configuration specific to an instance.
     "kind": "A String", # This is always **sql#diskEncryptionConfiguration**.
@@ -2788,7 +2821,7 @@ 
Method Details

     "name": "A String", # The name of the failover replica. If specified at instance creation, a failover replica is created for the instance. The name doesn't include the project ID.
   },
   "gceZone": "A String", # The Compute Engine zone that the instance is currently serving from. This value could be different from the zone that was specified when the instance was created if the instance has failed over to its secondary zone.
-  "instanceType": "A String", # The instance type. This can be one of the following: * **CLOUD_SQL_INSTANCE**: A Cloud SQL instance that is not replicating from a primary instance. * **ON_PREMISES_INSTANCE**: An instance running on the customer's premises. * **READ_REPLICA_INSTANCE**: A Cloud SQL instance configured as a read-replica.
+  "instanceType": "A String", # The instance type.
   "ipAddresses": [ # The assigned IP addresses for the instance.
     { # Database instance IP Mapping.
       "ipAddress": "A String", # The IP address assigned.
@@ -2914,7 +2947,7 @@ 
Method Details

       "recordClientAddress": True or False, # Whether Query Insights will record client address when enabled.
     },
     "ipConfiguration": { # IP Management configuration. # The settings for IP Management. This allows to enable or disable the instance IP and manage which external networks can connect to the instance. The IPv4 address cannot be disabled for Second Generation instances.
-      "allocatedIpRange": "A String", # The name of the allocated ip range for the private ip CloudSQL instance. For example: "google-managed-services-default". If set, the instance ip will be created in the allocated range. The range name must comply with [RFC 1035](https://tools.ietf.org/html/rfc1035). Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?.` Reserved for future use.
+      "allocatedIpRange": "A String", # The name of the allocated ip range for the private ip CloudSQL instance. For example: "google-managed-services-default". If set, the instance ip will be created in the allocated range. The range name must comply with [RFC 1035](https://tools.ietf.org/html/rfc1035). Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?.`
       "authorizedNetworks": [ # The list of external networks that are allowed to connect to the instance using the IP. In 'CIDR' notation, also known as 'slash' notation (for example: **192.168.100.0/24**).
         { # An entry for an Access Control list.
           "expirationTime": "A String", # The time when this access control entry expires in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
@@ -2940,6 +2973,13 @@ 
Method Details

       "kind": "A String", # This is always **sql#maintenanceWindow**.
       "updateTrack": "A String", # Maintenance timing setting: **canary** (Earlier) or **stable** (Later). [Learn more](https://cloud.google.com/sql/docs/mysql/instance-settings#maintenance-timing-2ndgen).
     },
+    "passwordValidationPolicy": { # Database instance local user password validation policy # The local user password validation policy of the instance.
+      "complexity": "A String", # The complexity of the password.
+      "disallowUsernameSubstring": True or False, # Disallow username as a part of the password.
+      "minLength": 42, # Minimum number of characters allowed.
+      "passwordChangeInterval": "A String", # Minimum interval after which the password can be changed.
+      "reuseInterval": 42, # Number of previous passwords that cannot be reused.
+    },
     "pricingPlan": "A String", # The pricing plan for this instance. This can be either **PER_USE** or **PACKAGE**. Only **PER_USE** is supported for Second Generation instances.
     "replicationType": "A String", # The type of replication this instance uses. This can be either **ASYNCHRONOUS** or **SYNCHRONOUS**. (Deprecated) This property was only applicable to First Generation instances.
     "settingsVersion": "A String", # The version of instance settings. This is a required field for update method to make sure concurrent updates are handled properly. During update, use the most recent settingsVersion value for this instance and do not try to update this value.
@@ -2992,15 +3032,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -3039,7 +3079,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
diff --git a/docs/dyn/sqladmin_v1.operations.html b/docs/dyn/sqladmin_v1.operations.html
index 1d2301a2cbc..debc89c455b 100644
--- a/docs/dyn/sqladmin_v1.operations.html
+++ b/docs/dyn/sqladmin_v1.operations.html
@@ -131,15 +131,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -178,7 +178,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
@@ -229,15 +229,15 @@ 
Method Details

           "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
           "selectQuery": "A String", # The select query used to extract the data.
         },
-        "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+        "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
           "A String",
         ],
-        "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+        "fileType": "A String", # The file type for the specified uri.
         "kind": "A String", # This is always **sql#exportContext**.
         "offload": True or False, # Option for export offload.
         "sqlExportOptions": { # Options for exporting data as SQL statements.
           "mysqlExportOptions": { # Options for exporting from MySQL.
-            "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+            "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
           },
           "schemaOnly": True or False, # Export only schemas.
           "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -276,7 +276,7 @@ 
Method Details

       "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
       "selfLink": "A String", # The URI of this resource.
       "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-      "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+      "status": "A String", # The status of an operation.
       "targetId": "A String", # Name of the database instance related to this operation.
       "targetLink": "A String",
       "targetProject": "A String", # The project ID of the target instance related to this operation.
diff --git a/docs/dyn/sqladmin_v1.projects.instances.html b/docs/dyn/sqladmin_v1.projects.instances.html
index 1939e617522..95333845286 100644
--- a/docs/dyn/sqladmin_v1.projects.instances.html
+++ b/docs/dyn/sqladmin_v1.projects.instances.html
@@ -141,15 +141,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -188,7 +188,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
@@ -251,15 +251,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -298,7 +298,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
diff --git a/docs/dyn/sqladmin_v1.sslCerts.html b/docs/dyn/sqladmin_v1.sslCerts.html
index c7b6d779494..82931803cfb 100644
--- a/docs/dyn/sqladmin_v1.sslCerts.html
+++ b/docs/dyn/sqladmin_v1.sslCerts.html
@@ -174,15 +174,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -221,7 +221,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
@@ -320,15 +320,15 @@ 
Method Details

         "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
         "selectQuery": "A String", # The select query used to extract the data.
       },
-      "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+      "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
         "A String",
       ],
-      "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+      "fileType": "A String", # The file type for the specified uri.
       "kind": "A String", # This is always **sql#exportContext**.
       "offload": True or False, # Option for export offload.
       "sqlExportOptions": { # Options for exporting data as SQL statements.
         "mysqlExportOptions": { # Options for exporting from MySQL.
-          "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+          "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
         },
         "schemaOnly": True or False, # Export only schemas.
         "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -367,7 +367,7 @@ 
Method Details

     "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
     "selfLink": "A String", # The URI of this resource.
     "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-    "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+    "status": "A String", # The status of an operation.
     "targetId": "A String", # Name of the database instance related to this operation.
     "targetLink": "A String",
     "targetProject": "A String", # The project ID of the target instance related to this operation.
diff --git a/docs/dyn/sqladmin_v1.users.html b/docs/dyn/sqladmin_v1.users.html
index 80276132ac4..24fbeb59e04 100644
--- a/docs/dyn/sqladmin_v1.users.html
+++ b/docs/dyn/sqladmin_v1.users.html
@@ -136,15 +136,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -183,7 +183,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
@@ -203,11 +203,20 @@ 
Method Details

 
 { # A Cloud SQL user resource.
   "etag": "A String", # This field is deprecated and will be removed from a future version of the API.
-  "host": "A String", # The host name from which the user can connect. For **insert** operations, host defaults to an empty string. For **update** operations, host is specified as part of the request URL. The host name cannot be updated after insertion.
+  "host": "A String", # Optional. The host name from which the user can connect. For **insert** operations, host defaults to an empty string. For **update** operations, host is specified as part of the request URL. The host name cannot be updated after insertion. For a MySQL instance, it's required; for a PostgreSQL or SQL Server instance, it's optional.
   "instance": "A String", # The name of the Cloud SQL instance. This does not include the project ID. Can be omitted for **update** since it is already specified on the URL.
   "kind": "A String", # This is always **sql#user**.
   "name": "A String", # The name of the user in the Cloud SQL instance. Can be omitted for **update** since it is already specified in the URL.
   "password": "A String", # The password for the user.
+  "passwordPolicy": { # User level password validation policy. # User level password validation policy.
+    "allowedFailedAttempts": 42, # Number of failed login attempts allowed before user get locked.
+    "enableFailedAttemptsCheck": True or False, # If true, failed login attempts check will be enabled.
+    "passwordExpirationDuration": "A String", # Expiration duration after password is updated.
+    "status": { # Read-only password status. # Output only. Read-only password status.
+      "locked": True or False, # If true, user does not have login privileges.
+      "passwordExpirationTime": "A String", # The expiration time of the current password.
+    },
+  },
   "project": "A String", # The project ID of the project containing the Cloud SQL database. The Google apps domain is prefixed if applicable. Can be omitted for **update** since it is already specified on the URL.
   "sqlserverUserDetails": { # Represents a Sql Server user on the Cloud SQL instance.
     "disabled": True or False, # If the user has been disabled
@@ -250,15 +259,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -297,7 +306,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
@@ -324,11 +333,20 @@ 
Method Details

   "items": [ # List of user resources in the instance.
     { # A Cloud SQL user resource.
       "etag": "A String", # This field is deprecated and will be removed from a future version of the API.
-      "host": "A String", # The host name from which the user can connect. For **insert** operations, host defaults to an empty string. For **update** operations, host is specified as part of the request URL. The host name cannot be updated after insertion.
+      "host": "A String", # Optional. The host name from which the user can connect. For **insert** operations, host defaults to an empty string. For **update** operations, host is specified as part of the request URL. The host name cannot be updated after insertion. For a MySQL instance, it's required; for a PostgreSQL or SQL Server instance, it's optional.
       "instance": "A String", # The name of the Cloud SQL instance. This does not include the project ID. Can be omitted for **update** since it is already specified on the URL.
       "kind": "A String", # This is always **sql#user**.
       "name": "A String", # The name of the user in the Cloud SQL instance. Can be omitted for **update** since it is already specified in the URL.
       "password": "A String", # The password for the user.
+      "passwordPolicy": { # User level password validation policy. # User level password validation policy.
+        "allowedFailedAttempts": 42, # Number of failed login attempts allowed before user get locked.
+        "enableFailedAttemptsCheck": True or False, # If true, failed login attempts check will be enabled.
+        "passwordExpirationDuration": "A String", # Expiration duration after password is updated.
+        "status": { # Read-only password status. # Output only. Read-only password status.
+          "locked": True or False, # If true, user does not have login privileges.
+          "passwordExpirationTime": "A String", # The expiration time of the current password.
+        },
+      },
       "project": "A String", # The project ID of the project containing the Cloud SQL database. The Google apps domain is prefixed if applicable. Can be omitted for **update** since it is already specified on the URL.
       "sqlserverUserDetails": { # Represents a Sql Server user on the Cloud SQL instance.
         "disabled": True or False, # If the user has been disabled
@@ -356,11 +374,20 @@ 
Method Details

 
 { # A Cloud SQL user resource.
   "etag": "A String", # This field is deprecated and will be removed from a future version of the API.
-  "host": "A String", # The host name from which the user can connect. For **insert** operations, host defaults to an empty string. For **update** operations, host is specified as part of the request URL. The host name cannot be updated after insertion.
+  "host": "A String", # Optional. The host name from which the user can connect. For **insert** operations, host defaults to an empty string. For **update** operations, host is specified as part of the request URL. The host name cannot be updated after insertion. For a MySQL instance, it's required; for a PostgreSQL or SQL Server instance, it's optional.
   "instance": "A String", # The name of the Cloud SQL instance. This does not include the project ID. Can be omitted for **update** since it is already specified on the URL.
   "kind": "A String", # This is always **sql#user**.
   "name": "A String", # The name of the user in the Cloud SQL instance. Can be omitted for **update** since it is already specified in the URL.
   "password": "A String", # The password for the user.
+  "passwordPolicy": { # User level password validation policy. # User level password validation policy.
+    "allowedFailedAttempts": 42, # Number of failed login attempts allowed before user get locked.
+    "enableFailedAttemptsCheck": True or False, # If true, failed login attempts check will be enabled.
+    "passwordExpirationDuration": "A String", # Expiration duration after password is updated.
+    "status": { # Read-only password status. # Output only. Read-only password status.
+      "locked": True or False, # If true, user does not have login privileges.
+      "passwordExpirationTime": "A String", # The expiration time of the current password.
+    },
+  },
   "project": "A String", # The project ID of the project containing the Cloud SQL database. The Google apps domain is prefixed if applicable. Can be omitted for **update** since it is already specified on the URL.
   "sqlserverUserDetails": { # Represents a Sql Server user on the Cloud SQL instance.
     "disabled": True or False, # If the user has been disabled
@@ -405,15 +432,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -452,7 +479,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
diff --git a/docs/dyn/sqladmin_v1beta4.backupRuns.html b/docs/dyn/sqladmin_v1beta4.backupRuns.html
index 2b54ab10817..158bf898c9b 100644
--- a/docs/dyn/sqladmin_v1beta4.backupRuns.html
+++ b/docs/dyn/sqladmin_v1beta4.backupRuns.html
@@ -138,15 +138,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -185,7 +185,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
@@ -310,15 +310,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -357,7 +357,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
diff --git a/docs/dyn/sqladmin_v1beta4.databases.html b/docs/dyn/sqladmin_v1beta4.databases.html
index 81c939f38a7..be2c60a3a22 100644
--- a/docs/dyn/sqladmin_v1beta4.databases.html
+++ b/docs/dyn/sqladmin_v1beta4.databases.html
@@ -141,15 +141,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -188,7 +188,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
@@ -285,15 +285,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -332,7 +332,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
@@ -434,15 +434,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -481,7 +481,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
@@ -547,15 +547,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -594,7 +594,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
diff --git a/docs/dyn/sqladmin_v1beta4.instances.html b/docs/dyn/sqladmin_v1beta4.instances.html
index 11bd57c233f..db4dec76ce2 100644
--- a/docs/dyn/sqladmin_v1beta4.instances.html
+++ b/docs/dyn/sqladmin_v1beta4.instances.html
@@ -183,15 +183,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -230,7 +230,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
@@ -294,15 +294,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -341,7 +341,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
@@ -393,15 +393,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -440,7 +440,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
@@ -510,15 +510,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -557,7 +557,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
@@ -584,15 +584,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -635,15 +635,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -682,7 +682,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
@@ -739,15 +739,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -786,7 +786,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
@@ -814,6 +814,7 @@ 
Method Details

   "connectionName": "A String", # Connection name of the Cloud SQL instance used in connection strings.
   "createTime": "A String", # Output only. The time when the instance was created in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
   "currentDiskSize": "A String", # The current disk usage of the instance in bytes. This property has been deprecated. Use the "cloudsql.googleapis.com/database/disk/bytes_used" metric in Cloud Monitoring API instead. Please see [this announcement](https://groups.google.com/d/msg/google-cloud-sql-announce/I_7-F9EBhT0/BtvFtdFeAgAJ) for details.
+  "databaseInstalledVersion": "A String", # Output only. The databaseInstalledVersion stores the current fully resolved database version running on the instance including minor version such as MYSQL_5_6_50
   "databaseVersion": "A String", # The database engine type and version. The **databaseVersion** field cannot be changed after instance creation.
   "diskEncryptionConfiguration": { # Disk encryption configuration for an instance. # Disk encryption configuration specific to an instance.
     "kind": "A String", # This is always **sql#diskEncryptionConfiguration**.
@@ -829,7 +830,7 @@ 
Method Details

     "name": "A String", # The name of the failover replica. If specified at instance creation, a failover replica is created for the instance. The name doesn't include the project ID.
   },
   "gceZone": "A String", # The Compute Engine zone that the instance is currently serving from. This value could be different from the zone that was specified when the instance was created if the instance has failed over to its secondary zone.
-  "instanceType": "A String", # The instance type. This can be one of the following: * **CLOUD_SQL_INSTANCE**: A Cloud SQL instance that is not replicating from a primary instance. * **ON_PREMISES_INSTANCE**: An instance running on the customer's premises. * **READ_REPLICA_INSTANCE**: A Cloud SQL instance configured as a read-replica.
+  "instanceType": "A String", # The instance type.
   "ipAddresses": [ # The assigned IP addresses for the instance.
     { # Database instance IP Mapping.
       "ipAddress": "A String", # The IP address assigned.
@@ -955,7 +956,7 @@ 
Method Details

       "recordClientAddress": True or False, # Whether Query Insights will record client address when enabled.
     },
     "ipConfiguration": { # IP Management configuration. # The settings for IP Management. This allows to enable or disable the instance IP and manage which external networks can connect to the instance. The IPv4 address cannot be disabled for Second Generation instances.
-      "allocatedIpRange": "A String", # The name of the allocated ip range for the private ip CloudSQL instance. For example: "google-managed-services-default". If set, the instance ip will be created in the allocated range. The range name must comply with [RFC 1035](https://tools.ietf.org/html/rfc1035). Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?.` Reserved for future use.
+      "allocatedIpRange": "A String", # The name of the allocated ip range for the private ip CloudSQL instance. For example: "google-managed-services-default". If set, the instance ip will be created in the allocated range. The range name must comply with [RFC 1035](https://tools.ietf.org/html/rfc1035). Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?.`
       "authorizedNetworks": [ # The list of external networks that are allowed to connect to the instance using the IP. In 'CIDR' notation, also known as 'slash' notation (for example: **192.168.100.0/24**).
         { # An entry for an Access Control list.
           "expirationTime": "A String", # The time when this access control entry expires in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
@@ -981,6 +982,13 @@ 
Method Details

       "kind": "A String", # This is always **sql#maintenanceWindow**.
       "updateTrack": "A String", # Maintenance timing setting: **canary** (Earlier) or **stable** (Later). [Learn more](https://cloud.google.com/sql/docs/mysql/instance-settings#maintenance-timing-2ndgen).
     },
+    "passwordValidationPolicy": { # Database instance local user password validation policy # The local user password validation policy of the instance.
+      "complexity": "A String", # The complexity of the password.
+      "disallowUsernameSubstring": True or False, # Disallow username as a part of the password.
+      "minLength": 42, # Minimum number of characters allowed.
+      "passwordChangeInterval": "A String", # Minimum interval after which the password can be changed.
+      "reuseInterval": 42, # Number of previous passwords that cannot be reused.
+    },
     "pricingPlan": "A String", # The pricing plan for this instance. This can be either **PER_USE** or **PACKAGE**. Only **PER_USE** is supported for Second Generation instances.
     "replicationType": "A String", # The type of replication this instance uses. This can be either **ASYNCHRONOUS** or **SYNCHRONOUS**. (Deprecated) This property was only applicable to First Generation instances.
     "settingsVersion": "A String", # The version of instance settings. This is a required field for update method to make sure concurrent updates are handled properly. During update, use the most recent settingsVersion value for this instance and do not try to update this value.
@@ -1071,15 +1079,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -1118,7 +1126,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
@@ -1140,6 +1148,7 @@ 
Method Details

   "connectionName": "A String", # Connection name of the Cloud SQL instance used in connection strings.
   "createTime": "A String", # Output only. The time when the instance was created in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
   "currentDiskSize": "A String", # The current disk usage of the instance in bytes. This property has been deprecated. Use the "cloudsql.googleapis.com/database/disk/bytes_used" metric in Cloud Monitoring API instead. Please see [this announcement](https://groups.google.com/d/msg/google-cloud-sql-announce/I_7-F9EBhT0/BtvFtdFeAgAJ) for details.
+  "databaseInstalledVersion": "A String", # Output only. The databaseInstalledVersion stores the current fully resolved database version running on the instance including minor version such as MYSQL_5_6_50
   "databaseVersion": "A String", # The database engine type and version. The **databaseVersion** field cannot be changed after instance creation.
   "diskEncryptionConfiguration": { # Disk encryption configuration for an instance. # Disk encryption configuration specific to an instance.
     "kind": "A String", # This is always **sql#diskEncryptionConfiguration**.
@@ -1155,7 +1164,7 @@ 
Method Details

     "name": "A String", # The name of the failover replica. If specified at instance creation, a failover replica is created for the instance. The name doesn't include the project ID.
   },
   "gceZone": "A String", # The Compute Engine zone that the instance is currently serving from. This value could be different from the zone that was specified when the instance was created if the instance has failed over to its secondary zone.
-  "instanceType": "A String", # The instance type. This can be one of the following: * **CLOUD_SQL_INSTANCE**: A Cloud SQL instance that is not replicating from a primary instance. * **ON_PREMISES_INSTANCE**: An instance running on the customer's premises. * **READ_REPLICA_INSTANCE**: A Cloud SQL instance configured as a read-replica.
+  "instanceType": "A String", # The instance type.
   "ipAddresses": [ # The assigned IP addresses for the instance.
     { # Database instance IP Mapping.
       "ipAddress": "A String", # The IP address assigned.
@@ -1281,7 +1290,7 @@ 
Method Details

       "recordClientAddress": True or False, # Whether Query Insights will record client address when enabled.
     },
     "ipConfiguration": { # IP Management configuration. # The settings for IP Management. This allows to enable or disable the instance IP and manage which external networks can connect to the instance. The IPv4 address cannot be disabled for Second Generation instances.
-      "allocatedIpRange": "A String", # The name of the allocated ip range for the private ip CloudSQL instance. For example: "google-managed-services-default". If set, the instance ip will be created in the allocated range. The range name must comply with [RFC 1035](https://tools.ietf.org/html/rfc1035). Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?.` Reserved for future use.
+      "allocatedIpRange": "A String", # The name of the allocated ip range for the private ip CloudSQL instance. For example: "google-managed-services-default". If set, the instance ip will be created in the allocated range. The range name must comply with [RFC 1035](https://tools.ietf.org/html/rfc1035). Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?.`
       "authorizedNetworks": [ # The list of external networks that are allowed to connect to the instance using the IP. In 'CIDR' notation, also known as 'slash' notation (for example: **192.168.100.0/24**).
         { # An entry for an Access Control list.
           "expirationTime": "A String", # The time when this access control entry expires in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
@@ -1307,6 +1316,13 @@ 
Method Details

       "kind": "A String", # This is always **sql#maintenanceWindow**.
       "updateTrack": "A String", # Maintenance timing setting: **canary** (Earlier) or **stable** (Later). [Learn more](https://cloud.google.com/sql/docs/mysql/instance-settings#maintenance-timing-2ndgen).
     },
+    "passwordValidationPolicy": { # Database instance local user password validation policy # The local user password validation policy of the instance.
+      "complexity": "A String", # The complexity of the password.
+      "disallowUsernameSubstring": True or False, # Disallow username as a part of the password.
+      "minLength": 42, # Minimum number of characters allowed.
+      "passwordChangeInterval": "A String", # Minimum interval after which the password can be changed.
+      "reuseInterval": 42, # Number of previous passwords that cannot be reused.
+    },
     "pricingPlan": "A String", # The pricing plan for this instance. This can be either **PER_USE** or **PACKAGE**. Only **PER_USE** is supported for Second Generation instances.
     "replicationType": "A String", # The type of replication this instance uses. This can be either **ASYNCHRONOUS** or **SYNCHRONOUS**. (Deprecated) This property was only applicable to First Generation instances.
     "settingsVersion": "A String", # The version of instance settings. This is a required field for update method to make sure concurrent updates are handled properly. During update, use the most recent settingsVersion value for this instance and do not try to update this value.
@@ -1359,15 +1375,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -1406,7 +1422,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
@@ -1438,6 +1454,7 @@ 
Method Details

       "connectionName": "A String", # Connection name of the Cloud SQL instance used in connection strings.
       "createTime": "A String", # Output only. The time when the instance was created in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
       "currentDiskSize": "A String", # The current disk usage of the instance in bytes. This property has been deprecated. Use the "cloudsql.googleapis.com/database/disk/bytes_used" metric in Cloud Monitoring API instead. Please see [this announcement](https://groups.google.com/d/msg/google-cloud-sql-announce/I_7-F9EBhT0/BtvFtdFeAgAJ) for details.
+      "databaseInstalledVersion": "A String", # Output only. The databaseInstalledVersion stores the current fully resolved database version running on the instance including minor version such as MYSQL_5_6_50
       "databaseVersion": "A String", # The database engine type and version. The **databaseVersion** field cannot be changed after instance creation.
       "diskEncryptionConfiguration": { # Disk encryption configuration for an instance. # Disk encryption configuration specific to an instance.
         "kind": "A String", # This is always **sql#diskEncryptionConfiguration**.
@@ -1453,7 +1470,7 @@ 
Method Details

         "name": "A String", # The name of the failover replica. If specified at instance creation, a failover replica is created for the instance. The name doesn't include the project ID.
       },
       "gceZone": "A String", # The Compute Engine zone that the instance is currently serving from. This value could be different from the zone that was specified when the instance was created if the instance has failed over to its secondary zone.
-      "instanceType": "A String", # The instance type. This can be one of the following: * **CLOUD_SQL_INSTANCE**: A Cloud SQL instance that is not replicating from a primary instance. * **ON_PREMISES_INSTANCE**: An instance running on the customer's premises. * **READ_REPLICA_INSTANCE**: A Cloud SQL instance configured as a read-replica.
+      "instanceType": "A String", # The instance type.
       "ipAddresses": [ # The assigned IP addresses for the instance.
         { # Database instance IP Mapping.
           "ipAddress": "A String", # The IP address assigned.
@@ -1579,7 +1596,7 @@ 
Method Details

           "recordClientAddress": True or False, # Whether Query Insights will record client address when enabled.
         },
         "ipConfiguration": { # IP Management configuration. # The settings for IP Management. This allows to enable or disable the instance IP and manage which external networks can connect to the instance. The IPv4 address cannot be disabled for Second Generation instances.
-          "allocatedIpRange": "A String", # The name of the allocated ip range for the private ip CloudSQL instance. For example: "google-managed-services-default". If set, the instance ip will be created in the allocated range. The range name must comply with [RFC 1035](https://tools.ietf.org/html/rfc1035). Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?.` Reserved for future use.
+          "allocatedIpRange": "A String", # The name of the allocated ip range for the private ip CloudSQL instance. For example: "google-managed-services-default". If set, the instance ip will be created in the allocated range. The range name must comply with [RFC 1035](https://tools.ietf.org/html/rfc1035). Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?.`
           "authorizedNetworks": [ # The list of external networks that are allowed to connect to the instance using the IP. In 'CIDR' notation, also known as 'slash' notation (for example: **192.168.100.0/24**).
             { # An entry for an Access Control list.
               "expirationTime": "A String", # The time when this access control entry expires in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
@@ -1605,6 +1622,13 @@ 
Method Details

           "kind": "A String", # This is always **sql#maintenanceWindow**.
           "updateTrack": "A String", # Maintenance timing setting: **canary** (Earlier) or **stable** (Later). [Learn more](https://cloud.google.com/sql/docs/mysql/instance-settings#maintenance-timing-2ndgen).
         },
+        "passwordValidationPolicy": { # Database instance local user password validation policy # The local user password validation policy of the instance.
+          "complexity": "A String", # The complexity of the password.
+          "disallowUsernameSubstring": True or False, # Disallow username as a part of the password.
+          "minLength": 42, # Minimum number of characters allowed.
+          "passwordChangeInterval": "A String", # Minimum interval after which the password can be changed.
+          "reuseInterval": 42, # Number of previous passwords that cannot be reused.
+        },
         "pricingPlan": "A String", # The pricing plan for this instance. This can be either **PER_USE** or **PACKAGE**. Only **PER_USE** is supported for Second Generation instances.
         "replicationType": "A String", # The type of replication this instance uses. This can be either **ASYNCHRONOUS** or **SYNCHRONOUS**. (Deprecated) This property was only applicable to First Generation instances.
         "settingsVersion": "A String", # The version of instance settings. This is a required field for update method to make sure concurrent updates are handled properly. During update, use the most recent settingsVersion value for this instance and do not try to update this value.
@@ -1700,6 +1724,7 @@ 
Method Details

   "connectionName": "A String", # Connection name of the Cloud SQL instance used in connection strings.
   "createTime": "A String", # Output only. The time when the instance was created in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
   "currentDiskSize": "A String", # The current disk usage of the instance in bytes. This property has been deprecated. Use the "cloudsql.googleapis.com/database/disk/bytes_used" metric in Cloud Monitoring API instead. Please see [this announcement](https://groups.google.com/d/msg/google-cloud-sql-announce/I_7-F9EBhT0/BtvFtdFeAgAJ) for details.
+  "databaseInstalledVersion": "A String", # Output only. The databaseInstalledVersion stores the current fully resolved database version running on the instance including minor version such as MYSQL_5_6_50
   "databaseVersion": "A String", # The database engine type and version. The **databaseVersion** field cannot be changed after instance creation.
   "diskEncryptionConfiguration": { # Disk encryption configuration for an instance. # Disk encryption configuration specific to an instance.
     "kind": "A String", # This is always **sql#diskEncryptionConfiguration**.
@@ -1715,7 +1740,7 @@ 
Method Details

     "name": "A String", # The name of the failover replica. If specified at instance creation, a failover replica is created for the instance. The name doesn't include the project ID.
   },
   "gceZone": "A String", # The Compute Engine zone that the instance is currently serving from. This value could be different from the zone that was specified when the instance was created if the instance has failed over to its secondary zone.
-  "instanceType": "A String", # The instance type. This can be one of the following: * **CLOUD_SQL_INSTANCE**: A Cloud SQL instance that is not replicating from a primary instance. * **ON_PREMISES_INSTANCE**: An instance running on the customer's premises. * **READ_REPLICA_INSTANCE**: A Cloud SQL instance configured as a read-replica.
+  "instanceType": "A String", # The instance type.
   "ipAddresses": [ # The assigned IP addresses for the instance.
     { # Database instance IP Mapping.
       "ipAddress": "A String", # The IP address assigned.
@@ -1841,7 +1866,7 @@ 
Method Details

       "recordClientAddress": True or False, # Whether Query Insights will record client address when enabled.
     },
     "ipConfiguration": { # IP Management configuration. # The settings for IP Management. This allows to enable or disable the instance IP and manage which external networks can connect to the instance. The IPv4 address cannot be disabled for Second Generation instances.
-      "allocatedIpRange": "A String", # The name of the allocated ip range for the private ip CloudSQL instance. For example: "google-managed-services-default". If set, the instance ip will be created in the allocated range. The range name must comply with [RFC 1035](https://tools.ietf.org/html/rfc1035). Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?.` Reserved for future use.
+      "allocatedIpRange": "A String", # The name of the allocated ip range for the private ip CloudSQL instance. For example: "google-managed-services-default". If set, the instance ip will be created in the allocated range. The range name must comply with [RFC 1035](https://tools.ietf.org/html/rfc1035). Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?.`
       "authorizedNetworks": [ # The list of external networks that are allowed to connect to the instance using the IP. In 'CIDR' notation, also known as 'slash' notation (for example: **192.168.100.0/24**).
         { # An entry for an Access Control list.
           "expirationTime": "A String", # The time when this access control entry expires in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
@@ -1867,6 +1892,13 @@ 
Method Details

       "kind": "A String", # This is always **sql#maintenanceWindow**.
       "updateTrack": "A String", # Maintenance timing setting: **canary** (Earlier) or **stable** (Later). [Learn more](https://cloud.google.com/sql/docs/mysql/instance-settings#maintenance-timing-2ndgen).
     },
+    "passwordValidationPolicy": { # Database instance local user password validation policy # The local user password validation policy of the instance.
+      "complexity": "A String", # The complexity of the password.
+      "disallowUsernameSubstring": True or False, # Disallow username as a part of the password.
+      "minLength": 42, # Minimum number of characters allowed.
+      "passwordChangeInterval": "A String", # Minimum interval after which the password can be changed.
+      "reuseInterval": 42, # Number of previous passwords that cannot be reused.
+    },
     "pricingPlan": "A String", # The pricing plan for this instance. This can be either **PER_USE** or **PACKAGE**. Only **PER_USE** is supported for Second Generation instances.
     "replicationType": "A String", # The type of replication this instance uses. This can be either **ASYNCHRONOUS** or **SYNCHRONOUS**. (Deprecated) This property was only applicable to First Generation instances.
     "settingsVersion": "A String", # The version of instance settings. This is a required field for update method to make sure concurrent updates are handled properly. During update, use the most recent settingsVersion value for this instance and do not try to update this value.
@@ -1919,15 +1951,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -1966,7 +1998,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
@@ -2013,15 +2045,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -2060,7 +2092,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
@@ -2107,15 +2139,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -2154,7 +2186,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
@@ -2201,15 +2233,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -2248,7 +2280,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
@@ -2307,15 +2339,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -2354,7 +2386,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
@@ -2411,15 +2443,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -2458,7 +2490,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
@@ -2505,15 +2537,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -2552,7 +2584,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
@@ -2599,15 +2631,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -2646,7 +2678,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
@@ -2703,15 +2735,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -2750,7 +2782,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
@@ -2773,6 +2805,7 @@ 
Method Details

   "connectionName": "A String", # Connection name of the Cloud SQL instance used in connection strings.
   "createTime": "A String", # Output only. The time when the instance was created in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
   "currentDiskSize": "A String", # The current disk usage of the instance in bytes. This property has been deprecated. Use the "cloudsql.googleapis.com/database/disk/bytes_used" metric in Cloud Monitoring API instead. Please see [this announcement](https://groups.google.com/d/msg/google-cloud-sql-announce/I_7-F9EBhT0/BtvFtdFeAgAJ) for details.
+  "databaseInstalledVersion": "A String", # Output only. The databaseInstalledVersion stores the current fully resolved database version running on the instance including minor version such as MYSQL_5_6_50
   "databaseVersion": "A String", # The database engine type and version. The **databaseVersion** field cannot be changed after instance creation.
   "diskEncryptionConfiguration": { # Disk encryption configuration for an instance. # Disk encryption configuration specific to an instance.
     "kind": "A String", # This is always **sql#diskEncryptionConfiguration**.
@@ -2788,7 +2821,7 @@ 
Method Details

     "name": "A String", # The name of the failover replica. If specified at instance creation, a failover replica is created for the instance. The name doesn't include the project ID.
   },
   "gceZone": "A String", # The Compute Engine zone that the instance is currently serving from. This value could be different from the zone that was specified when the instance was created if the instance has failed over to its secondary zone.
-  "instanceType": "A String", # The instance type. This can be one of the following: * **CLOUD_SQL_INSTANCE**: A Cloud SQL instance that is not replicating from a primary instance. * **ON_PREMISES_INSTANCE**: An instance running on the customer's premises. * **READ_REPLICA_INSTANCE**: A Cloud SQL instance configured as a read-replica.
+  "instanceType": "A String", # The instance type.
   "ipAddresses": [ # The assigned IP addresses for the instance.
     { # Database instance IP Mapping.
       "ipAddress": "A String", # The IP address assigned.
@@ -2914,7 +2947,7 @@ 
Method Details

       "recordClientAddress": True or False, # Whether Query Insights will record client address when enabled.
     },
     "ipConfiguration": { # IP Management configuration. # The settings for IP Management. This allows to enable or disable the instance IP and manage which external networks can connect to the instance. The IPv4 address cannot be disabled for Second Generation instances.
-      "allocatedIpRange": "A String", # The name of the allocated ip range for the private ip CloudSQL instance. For example: "google-managed-services-default". If set, the instance ip will be created in the allocated range. The range name must comply with [RFC 1035](https://tools.ietf.org/html/rfc1035). Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?.` Reserved for future use.
+      "allocatedIpRange": "A String", # The name of the allocated ip range for the private ip CloudSQL instance. For example: "google-managed-services-default". If set, the instance ip will be created in the allocated range. The range name must comply with [RFC 1035](https://tools.ietf.org/html/rfc1035). Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?.`
       "authorizedNetworks": [ # The list of external networks that are allowed to connect to the instance using the IP. In 'CIDR' notation, also known as 'slash' notation (for example: **192.168.100.0/24**).
         { # An entry for an Access Control list.
           "expirationTime": "A String", # The time when this access control entry expires in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
@@ -2940,6 +2973,13 @@ 
Method Details

       "kind": "A String", # This is always **sql#maintenanceWindow**.
       "updateTrack": "A String", # Maintenance timing setting: **canary** (Earlier) or **stable** (Later). [Learn more](https://cloud.google.com/sql/docs/mysql/instance-settings#maintenance-timing-2ndgen).
     },
+    "passwordValidationPolicy": { # Database instance local user password validation policy # The local user password validation policy of the instance.
+      "complexity": "A String", # The complexity of the password.
+      "disallowUsernameSubstring": True or False, # Disallow username as a part of the password.
+      "minLength": 42, # Minimum number of characters allowed.
+      "passwordChangeInterval": "A String", # Minimum interval after which the password can be changed.
+      "reuseInterval": 42, # Number of previous passwords that cannot be reused.
+    },
     "pricingPlan": "A String", # The pricing plan for this instance. This can be either **PER_USE** or **PACKAGE**. Only **PER_USE** is supported for Second Generation instances.
     "replicationType": "A String", # The type of replication this instance uses. This can be either **ASYNCHRONOUS** or **SYNCHRONOUS**. (Deprecated) This property was only applicable to First Generation instances.
     "settingsVersion": "A String", # The version of instance settings. This is a required field for update method to make sure concurrent updates are handled properly. During update, use the most recent settingsVersion value for this instance and do not try to update this value.
@@ -2992,15 +3032,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -3039,7 +3079,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
diff --git a/docs/dyn/sqladmin_v1beta4.operations.html b/docs/dyn/sqladmin_v1beta4.operations.html
index b15cf475751..882c0377b7f 100644
--- a/docs/dyn/sqladmin_v1beta4.operations.html
+++ b/docs/dyn/sqladmin_v1beta4.operations.html
@@ -131,15 +131,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -178,7 +178,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
@@ -229,15 +229,15 @@ 
Method Details

           "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
           "selectQuery": "A String", # The select query used to extract the data.
         },
-        "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+        "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
           "A String",
         ],
-        "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+        "fileType": "A String", # The file type for the specified uri.
         "kind": "A String", # This is always **sql#exportContext**.
         "offload": True or False, # Option for export offload.
         "sqlExportOptions": { # Options for exporting data as SQL statements.
           "mysqlExportOptions": { # Options for exporting from MySQL.
-            "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+            "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
           },
           "schemaOnly": True or False, # Export only schemas.
           "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -276,7 +276,7 @@ 
Method Details

       "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
       "selfLink": "A String", # The URI of this resource.
       "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-      "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+      "status": "A String", # The status of an operation.
       "targetId": "A String", # Name of the database instance related to this operation.
       "targetLink": "A String",
       "targetProject": "A String", # The project ID of the target instance related to this operation.
diff --git a/docs/dyn/sqladmin_v1beta4.projects.instances.html b/docs/dyn/sqladmin_v1beta4.projects.instances.html
index 3322f9937f1..edd5324aa82 100644
--- a/docs/dyn/sqladmin_v1beta4.projects.instances.html
+++ b/docs/dyn/sqladmin_v1beta4.projects.instances.html
@@ -141,15 +141,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -188,7 +188,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
@@ -251,15 +251,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -298,7 +298,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
diff --git a/docs/dyn/sqladmin_v1beta4.sslCerts.html b/docs/dyn/sqladmin_v1beta4.sslCerts.html
index a380338354d..f9f481dcfca 100644
--- a/docs/dyn/sqladmin_v1beta4.sslCerts.html
+++ b/docs/dyn/sqladmin_v1beta4.sslCerts.html
@@ -174,15 +174,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -221,7 +221,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
@@ -320,15 +320,15 @@ 
Method Details

         "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
         "selectQuery": "A String", # The select query used to extract the data.
       },
-      "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+      "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
         "A String",
       ],
-      "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+      "fileType": "A String", # The file type for the specified uri.
       "kind": "A String", # This is always **sql#exportContext**.
       "offload": True or False, # Option for export offload.
       "sqlExportOptions": { # Options for exporting data as SQL statements.
         "mysqlExportOptions": { # Options for exporting from MySQL.
-          "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+          "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
         },
         "schemaOnly": True or False, # Export only schemas.
         "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -367,7 +367,7 @@ 
Method Details

     "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
     "selfLink": "A String", # The URI of this resource.
     "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-    "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+    "status": "A String", # The status of an operation.
     "targetId": "A String", # Name of the database instance related to this operation.
     "targetLink": "A String",
     "targetProject": "A String", # The project ID of the target instance related to this operation.
diff --git a/docs/dyn/sqladmin_v1beta4.users.html b/docs/dyn/sqladmin_v1beta4.users.html
index 80bd7de9677..18317c2af76 100644
--- a/docs/dyn/sqladmin_v1beta4.users.html
+++ b/docs/dyn/sqladmin_v1beta4.users.html
@@ -136,15 +136,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -183,7 +183,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
@@ -203,11 +203,20 @@ 
Method Details

 
 { # A Cloud SQL user resource.
   "etag": "A String", # This field is deprecated and will be removed from a future version of the API.
-  "host": "A String", # The host name from which the user can connect. For *insert* operations, host defaults to an empty string. For *update* operations, host is specified as part of the request URL. The host name cannot be updated after insertion.
+  "host": "A String", # Optional. The host name from which the user can connect. For **insert** operations, host defaults to an empty string. For **update** operations, host is specified as part of the request URL. The host name cannot be updated after insertion. For a MySQL instance, it's required; for a PostgreSQL or SQL Server instance, it's optional.
   "instance": "A String", # The name of the Cloud SQL instance. This does not include the project ID. Can be omitted for *update* since it is already specified on the URL.
   "kind": "A String", # This is always *sql#user*.
-  "name": "A String", # The name of the user in the Cloud SQL instance. Can be omitted for *update* since it is already specified in the URL.
+  "name": "A String", # The name of the user in the Cloud SQL instance. Can be omitted for **update** since it is already specified in the URL.
   "password": "A String", # The password for the user.
+  "passwordPolicy": { # User level password validation policy. # User level password validation policy.
+    "allowedFailedAttempts": 42, # Number of failed login attempts allowed before user get locked.
+    "enableFailedAttemptsCheck": True or False, # If true, failed login attempts check will be enabled.
+    "passwordExpirationDuration": "A String", # Expiration duration after password is updated.
+    "status": { # Read-only password status. # Output only. Read-only password status.
+      "locked": True or False, # If true, user does not have login privileges.
+      "passwordExpirationTime": "A String", # The expiration time of the current password.
+    },
+  },
   "project": "A String", # The project ID of the project containing the Cloud SQL database. The Google apps domain is prefixed if applicable. Can be omitted for *update* since it is already specified on the URL.
   "sqlserverUserDetails": { # Represents a Sql Server user on the Cloud SQL instance.
     "disabled": True or False, # If the user has been disabled
@@ -250,15 +259,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -297,7 +306,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
@@ -324,11 +333,20 @@ 
Method Details

   "items": [ # List of user resources in the instance.
     { # A Cloud SQL user resource.
       "etag": "A String", # This field is deprecated and will be removed from a future version of the API.
-      "host": "A String", # The host name from which the user can connect. For *insert* operations, host defaults to an empty string. For *update* operations, host is specified as part of the request URL. The host name cannot be updated after insertion.
+      "host": "A String", # Optional. The host name from which the user can connect. For **insert** operations, host defaults to an empty string. For **update** operations, host is specified as part of the request URL. The host name cannot be updated after insertion. For a MySQL instance, it's required; for a PostgreSQL or SQL Server instance, it's optional.
       "instance": "A String", # The name of the Cloud SQL instance. This does not include the project ID. Can be omitted for *update* since it is already specified on the URL.
       "kind": "A String", # This is always *sql#user*.
-      "name": "A String", # The name of the user in the Cloud SQL instance. Can be omitted for *update* since it is already specified in the URL.
+      "name": "A String", # The name of the user in the Cloud SQL instance. Can be omitted for **update** since it is already specified in the URL.
       "password": "A String", # The password for the user.
+      "passwordPolicy": { # User level password validation policy. # User level password validation policy.
+        "allowedFailedAttempts": 42, # Number of failed login attempts allowed before user get locked.
+        "enableFailedAttemptsCheck": True or False, # If true, failed login attempts check will be enabled.
+        "passwordExpirationDuration": "A String", # Expiration duration after password is updated.
+        "status": { # Read-only password status. # Output only. Read-only password status.
+          "locked": True or False, # If true, user does not have login privileges.
+          "passwordExpirationTime": "A String", # The expiration time of the current password.
+        },
+      },
       "project": "A String", # The project ID of the project containing the Cloud SQL database. The Google apps domain is prefixed if applicable. Can be omitted for *update* since it is already specified on the URL.
       "sqlserverUserDetails": { # Represents a Sql Server user on the Cloud SQL instance.
         "disabled": True or False, # If the user has been disabled
@@ -356,11 +374,20 @@ 
Method Details

 
 { # A Cloud SQL user resource.
   "etag": "A String", # This field is deprecated and will be removed from a future version of the API.
-  "host": "A String", # The host name from which the user can connect. For *insert* operations, host defaults to an empty string. For *update* operations, host is specified as part of the request URL. The host name cannot be updated after insertion.
+  "host": "A String", # Optional. The host name from which the user can connect. For **insert** operations, host defaults to an empty string. For **update** operations, host is specified as part of the request URL. The host name cannot be updated after insertion. For a MySQL instance, it's required; for a PostgreSQL or SQL Server instance, it's optional.
   "instance": "A String", # The name of the Cloud SQL instance. This does not include the project ID. Can be omitted for *update* since it is already specified on the URL.
   "kind": "A String", # This is always *sql#user*.
-  "name": "A String", # The name of the user in the Cloud SQL instance. Can be omitted for *update* since it is already specified in the URL.
+  "name": "A String", # The name of the user in the Cloud SQL instance. Can be omitted for **update** since it is already specified in the URL.
   "password": "A String", # The password for the user.
+  "passwordPolicy": { # User level password validation policy. # User level password validation policy.
+    "allowedFailedAttempts": 42, # Number of failed login attempts allowed before user get locked.
+    "enableFailedAttemptsCheck": True or False, # If true, failed login attempts check will be enabled.
+    "passwordExpirationDuration": "A String", # Expiration duration after password is updated.
+    "status": { # Read-only password status. # Output only. Read-only password status.
+      "locked": True or False, # If true, user does not have login privileges.
+      "passwordExpirationTime": "A String", # The expiration time of the current password.
+    },
+  },
   "project": "A String", # The project ID of the project containing the Cloud SQL database. The Google apps domain is prefixed if applicable. Can be omitted for *update* since it is already specified on the URL.
   "sqlserverUserDetails": { # Represents a Sql Server user on the Cloud SQL instance.
     "disabled": True or False, # If the user has been disabled
@@ -405,15 +432,15 @@ 
Method Details

       "quoteCharacter": "A String", # Specifies the quoting character to be used when a data value is quoted.
       "selectQuery": "A String", # The select query used to extract the data.
     },
-    "databases": [ # Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
+    "databases": [ # Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.
       "A String",
     ],
-    "fileType": "A String", # The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.
+    "fileType": "A String", # The file type for the specified uri.
     "kind": "A String", # This is always **sql#exportContext**.
     "offload": True or False, # Option for export offload.
     "sqlExportOptions": { # Options for exporting data as SQL statements.
       "mysqlExportOptions": { # Options for exporting from MySQL.
-        "masterData": 42, # Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.
+        "masterData": 42, # Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.
       },
       "schemaOnly": True or False, # Export only schemas.
       "tables": [ # Tables to export, or that were exported, from the specified database. If you specify tables, specify one and only one database. For PostgreSQL instances, you can specify only one table.
@@ -452,7 +479,7 @@ 
Method Details

   "operationType": "A String", # The type of the operation. Valid values are: * **CREATE** * **DELETE** * **UPDATE** * **RESTART** * **IMPORT** * **EXPORT** * **BACKUP_VOLUME** * **RESTORE_VOLUME** * **CREATE_USER** * **DELETE_USER** * **CREATE_DATABASE** * **DELETE_DATABASE**
   "selfLink": "A String", # The URI of this resource.
   "startTime": "A String", # The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example **2012-11-15T16:19:00.094Z**.
-  "status": "A String", # The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**
+  "status": "A String", # The status of an operation.
   "targetId": "A String", # Name of the database instance related to this operation.
   "targetLink": "A String",
   "targetProject": "A String", # The project ID of the target instance related to this operation.
diff --git a/docs/dyn/streetviewpublish_v1.photos.html b/docs/dyn/streetviewpublish_v1.photos.html
index 9448bd07049..04509782e28 100644
--- a/docs/dyn/streetviewpublish_v1.photos.html
+++ b/docs/dyn/streetviewpublish_v1.photos.html
@@ -135,7 +135,7 @@ 
Method Details

   
Gets the metadata of the specified Photo batch. Note that if BatchGetPhotos fails, either critical fields are missing or there is an authentication error. Even if BatchGetPhotos succeeds, individual photos in the batch may have failures. These failures are specified in each PhotoResponse.status in BatchGetPhotosResponse.results. See GetPhoto for specific failures that can occur per photo.
 
 Args:
-  languageCode: string, The BCP-47 language code, such as "en-US" or "sr-Latn". For more information, see http://www.unicode.org/reports/tr35/#Unicode_locale_identifier. If language_code is unspecified, the user's language preference for Google services is used.
+  languageCode: string, Optional. The BCP-47 language code, such as "en-US" or "sr-Latn". For more information, see http://www.unicode.org/reports/tr35/#Unicode_locale_identifier. If language_code is unspecified, the user's language preference for Google services is used.
   photoIds: string, Required. IDs of the Photos. For HTTP GET requests, the URL query parameter should be `photoIds=&photoIds=&...`. (repeated)
   view: string, Required. Specifies if a download URL for the photo bytes should be returned in the Photo response.
     Allowed values
diff --git a/docs/dyn/sts_v1.v1.html b/docs/dyn/sts_v1.v1.html
index 0ddf0a075bc..424a8263691 100644
--- a/docs/dyn/sts_v1.v1.html
+++ b/docs/dyn/sts_v1.v1.html
@@ -82,7 +82,7 @@ 
Instance Methods

 
Gets information about a Google OAuth 2.0 access token issued by the Google Cloud [Security Token Service API](https://cloud.google.com/iam/docs/reference/sts/rest).

 

   token(body=None, x__xgafv=None)

-
Exchanges a credential for a Google OAuth 2.0 access token. The token asserts an external identity within a workload identity pool, or it applies a Credential Access Boundary to a Google access token. When you call this method, do not send the `Authorization` HTTP header in the request. This method does not require the `Authorization` header, and using the header can cause the request to fail.

+
Exchanges a credential for a Google OAuth 2.0 access token. The token asserts an external identity within an identity pool, or it applies a Credential Access Boundary to a Google access token. When you call this method, do not send the `Authorization` HTTP header in the request. This method does not require the `Authorization` header, and using the header can cause the request to fail.

 
Method Details

 

     close()
@@ -124,7 +124,7 @@ 
Method Details

 
 

     token(body=None, x__xgafv=None)
-  
Exchanges a credential for a Google OAuth 2.0 access token. The token asserts an external identity within a workload identity pool, or it applies a Credential Access Boundary to a Google access token. When you call this method, do not send the `Authorization` HTTP header in the request. This method does not require the `Authorization` header, and using the header can cause the request to fail.
+  
Exchanges a credential for a Google OAuth 2.0 access token. The token asserts an external identity within an identity pool, or it applies a Credential Access Boundary to a Google access token. When you call this method, do not send the `Authorization` HTTP header in the request. This method does not require the `Authorization` header, and using the header can cause the request to fail.
 
 Args:
   body: object, The request body.
diff --git a/docs/dyn/texttospeech_v1.voices.html b/docs/dyn/texttospeech_v1.voices.html
index 043c6c9f56f..ba9011e547a 100644
--- a/docs/dyn/texttospeech_v1.voices.html
+++ b/docs/dyn/texttospeech_v1.voices.html
@@ -91,7 +91,7 @@ 
Method Details

   
Returns a list of Voice supported for synthesis.
 
 Args:
-  languageCode: string, Optional. Recommended. [BCP-47](https://www.rfc-editor.org/rfc/bcp/bcp47.txt) language tag. If not specified, the API will return all supported voices. If specified, the ListVoices call will only return voices that can be used to synthesize this language_code. E.g. when specifying "en-NZ", you will get supported "en-NZ" voices; when specifying "no", you will get supported "no-\*" (Norwegian) and "nb-\*" (Norwegian Bokmal) voices; specifying "zh" will also get supported "cmn-\*" voices; specifying "zh-hk" will also get supported "yue-hk" voices.
+  languageCode: string, Optional. Recommended. [BCP-47](https://www.rfc-editor.org/rfc/bcp/bcp47.txt) language tag. If not specified, the API will return all supported voices. If specified, the ListVoices call will only return voices that can be used to synthesize this language_code. E.g. when specifying `"en-NZ"`, you will get supported `"en-NZ"` voices; when specifying `"no"`, you will get supported `"no-\*"` (Norwegian) and `"nb-\*"` (Norwegian Bokmal) voices; specifying `"zh"` will also get supported `"cmn-\*"` voices; specifying `"zh-hk"` will also get supported `"yue-hk"` voices.
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
diff --git a/docs/dyn/texttospeech_v1beta1.voices.html b/docs/dyn/texttospeech_v1beta1.voices.html
index bf21565d173..577780795ef 100644
--- a/docs/dyn/texttospeech_v1beta1.voices.html
+++ b/docs/dyn/texttospeech_v1beta1.voices.html
@@ -91,7 +91,7 @@ 
Method Details

   
Returns a list of Voice supported for synthesis.
 
 Args:
-  languageCode: string, Optional. Recommended. [BCP-47](https://www.rfc-editor.org/rfc/bcp/bcp47.txt) language tag. If not specified, the API will return all supported voices. If specified, the ListVoices call will only return voices that can be used to synthesize this language_code. E.g. when specifying "en-NZ", you will get supported "en-NZ" voices; when specifying "no", you will get supported "no-\*" (Norwegian) and "nb-\*" (Norwegian Bokmal) voices; specifying "zh" will also get supported "cmn-\*" voices; specifying "zh-hk" will also get supported "yue-hk" voices.
+  languageCode: string, Optional. Recommended. [BCP-47](https://www.rfc-editor.org/rfc/bcp/bcp47.txt) language tag. If not specified, the API will return all supported voices. If specified, the ListVoices call will only return voices that can be used to synthesize this language_code. E.g. when specifying `"en-NZ"`, you will get supported `"en-NZ"` voices; when specifying `"no"`, you will get supported `"no-\*"` (Norwegian) and `"nb-\*"` (Norwegian Bokmal) voices; specifying `"zh"` will also get supported `"cmn-\*"` voices; specifying `"zh-hk"` will also get supported `"yue-hk"` voices.
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
diff --git a/docs/dyn/tpu_v2alpha1.projects.locations.nodes.html b/docs/dyn/tpu_v2alpha1.projects.locations.nodes.html
index 01c80d30adc..5cfebfb8bad 100644
--- a/docs/dyn/tpu_v2alpha1.projects.locations.nodes.html
+++ b/docs/dyn/tpu_v2alpha1.projects.locations.nodes.html
@@ -142,6 +142,7 @@ 
Method Details

   },
   "name": "A String", # Output only. Immutable. The name of the TPU.
   "networkConfig": { # Network related configurations. # Network configurations for the TPU node.
+    "canIpForward": True or False, # Allows the TPU node to send and receive packets with non-matching destination or source IPs. This is required if you plan to use the TPU workers to forward routes.
     "enableExternalIps": True or False, # Indicates that external IP addresses would be associated with the TPU workers. If set to false, the specified subnetwork or network should have Private Google Access enabled.
     "network": "A String", # The name of the network for the TPU node. It must be a preexisting Google Compute Engine network. If none is provided, "default" will be used.
     "subnetwork": "A String", # The name of the subnetwork for the TPU node. It must be a preexisting Google Compute Engine subnetwork. If none is provided, "default" will be used.
@@ -282,6 +283,7 @@ 
Method Details

   },
   "name": "A String", # Output only. Immutable. The name of the TPU.
   "networkConfig": { # Network related configurations. # Network configurations for the TPU node.
+    "canIpForward": True or False, # Allows the TPU node to send and receive packets with non-matching destination or source IPs. This is required if you plan to use the TPU workers to forward routes.
     "enableExternalIps": True or False, # Indicates that external IP addresses would be associated with the TPU workers. If set to false, the specified subnetwork or network should have Private Google Access enabled.
     "network": "A String", # The name of the network for the TPU node. It must be a preexisting Google Compute Engine network. If none is provided, "default" will be used.
     "subnetwork": "A String", # The name of the subnetwork for the TPU node. It must be a preexisting Google Compute Engine subnetwork. If none is provided, "default" will be used.
@@ -405,6 +407,7 @@ 
Method Details

       },
       "name": "A String", # Output only. Immutable. The name of the TPU.
       "networkConfig": { # Network related configurations. # Network configurations for the TPU node.
+        "canIpForward": True or False, # Allows the TPU node to send and receive packets with non-matching destination or source IPs. This is required if you plan to use the TPU workers to forward routes.
         "enableExternalIps": True or False, # Indicates that external IP addresses would be associated with the TPU workers. If set to false, the specified subnetwork or network should have Private Google Access enabled.
         "network": "A String", # The name of the network for the TPU node. It must be a preexisting Google Compute Engine network. If none is provided, "default" will be used.
         "subnetwork": "A String", # The name of the subnetwork for the TPU node. It must be a preexisting Google Compute Engine subnetwork. If none is provided, "default" will be used.
@@ -495,6 +498,7 @@ 
Method Details

   },
   "name": "A String", # Output only. Immutable. The name of the TPU.
   "networkConfig": { # Network related configurations. # Network configurations for the TPU node.
+    "canIpForward": True or False, # Allows the TPU node to send and receive packets with non-matching destination or source IPs. This is required if you plan to use the TPU workers to forward routes.
     "enableExternalIps": True or False, # Indicates that external IP addresses would be associated with the TPU workers. If set to false, the specified subnetwork or network should have Private Google Access enabled.
     "network": "A String", # The name of the network for the TPU node. It must be a preexisting Google Compute Engine network. If none is provided, "default" will be used.
     "subnetwork": "A String", # The name of the subnetwork for the TPU node. It must be a preexisting Google Compute Engine subnetwork. If none is provided, "default" will be used.
diff --git a/docs/dyn/vmmigration_v1.projects.locations.sources.migratingVms.html b/docs/dyn/vmmigration_v1.projects.locations.sources.migratingVms.html
index a3d0ff2b60b..9d7b5d5aec0 100644
--- a/docs/dyn/vmmigration_v1.projects.locations.sources.migratingVms.html
+++ b/docs/dyn/vmmigration_v1.projects.locations.sources.migratingVms.html
@@ -97,10 +97,10 @@ 
Instance Methods

   finalizeMigration(migratingVm, body=None, x__xgafv=None)

 
Marks a migration as completed, deleting migration resources that are no longer being used. Only applicable after cutover is done.

 

-  get(name, x__xgafv=None)

+  get(name, view=None, x__xgafv=None)

 
Gets details of a single MigratingVm.

 

-  list(parent, filter=None, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None)

+  list(parent, filter=None, orderBy=None, pageSize=None, pageToken=None, view=None, x__xgafv=None)

 
Lists MigratingVms in a given Source.

 

   list_next(previous_request, previous_response)

@@ -208,6 +208,136 @@ 
Method Details

     "idleDuration": "A String", # The idle duration between replication stages.
     "skipOsAdaptation": True or False, # A flag to indicate whether to skip OS adaptation during the replication sync. OS adaptation is a process where the VM's operating system undergoes changes and adaptations to fully function on Compute Engine.
   },
+  "recentCloneJobs": [ # Output only. The recent clone jobs performed on the migrating VM. This field holds the vm's last completed clone job and the vm's running clone job, if one exists. Note: To have this field populated you need to explicitly request it via the "view" parameter of the Get/List request.
+    { # CloneJob describes the process of creating a clone of a MigratingVM to the requested target based on the latest successful uploaded snapshots. While the migration cycles of a MigratingVm take place, it is possible to verify the uploaded VM can be started in the cloud, by creating a clone. The clone can be created without any downtime, and it is created using the latest snapshots which are already in the cloud. The cloneJob is only responsible for its work, not its products, which means once it is finished, it will never touch the instance it created. It will only delete it in case of the CloneJob being cancelled or upon failure to clone.
+      "computeEngineTargetDetails": { # ComputeEngineTargetDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the target VM in Compute Engine.
+        "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # The OS license returned from the adaptation module report.
+          "osLicense": "A String", # The OS license returned from the adaptation module's report.
+          "type": "A String", # The license type that was used in OS adaptation.
+        },
+        "bootOption": "A String", # The VM Boot Option, as set in the source vm.
+        "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+          "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+          "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+            { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+              "key": "A String", # The label key of Node resource to reference.
+              "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+              "values": [ # Corresponds to the label values of Node resource.
+                "A String",
+              ],
+            },
+          ],
+          "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+          "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+        },
+        "diskType": "A String", # The disk type to use in the VM.
+        "labels": { # A map of labels to associate with the VM.
+          "a_key": "A String",
+        },
+        "licenseType": "A String", # The license type to use in OS adaptation.
+        "machineType": "A String", # The machine type to create the VM with.
+        "machineTypeSeries": "A String", # The machine type series to create the VM with.
+        "metadata": { # The metadata key/value pairs to assign to the VM.
+          "a_key": "A String",
+        },
+        "networkInterfaces": [ # List of NICs connected to this VM.
+          { # NetworkInterface represents a NIC of a VM.
+            "externalIp": "A String", # The external IP to define in the NIC.
+            "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+            "network": "A String", # The network to connect the NIC to.
+            "subnetwork": "A String", # The subnetwork to connect the NIC to.
+          },
+        ],
+        "networkTags": [ # A map of network tags to associate with the VM.
+          "A String",
+        ],
+        "project": "A String", # The GCP target project ID or project name.
+        "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+        "serviceAccount": "A String", # The service account to associate the VM with.
+        "vmName": "A String", # The name of the VM to create.
+        "zone": "A String", # The zone in which to create the VM.
+      },
+      "createTime": "A String", # Output only. The time the clone job was created (as an API call, not when it was actually created in the target).
+      "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Output only. Provides details for the errors that led to the Clone Job's state.
+        "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+        "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+          {
+            "a_key": "", # Properties of the object. Contains field @type with type URL.
+          },
+        ],
+        "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+      },
+      "name": "A String", # The name of the clone.
+      "state": "A String", # Output only. State of the clone job.
+      "stateTime": "A String", # Output only. The time the state was last updated.
+    },
+  ],
+  "recentCutoverJobs": [ # Output only. The recent cutover jobs performed on the migrating VM. This field holds the vm's last completed cutover job and the vm's running cutover job, if one exists. Note: To have this field populated you need to explicitly request it via the "view" parameter of the Get/List request.
+    { # CutoverJob message describes a cutover of a migrating VM. The CutoverJob is the operation of shutting down the VM, creating a snapshot and clonning the VM using the replicated snapshot.
+      "computeEngineTargetDetails": { # ComputeEngineTargetDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the target VM in Compute Engine.
+        "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # The OS license returned from the adaptation module report.
+          "osLicense": "A String", # The OS license returned from the adaptation module's report.
+          "type": "A String", # The license type that was used in OS adaptation.
+        },
+        "bootOption": "A String", # The VM Boot Option, as set in the source vm.
+        "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+          "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+          "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+            { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+              "key": "A String", # The label key of Node resource to reference.
+              "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+              "values": [ # Corresponds to the label values of Node resource.
+                "A String",
+              ],
+            },
+          ],
+          "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+          "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+        },
+        "diskType": "A String", # The disk type to use in the VM.
+        "labels": { # A map of labels to associate with the VM.
+          "a_key": "A String",
+        },
+        "licenseType": "A String", # The license type to use in OS adaptation.
+        "machineType": "A String", # The machine type to create the VM with.
+        "machineTypeSeries": "A String", # The machine type series to create the VM with.
+        "metadata": { # The metadata key/value pairs to assign to the VM.
+          "a_key": "A String",
+        },
+        "networkInterfaces": [ # List of NICs connected to this VM.
+          { # NetworkInterface represents a NIC of a VM.
+            "externalIp": "A String", # The external IP to define in the NIC.
+            "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+            "network": "A String", # The network to connect the NIC to.
+            "subnetwork": "A String", # The subnetwork to connect the NIC to.
+          },
+        ],
+        "networkTags": [ # A map of network tags to associate with the VM.
+          "A String",
+        ],
+        "project": "A String", # The GCP target project ID or project name.
+        "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+        "serviceAccount": "A String", # The service account to associate the VM with.
+        "vmName": "A String", # The name of the VM to create.
+        "zone": "A String", # The zone in which to create the VM.
+      },
+      "createTime": "A String", # Output only. The time the cutover job was created (as an API call, not when it was actually created in the target).
+      "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Output only. Provides details for the errors that led to the Cutover Job's state.
+        "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+        "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+          {
+            "a_key": "", # Properties of the object. Contains field @type with type URL.
+          },
+        ],
+        "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+      },
+      "name": "A String", # Output only. The name of the cutover job.
+      "progressPercent": 42, # Output only. The current progress in percentage of the cutover job.
+      "state": "A String", # Output only. State of the cutover job.
+      "stateMessage": "A String", # Output only. A message providing possible extra details about the current state.
+      "stateTime": "A String", # Output only. The time the state was last updated.
+    },
+  ],
   "sourceVmId": "A String", # The unique ID of the VM in the source. The VM's name in vSphere can be changed, so this is not the VM's name but rather its moRef id. This id is of the form vm-.
   "state": "A String", # Output only. State of the MigratingVm.
   "stateTime": "A String", # Output only. The last time the migrating VM state was updated.
@@ -322,11 +452,16 @@ 
Method Details

 

 
 

-    get(name, x__xgafv=None)
+    get(name, view=None, x__xgafv=None)
   
Gets details of a single MigratingVm.
 
 Args:
   name: string, Required. The name of the MigratingVm. (required)
+  view: string, Optional. The level of details of the migrating VM.
+    Allowed values
+      MIGRATING_VM_VIEW_UNSPECIFIED - View is unspecified. The API will fallback to the default value.
+      MIGRATING_VM_VIEW_BASIC - Get the migrating VM basic details. The basic details do not include the recent clone jobs and recent cutover jobs lists.
+      MIGRATING_VM_VIEW_FULL - Include everything.
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
@@ -411,6 +546,136 @@ 
Method Details

     "idleDuration": "A String", # The idle duration between replication stages.
     "skipOsAdaptation": True or False, # A flag to indicate whether to skip OS adaptation during the replication sync. OS adaptation is a process where the VM's operating system undergoes changes and adaptations to fully function on Compute Engine.
   },
+  "recentCloneJobs": [ # Output only. The recent clone jobs performed on the migrating VM. This field holds the vm's last completed clone job and the vm's running clone job, if one exists. Note: To have this field populated you need to explicitly request it via the "view" parameter of the Get/List request.
+    { # CloneJob describes the process of creating a clone of a MigratingVM to the requested target based on the latest successful uploaded snapshots. While the migration cycles of a MigratingVm take place, it is possible to verify the uploaded VM can be started in the cloud, by creating a clone. The clone can be created without any downtime, and it is created using the latest snapshots which are already in the cloud. The cloneJob is only responsible for its work, not its products, which means once it is finished, it will never touch the instance it created. It will only delete it in case of the CloneJob being cancelled or upon failure to clone.
+      "computeEngineTargetDetails": { # ComputeEngineTargetDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the target VM in Compute Engine.
+        "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # The OS license returned from the adaptation module report.
+          "osLicense": "A String", # The OS license returned from the adaptation module's report.
+          "type": "A String", # The license type that was used in OS adaptation.
+        },
+        "bootOption": "A String", # The VM Boot Option, as set in the source vm.
+        "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+          "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+          "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+            { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+              "key": "A String", # The label key of Node resource to reference.
+              "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+              "values": [ # Corresponds to the label values of Node resource.
+                "A String",
+              ],
+            },
+          ],
+          "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+          "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+        },
+        "diskType": "A String", # The disk type to use in the VM.
+        "labels": { # A map of labels to associate with the VM.
+          "a_key": "A String",
+        },
+        "licenseType": "A String", # The license type to use in OS adaptation.
+        "machineType": "A String", # The machine type to create the VM with.
+        "machineTypeSeries": "A String", # The machine type series to create the VM with.
+        "metadata": { # The metadata key/value pairs to assign to the VM.
+          "a_key": "A String",
+        },
+        "networkInterfaces": [ # List of NICs connected to this VM.
+          { # NetworkInterface represents a NIC of a VM.
+            "externalIp": "A String", # The external IP to define in the NIC.
+            "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+            "network": "A String", # The network to connect the NIC to.
+            "subnetwork": "A String", # The subnetwork to connect the NIC to.
+          },
+        ],
+        "networkTags": [ # A map of network tags to associate with the VM.
+          "A String",
+        ],
+        "project": "A String", # The GCP target project ID or project name.
+        "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+        "serviceAccount": "A String", # The service account to associate the VM with.
+        "vmName": "A String", # The name of the VM to create.
+        "zone": "A String", # The zone in which to create the VM.
+      },
+      "createTime": "A String", # Output only. The time the clone job was created (as an API call, not when it was actually created in the target).
+      "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Output only. Provides details for the errors that led to the Clone Job's state.
+        "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+        "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+          {
+            "a_key": "", # Properties of the object. Contains field @type with type URL.
+          },
+        ],
+        "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+      },
+      "name": "A String", # The name of the clone.
+      "state": "A String", # Output only. State of the clone job.
+      "stateTime": "A String", # Output only. The time the state was last updated.
+    },
+  ],
+  "recentCutoverJobs": [ # Output only. The recent cutover jobs performed on the migrating VM. This field holds the vm's last completed cutover job and the vm's running cutover job, if one exists. Note: To have this field populated you need to explicitly request it via the "view" parameter of the Get/List request.
+    { # CutoverJob message describes a cutover of a migrating VM. The CutoverJob is the operation of shutting down the VM, creating a snapshot and clonning the VM using the replicated snapshot.
+      "computeEngineTargetDetails": { # ComputeEngineTargetDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the target VM in Compute Engine.
+        "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # The OS license returned from the adaptation module report.
+          "osLicense": "A String", # The OS license returned from the adaptation module's report.
+          "type": "A String", # The license type that was used in OS adaptation.
+        },
+        "bootOption": "A String", # The VM Boot Option, as set in the source vm.
+        "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+          "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+          "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+            { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+              "key": "A String", # The label key of Node resource to reference.
+              "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+              "values": [ # Corresponds to the label values of Node resource.
+                "A String",
+              ],
+            },
+          ],
+          "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+          "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+        },
+        "diskType": "A String", # The disk type to use in the VM.
+        "labels": { # A map of labels to associate with the VM.
+          "a_key": "A String",
+        },
+        "licenseType": "A String", # The license type to use in OS adaptation.
+        "machineType": "A String", # The machine type to create the VM with.
+        "machineTypeSeries": "A String", # The machine type series to create the VM with.
+        "metadata": { # The metadata key/value pairs to assign to the VM.
+          "a_key": "A String",
+        },
+        "networkInterfaces": [ # List of NICs connected to this VM.
+          { # NetworkInterface represents a NIC of a VM.
+            "externalIp": "A String", # The external IP to define in the NIC.
+            "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+            "network": "A String", # The network to connect the NIC to.
+            "subnetwork": "A String", # The subnetwork to connect the NIC to.
+          },
+        ],
+        "networkTags": [ # A map of network tags to associate with the VM.
+          "A String",
+        ],
+        "project": "A String", # The GCP target project ID or project name.
+        "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+        "serviceAccount": "A String", # The service account to associate the VM with.
+        "vmName": "A String", # The name of the VM to create.
+        "zone": "A String", # The zone in which to create the VM.
+      },
+      "createTime": "A String", # Output only. The time the cutover job was created (as an API call, not when it was actually created in the target).
+      "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Output only. Provides details for the errors that led to the Cutover Job's state.
+        "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+        "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+          {
+            "a_key": "", # Properties of the object. Contains field @type with type URL.
+          },
+        ],
+        "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+      },
+      "name": "A String", # Output only. The name of the cutover job.
+      "progressPercent": 42, # Output only. The current progress in percentage of the cutover job.
+      "state": "A String", # Output only. State of the cutover job.
+      "stateMessage": "A String", # Output only. A message providing possible extra details about the current state.
+      "stateTime": "A String", # Output only. The time the state was last updated.
+    },
+  ],
   "sourceVmId": "A String", # The unique ID of the VM in the source. The VM's name in vSphere can be changed, so this is not the VM's name but rather its moRef id. This id is of the form vm-.
   "state": "A String", # Output only. State of the MigratingVm.
   "stateTime": "A String", # Output only. The last time the migrating VM state was updated.
@@ -419,7 +684,7 @@ 
Method Details

 

 
 

-    list(parent, filter=None, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None)
+    list(parent, filter=None, orderBy=None, pageSize=None, pageToken=None, view=None, x__xgafv=None)
   
Lists MigratingVms in a given Source.
 
 Args:
@@ -428,6 +693,11 @@ 
Method Details

   orderBy: string, Optional. the order by fields for the result.
   pageSize: integer, Optional. The maximum number of migrating VMs to return. The service may return fewer than this value. If unspecified, at most 500 migrating VMs will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
   pageToken: string, Required. A page token, received from a previous `ListMigratingVms` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListMigratingVms` must match the call that provided the page token.
+  view: string, Optional. The level of details of each migrating VM.
+    Allowed values
+      MIGRATING_VM_VIEW_UNSPECIFIED - View is unspecified. The API will fallback to the default value.
+      MIGRATING_VM_VIEW_BASIC - Get the migrating VM basic details. The basic details do not include the recent clone jobs and recent cutover jobs lists.
+      MIGRATING_VM_VIEW_FULL - Include everything.
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
@@ -514,6 +784,136 @@ 
Method Details

         "idleDuration": "A String", # The idle duration between replication stages.
         "skipOsAdaptation": True or False, # A flag to indicate whether to skip OS adaptation during the replication sync. OS adaptation is a process where the VM's operating system undergoes changes and adaptations to fully function on Compute Engine.
       },
+      "recentCloneJobs": [ # Output only. The recent clone jobs performed on the migrating VM. This field holds the vm's last completed clone job and the vm's running clone job, if one exists. Note: To have this field populated you need to explicitly request it via the "view" parameter of the Get/List request.
+        { # CloneJob describes the process of creating a clone of a MigratingVM to the requested target based on the latest successful uploaded snapshots. While the migration cycles of a MigratingVm take place, it is possible to verify the uploaded VM can be started in the cloud, by creating a clone. The clone can be created without any downtime, and it is created using the latest snapshots which are already in the cloud. The cloneJob is only responsible for its work, not its products, which means once it is finished, it will never touch the instance it created. It will only delete it in case of the CloneJob being cancelled or upon failure to clone.
+          "computeEngineTargetDetails": { # ComputeEngineTargetDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the target VM in Compute Engine.
+            "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # The OS license returned from the adaptation module report.
+              "osLicense": "A String", # The OS license returned from the adaptation module's report.
+              "type": "A String", # The license type that was used in OS adaptation.
+            },
+            "bootOption": "A String", # The VM Boot Option, as set in the source vm.
+            "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+              "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+              "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+                { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+                  "key": "A String", # The label key of Node resource to reference.
+                  "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+                  "values": [ # Corresponds to the label values of Node resource.
+                    "A String",
+                  ],
+                },
+              ],
+              "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+              "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+            },
+            "diskType": "A String", # The disk type to use in the VM.
+            "labels": { # A map of labels to associate with the VM.
+              "a_key": "A String",
+            },
+            "licenseType": "A String", # The license type to use in OS adaptation.
+            "machineType": "A String", # The machine type to create the VM with.
+            "machineTypeSeries": "A String", # The machine type series to create the VM with.
+            "metadata": { # The metadata key/value pairs to assign to the VM.
+              "a_key": "A String",
+            },
+            "networkInterfaces": [ # List of NICs connected to this VM.
+              { # NetworkInterface represents a NIC of a VM.
+                "externalIp": "A String", # The external IP to define in the NIC.
+                "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+                "network": "A String", # The network to connect the NIC to.
+                "subnetwork": "A String", # The subnetwork to connect the NIC to.
+              },
+            ],
+            "networkTags": [ # A map of network tags to associate with the VM.
+              "A String",
+            ],
+            "project": "A String", # The GCP target project ID or project name.
+            "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+            "serviceAccount": "A String", # The service account to associate the VM with.
+            "vmName": "A String", # The name of the VM to create.
+            "zone": "A String", # The zone in which to create the VM.
+          },
+          "createTime": "A String", # Output only. The time the clone job was created (as an API call, not when it was actually created in the target).
+          "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Output only. Provides details for the errors that led to the Clone Job's state.
+            "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+            "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+              {
+                "a_key": "", # Properties of the object. Contains field @type with type URL.
+              },
+            ],
+            "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+          },
+          "name": "A String", # The name of the clone.
+          "state": "A String", # Output only. State of the clone job.
+          "stateTime": "A String", # Output only. The time the state was last updated.
+        },
+      ],
+      "recentCutoverJobs": [ # Output only. The recent cutover jobs performed on the migrating VM. This field holds the vm's last completed cutover job and the vm's running cutover job, if one exists. Note: To have this field populated you need to explicitly request it via the "view" parameter of the Get/List request.
+        { # CutoverJob message describes a cutover of a migrating VM. The CutoverJob is the operation of shutting down the VM, creating a snapshot and clonning the VM using the replicated snapshot.
+          "computeEngineTargetDetails": { # ComputeEngineTargetDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the target VM in Compute Engine.
+            "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # The OS license returned from the adaptation module report.
+              "osLicense": "A String", # The OS license returned from the adaptation module's report.
+              "type": "A String", # The license type that was used in OS adaptation.
+            },
+            "bootOption": "A String", # The VM Boot Option, as set in the source vm.
+            "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+              "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+              "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+                { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+                  "key": "A String", # The label key of Node resource to reference.
+                  "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+                  "values": [ # Corresponds to the label values of Node resource.
+                    "A String",
+                  ],
+                },
+              ],
+              "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+              "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+            },
+            "diskType": "A String", # The disk type to use in the VM.
+            "labels": { # A map of labels to associate with the VM.
+              "a_key": "A String",
+            },
+            "licenseType": "A String", # The license type to use in OS adaptation.
+            "machineType": "A String", # The machine type to create the VM with.
+            "machineTypeSeries": "A String", # The machine type series to create the VM with.
+            "metadata": { # The metadata key/value pairs to assign to the VM.
+              "a_key": "A String",
+            },
+            "networkInterfaces": [ # List of NICs connected to this VM.
+              { # NetworkInterface represents a NIC of a VM.
+                "externalIp": "A String", # The external IP to define in the NIC.
+                "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+                "network": "A String", # The network to connect the NIC to.
+                "subnetwork": "A String", # The subnetwork to connect the NIC to.
+              },
+            ],
+            "networkTags": [ # A map of network tags to associate with the VM.
+              "A String",
+            ],
+            "project": "A String", # The GCP target project ID or project name.
+            "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+            "serviceAccount": "A String", # The service account to associate the VM with.
+            "vmName": "A String", # The name of the VM to create.
+            "zone": "A String", # The zone in which to create the VM.
+          },
+          "createTime": "A String", # Output only. The time the cutover job was created (as an API call, not when it was actually created in the target).
+          "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Output only. Provides details for the errors that led to the Cutover Job's state.
+            "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+            "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+              {
+                "a_key": "", # Properties of the object. Contains field @type with type URL.
+              },
+            ],
+            "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+          },
+          "name": "A String", # Output only. The name of the cutover job.
+          "progressPercent": 42, # Output only. The current progress in percentage of the cutover job.
+          "state": "A String", # Output only. State of the cutover job.
+          "stateMessage": "A String", # Output only. A message providing possible extra details about the current state.
+          "stateTime": "A String", # Output only. The time the state was last updated.
+        },
+      ],
       "sourceVmId": "A String", # The unique ID of the VM in the source. The VM's name in vSphere can be changed, so this is not the VM's name but rather its moRef id. This id is of the form vm-.
       "state": "A String", # Output only. State of the MigratingVm.
       "stateTime": "A String", # Output only. The last time the migrating VM state was updated.
@@ -626,6 +1026,136 @@ 
Method Details

     "idleDuration": "A String", # The idle duration between replication stages.
     "skipOsAdaptation": True or False, # A flag to indicate whether to skip OS adaptation during the replication sync. OS adaptation is a process where the VM's operating system undergoes changes and adaptations to fully function on Compute Engine.
   },
+  "recentCloneJobs": [ # Output only. The recent clone jobs performed on the migrating VM. This field holds the vm's last completed clone job and the vm's running clone job, if one exists. Note: To have this field populated you need to explicitly request it via the "view" parameter of the Get/List request.
+    { # CloneJob describes the process of creating a clone of a MigratingVM to the requested target based on the latest successful uploaded snapshots. While the migration cycles of a MigratingVm take place, it is possible to verify the uploaded VM can be started in the cloud, by creating a clone. The clone can be created without any downtime, and it is created using the latest snapshots which are already in the cloud. The cloneJob is only responsible for its work, not its products, which means once it is finished, it will never touch the instance it created. It will only delete it in case of the CloneJob being cancelled or upon failure to clone.
+      "computeEngineTargetDetails": { # ComputeEngineTargetDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the target VM in Compute Engine.
+        "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # The OS license returned from the adaptation module report.
+          "osLicense": "A String", # The OS license returned from the adaptation module's report.
+          "type": "A String", # The license type that was used in OS adaptation.
+        },
+        "bootOption": "A String", # The VM Boot Option, as set in the source vm.
+        "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+          "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+          "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+            { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+              "key": "A String", # The label key of Node resource to reference.
+              "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+              "values": [ # Corresponds to the label values of Node resource.
+                "A String",
+              ],
+            },
+          ],
+          "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+          "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+        },
+        "diskType": "A String", # The disk type to use in the VM.
+        "labels": { # A map of labels to associate with the VM.
+          "a_key": "A String",
+        },
+        "licenseType": "A String", # The license type to use in OS adaptation.
+        "machineType": "A String", # The machine type to create the VM with.
+        "machineTypeSeries": "A String", # The machine type series to create the VM with.
+        "metadata": { # The metadata key/value pairs to assign to the VM.
+          "a_key": "A String",
+        },
+        "networkInterfaces": [ # List of NICs connected to this VM.
+          { # NetworkInterface represents a NIC of a VM.
+            "externalIp": "A String", # The external IP to define in the NIC.
+            "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+            "network": "A String", # The network to connect the NIC to.
+            "subnetwork": "A String", # The subnetwork to connect the NIC to.
+          },
+        ],
+        "networkTags": [ # A map of network tags to associate with the VM.
+          "A String",
+        ],
+        "project": "A String", # The GCP target project ID or project name.
+        "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+        "serviceAccount": "A String", # The service account to associate the VM with.
+        "vmName": "A String", # The name of the VM to create.
+        "zone": "A String", # The zone in which to create the VM.
+      },
+      "createTime": "A String", # Output only. The time the clone job was created (as an API call, not when it was actually created in the target).
+      "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Output only. Provides details for the errors that led to the Clone Job's state.
+        "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+        "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+          {
+            "a_key": "", # Properties of the object. Contains field @type with type URL.
+          },
+        ],
+        "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+      },
+      "name": "A String", # The name of the clone.
+      "state": "A String", # Output only. State of the clone job.
+      "stateTime": "A String", # Output only. The time the state was last updated.
+    },
+  ],
+  "recentCutoverJobs": [ # Output only. The recent cutover jobs performed on the migrating VM. This field holds the vm's last completed cutover job and the vm's running cutover job, if one exists. Note: To have this field populated you need to explicitly request it via the "view" parameter of the Get/List request.
+    { # CutoverJob message describes a cutover of a migrating VM. The CutoverJob is the operation of shutting down the VM, creating a snapshot and clonning the VM using the replicated snapshot.
+      "computeEngineTargetDetails": { # ComputeEngineTargetDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the target VM in Compute Engine.
+        "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # The OS license returned from the adaptation module report.
+          "osLicense": "A String", # The OS license returned from the adaptation module's report.
+          "type": "A String", # The license type that was used in OS adaptation.
+        },
+        "bootOption": "A String", # The VM Boot Option, as set in the source vm.
+        "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+          "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+          "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+            { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+              "key": "A String", # The label key of Node resource to reference.
+              "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+              "values": [ # Corresponds to the label values of Node resource.
+                "A String",
+              ],
+            },
+          ],
+          "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+          "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+        },
+        "diskType": "A String", # The disk type to use in the VM.
+        "labels": { # A map of labels to associate with the VM.
+          "a_key": "A String",
+        },
+        "licenseType": "A String", # The license type to use in OS adaptation.
+        "machineType": "A String", # The machine type to create the VM with.
+        "machineTypeSeries": "A String", # The machine type series to create the VM with.
+        "metadata": { # The metadata key/value pairs to assign to the VM.
+          "a_key": "A String",
+        },
+        "networkInterfaces": [ # List of NICs connected to this VM.
+          { # NetworkInterface represents a NIC of a VM.
+            "externalIp": "A String", # The external IP to define in the NIC.
+            "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+            "network": "A String", # The network to connect the NIC to.
+            "subnetwork": "A String", # The subnetwork to connect the NIC to.
+          },
+        ],
+        "networkTags": [ # A map of network tags to associate with the VM.
+          "A String",
+        ],
+        "project": "A String", # The GCP target project ID or project name.
+        "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+        "serviceAccount": "A String", # The service account to associate the VM with.
+        "vmName": "A String", # The name of the VM to create.
+        "zone": "A String", # The zone in which to create the VM.
+      },
+      "createTime": "A String", # Output only. The time the cutover job was created (as an API call, not when it was actually created in the target).
+      "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Output only. Provides details for the errors that led to the Cutover Job's state.
+        "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+        "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+          {
+            "a_key": "", # Properties of the object. Contains field @type with type URL.
+          },
+        ],
+        "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+      },
+      "name": "A String", # Output only. The name of the cutover job.
+      "progressPercent": 42, # Output only. The current progress in percentage of the cutover job.
+      "state": "A String", # Output only. State of the cutover job.
+      "stateMessage": "A String", # Output only. A message providing possible extra details about the current state.
+      "stateTime": "A String", # Output only. The time the state was last updated.
+    },
+  ],
   "sourceVmId": "A String", # The unique ID of the VM in the source. The VM's name in vSphere can be changed, so this is not the VM's name but rather its moRef id. This id is of the form vm-.
   "state": "A String", # Output only. State of the MigratingVm.
   "stateTime": "A String", # Output only. The last time the migrating VM state was updated.
diff --git a/docs/dyn/vmmigration_v1alpha1.projects.locations.sources.migratingVms.html b/docs/dyn/vmmigration_v1alpha1.projects.locations.sources.migratingVms.html
index ddb68298f58..c094a5a39a8 100644
--- a/docs/dyn/vmmigration_v1alpha1.projects.locations.sources.migratingVms.html
+++ b/docs/dyn/vmmigration_v1alpha1.projects.locations.sources.migratingVms.html
@@ -782,7 +782,7 @@ 
Method Details

   name: string, Required. The name of the MigratingVm. (required)
   view: string, Optional. The level of details of the migrating VM.
     Allowed values
-      MIGRATING_VM_VIEW_UNSPECIFIED - The default / unset value. Will fallback to FULL.
+      MIGRATING_VM_VIEW_UNSPECIFIED - View is unspecified. The API will fallback to the default value.
       MIGRATING_VM_VIEW_BASIC - Get the migrating VM basic details. The basic details do not include the recent clone jobs and recent cutover jobs lists.
       MIGRATING_VM_VIEW_FULL - Include everything.
   x__xgafv: string, V1 error format.
@@ -1341,7 +1341,7 @@ 
Method Details

   pageToken: string, Required. A page token, received from a previous `ListMigratingVms` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListMigratingVms` must match the call that provided the page token.
   view: string, Optional. The level of details of each migrating VM.
     Allowed values
-      MIGRATING_VM_VIEW_UNSPECIFIED - The default / unset value. Will fallback to FULL.
+      MIGRATING_VM_VIEW_UNSPECIFIED - View is unspecified. The API will fallback to the default value.
       MIGRATING_VM_VIEW_BASIC - Get the migrating VM basic details. The basic details do not include the recent clone jobs and recent cutover jobs lists.
       MIGRATING_VM_VIEW_FULL - Include everything.
   x__xgafv: string, V1 error format.
diff --git a/googleapiclient/discovery_cache/documents/acceleratedmobilepageurl.v1.json b/googleapiclient/discovery_cache/documents/acceleratedmobilepageurl.v1.json
index db9f9121595..74a1568e8e1 100644
--- a/googleapiclient/discovery_cache/documents/acceleratedmobilepageurl.v1.json
+++ b/googleapiclient/discovery_cache/documents/acceleratedmobilepageurl.v1.json
@@ -115,7 +115,7 @@
       }
     }
   },
-  "revision": "20211106",
+  "revision": "20211112",
   "rootUrl": "https://acceleratedmobilepageurl.googleapis.com/",
   "schemas": {
     "AmpUrl": {
diff --git a/googleapiclient/discovery_cache/documents/accessapproval.v1.json b/googleapiclient/discovery_cache/documents/accessapproval.v1.json
index e39ee7ac4ea..15d782e1603 100644
--- a/googleapiclient/discovery_cache/documents/accessapproval.v1.json
+++ b/googleapiclient/discovery_cache/documents/accessapproval.v1.json
@@ -754,7 +754,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211112",
   "rootUrl": "https://accessapproval.googleapis.com/",
   "schemas": {
     "AccessApprovalSettings": {
diff --git a/googleapiclient/discovery_cache/documents/accesscontextmanager.v1.json b/googleapiclient/discovery_cache/documents/accesscontextmanager.v1.json
index 87dc1a9db4d..ffa66a6c80a 100644
--- a/googleapiclient/discovery_cache/documents/accesscontextmanager.v1.json
+++ b/googleapiclient/discovery_cache/documents/accesscontextmanager.v1.json
@@ -943,7 +943,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211106",
   "rootUrl": "https://accesscontextmanager.googleapis.com/",
   "schemas": {
     "AccessContextManagerOperationMetadata": {
diff --git a/googleapiclient/discovery_cache/documents/accesscontextmanager.v1beta.json b/googleapiclient/discovery_cache/documents/accesscontextmanager.v1beta.json
index 2a28f48286c..225213c12d2 100644
--- a/googleapiclient/discovery_cache/documents/accesscontextmanager.v1beta.json
+++ b/googleapiclient/discovery_cache/documents/accesscontextmanager.v1beta.json
@@ -609,7 +609,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211106",
   "rootUrl": "https://accesscontextmanager.googleapis.com/",
   "schemas": {
     "AccessContextManagerOperationMetadata": {
diff --git a/googleapiclient/discovery_cache/documents/adexchangebuyer2.v2beta1.json b/googleapiclient/discovery_cache/documents/adexchangebuyer2.v2beta1.json
index d4043ff72ed..eb4faede9a9 100644
--- a/googleapiclient/discovery_cache/documents/adexchangebuyer2.v2beta1.json
+++ b/googleapiclient/discovery_cache/documents/adexchangebuyer2.v2beta1.json
@@ -2568,7 +2568,7 @@
       }
     }
   },
-  "revision": "20211108",
+  "revision": "20211115",
   "rootUrl": "https://adexchangebuyer.googleapis.com/",
   "schemas": {
     "AbsoluteDateRange": {
diff --git a/googleapiclient/discovery_cache/documents/admin.datatransfer_v1.json b/googleapiclient/discovery_cache/documents/admin.datatransfer_v1.json
index 6fd3ed7bfcd..5eb6c0f4ca5 100644
--- a/googleapiclient/discovery_cache/documents/admin.datatransfer_v1.json
+++ b/googleapiclient/discovery_cache/documents/admin.datatransfer_v1.json
@@ -272,7 +272,7 @@
       }
     }
   },
-  "revision": "20211102",
+  "revision": "20211109",
   "rootUrl": "https://admin.googleapis.com/",
   "schemas": {
     "Application": {
diff --git a/googleapiclient/discovery_cache/documents/admin.directory_v1.json b/googleapiclient/discovery_cache/documents/admin.directory_v1.json
index fa8c8ae910e..b4a6e55eec4 100644
--- a/googleapiclient/discovery_cache/documents/admin.directory_v1.json
+++ b/googleapiclient/discovery_cache/documents/admin.directory_v1.json
@@ -455,7 +455,7 @@
               "type": "string"
             },
             "query": {
-              "description": "Search string in the format given at http://support.google.com/chromeos/a/bin/answer.py?answer=1698333",
+              "description": "Search string in the format given at https://developers.google.com/admin-sdk/directory/v1/list-query-operators",
               "location": "query",
               "type": "string"
             },
@@ -4402,7 +4402,7 @@
       }
     }
   },
-  "revision": "20211102",
+  "revision": "20211109",
   "rootUrl": "https://admin.googleapis.com/",
   "schemas": {
     "Alias": {
diff --git a/googleapiclient/discovery_cache/documents/admin.reports_v1.json b/googleapiclient/discovery_cache/documents/admin.reports_v1.json
index f8a50468c3e..8705b694d8b 100644
--- a/googleapiclient/discovery_cache/documents/admin.reports_v1.json
+++ b/googleapiclient/discovery_cache/documents/admin.reports_v1.json
@@ -631,7 +631,7 @@
       }
     }
   },
-  "revision": "20211102",
+  "revision": "20211109",
   "rootUrl": "https://admin.googleapis.com/",
   "schemas": {
     "Activities": {
diff --git a/googleapiclient/discovery_cache/documents/admob.v1.json b/googleapiclient/discovery_cache/documents/admob.v1.json
index 1f008925d4f..3e23d70942a 100644
--- a/googleapiclient/discovery_cache/documents/admob.v1.json
+++ b/googleapiclient/discovery_cache/documents/admob.v1.json
@@ -321,7 +321,7 @@
       }
     }
   },
-  "revision": "20211106",
+  "revision": "20211115",
   "rootUrl": "https://admob.googleapis.com/",
   "schemas": {
     "AdUnit": {
diff --git a/googleapiclient/discovery_cache/documents/admob.v1beta.json b/googleapiclient/discovery_cache/documents/admob.v1beta.json
index 0ae075eb986..85097d27c19 100644
--- a/googleapiclient/discovery_cache/documents/admob.v1beta.json
+++ b/googleapiclient/discovery_cache/documents/admob.v1beta.json
@@ -321,7 +321,7 @@
       }
     }
   },
-  "revision": "20211106",
+  "revision": "20211115",
   "rootUrl": "https://admob.googleapis.com/",
   "schemas": {
     "AdUnit": {
diff --git a/googleapiclient/discovery_cache/documents/adsense.v2.json b/googleapiclient/discovery_cache/documents/adsense.v2.json
index 3fd73a2ccd9..60032eda7d0 100644
--- a/googleapiclient/discovery_cache/documents/adsense.v2.json
+++ b/googleapiclient/discovery_cache/documents/adsense.v2.json
@@ -1567,7 +1567,7 @@
       }
     }
   },
-  "revision": "20211106",
+  "revision": "20211113",
   "rootUrl": "https://adsense.googleapis.com/",
   "schemas": {
     "Account": {
diff --git a/googleapiclient/discovery_cache/documents/alertcenter.v1beta1.json b/googleapiclient/discovery_cache/documents/alertcenter.v1beta1.json
index a851221057c..acc32e28372 100644
--- a/googleapiclient/discovery_cache/documents/alertcenter.v1beta1.json
+++ b/googleapiclient/discovery_cache/documents/alertcenter.v1beta1.json
@@ -423,7 +423,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211109",
   "rootUrl": "https://alertcenter.googleapis.com/",
   "schemas": {
     "AccountSuspensionDetails": {
diff --git a/googleapiclient/discovery_cache/documents/analyticsadmin.v1alpha.json b/googleapiclient/discovery_cache/documents/analyticsadmin.v1alpha.json
index adc01ba7fd2..b23fa1b7609 100644
--- a/googleapiclient/discovery_cache/documents/analyticsadmin.v1alpha.json
+++ b/googleapiclient/discovery_cache/documents/analyticsadmin.v1alpha.json
@@ -3120,7 +3120,7 @@
       }
     }
   },
-  "revision": "20211105",
+  "revision": "20211112",
   "rootUrl": "https://analyticsadmin.googleapis.com/",
   "schemas": {
     "GoogleAnalyticsAdminV1alphaAccount": {
diff --git a/googleapiclient/discovery_cache/documents/analyticsdata.v1beta.json b/googleapiclient/discovery_cache/documents/analyticsdata.v1beta.json
index 90420318abd..f8613250c86 100644
--- a/googleapiclient/discovery_cache/documents/analyticsdata.v1beta.json
+++ b/googleapiclient/discovery_cache/documents/analyticsdata.v1beta.json
@@ -313,7 +313,7 @@
       }
     }
   },
-  "revision": "20211105",
+  "revision": "20211111",
   "rootUrl": "https://analyticsdata.googleapis.com/",
   "schemas": {
     "ActiveMetricRestriction": {
@@ -629,7 +629,7 @@
           "description": "One dimension can be the result of an expression of multiple dimensions. For example, dimension \"country, city\": concatenate(country, \", \", city)."
         },
         "name": {
-          "description": "The name of the dimension. See the [API Dimensions](https://developers.google.com/analytics/devguides/reporting/data/v1/api-schema#dimensions) for the list of dimension names. If `dimensionExpression` is specified, `name` can be any string that you would like within the allowed character set. For example if a `dimensionExpression` concatenates `country` and `city`, you could call that dimension `countryAndCity`. Dimension names that you choose must match the regular expression \"^[a-zA-Z0-9_]$\". Dimensions are referenced by `name` in `dimensionFilter`, `orderBys`, `dimensionExpression`, and `pivots`.",
+          "description": "The name of the dimension. See the [API Dimensions](https://developers.google.com/analytics/devguides/reporting/data/v1/api-schema#dimensions) for the list of dimension names. If `dimensionExpression` is specified, `name` can be any string that you would like within the allowed character set. For example if a `dimensionExpression` concatenates `country` and `city`, you could call that dimension `countryAndCity`. Dimension names that you choose must match the regular expression `^[a-zA-Z0-9_]$`. Dimensions are referenced by `name` in `dimensionFilter`, `orderBys`, `dimensionExpression`, and `pivots`.",
           "type": "string"
         }
       },
@@ -882,7 +882,7 @@
           "type": "boolean"
         },
         "name": {
-          "description": "The name of the metric. See the [API Metrics](https://developers.google.com/analytics/devguides/reporting/data/v1/api-schema#metrics) for the list of metric names. If `expression` is specified, `name` can be any string that you would like within the allowed character set. For example if `expression` is `screenPageViews/sessions`, you could call that metric's name = `viewsPerSession`. Metric names that you choose must match the regular expression \"^[a-zA-Z0-9_]$\". Metrics are referenced by `name` in `metricFilter`, `orderBys`, and metric `expression`.",
+          "description": "The name of the metric. See the [API Metrics](https://developers.google.com/analytics/devguides/reporting/data/v1/api-schema#metrics) for the list of metric names. If `expression` is specified, `name` can be any string that you would like within the allowed character set. For example if `expression` is `screenPageViews/sessions`, you could call that metric's name = `viewsPerSession`. Metric names that you choose must match the regular expression `^[a-zA-Z0-9_]$`. Metrics are referenced by `name` in `metricFilter`, `orderBys`, and metric `expression`.",
           "type": "string"
         }
       },
diff --git a/googleapiclient/discovery_cache/documents/androiddeviceprovisioning.v1.json b/googleapiclient/discovery_cache/documents/androiddeviceprovisioning.v1.json
index e6a1c260181..69a338b89f7 100644
--- a/googleapiclient/discovery_cache/documents/androiddeviceprovisioning.v1.json
+++ b/googleapiclient/discovery_cache/documents/androiddeviceprovisioning.v1.json
@@ -825,7 +825,7 @@
       }
     }
   },
-  "revision": "20211105",
+  "revision": "20211112",
   "rootUrl": "https://androiddeviceprovisioning.googleapis.com/",
   "schemas": {
     "ClaimDeviceRequest": {
diff --git a/googleapiclient/discovery_cache/documents/androidenterprise.v1.json b/googleapiclient/discovery_cache/documents/androidenterprise.v1.json
index 0f15a6f5d96..1984379774e 100644
--- a/googleapiclient/discovery_cache/documents/androidenterprise.v1.json
+++ b/googleapiclient/discovery_cache/documents/androidenterprise.v1.json
@@ -2610,7 +2610,7 @@
       }
     }
   },
-  "revision": "20211102",
+  "revision": "20211110",
   "rootUrl": "https://androidenterprise.googleapis.com/",
   "schemas": {
     "Administrator": {
diff --git a/googleapiclient/discovery_cache/documents/androidpublisher.v3.json b/googleapiclient/discovery_cache/documents/androidpublisher.v3.json
index c6bb481c157..9ccefe98c7a 100644
--- a/googleapiclient/discovery_cache/documents/androidpublisher.v3.json
+++ b/googleapiclient/discovery_cache/documents/androidpublisher.v3.json
@@ -2924,7 +2924,7 @@
       }
     }
   },
-  "revision": "20211106",
+  "revision": "20211113",
   "rootUrl": "https://androidpublisher.googleapis.com/",
   "schemas": {
     "Apk": {
diff --git a/googleapiclient/discovery_cache/documents/apigateway.v1.json b/googleapiclient/discovery_cache/documents/apigateway.v1.json
index 391a3cc6c48..93588d90ae6 100644
--- a/googleapiclient/discovery_cache/documents/apigateway.v1.json
+++ b/googleapiclient/discovery_cache/documents/apigateway.v1.json
@@ -1083,7 +1083,7 @@
       }
     }
   },
-  "revision": "20211027",
+  "revision": "20211103",
   "rootUrl": "https://apigateway.googleapis.com/",
   "schemas": {
     "ApigatewayApi": {
diff --git a/googleapiclient/discovery_cache/documents/apigateway.v1beta.json b/googleapiclient/discovery_cache/documents/apigateway.v1beta.json
index 7266c5a6e46..b33e5de5d8c 100644
--- a/googleapiclient/discovery_cache/documents/apigateway.v1beta.json
+++ b/googleapiclient/discovery_cache/documents/apigateway.v1beta.json
@@ -1083,7 +1083,7 @@
       }
     }
   },
-  "revision": "20211027",
+  "revision": "20211103",
   "rootUrl": "https://apigateway.googleapis.com/",
   "schemas": {
     "ApigatewayApi": {
diff --git a/googleapiclient/discovery_cache/documents/apikeys.v2.json b/googleapiclient/discovery_cache/documents/apikeys.v2.json
index 2756444e53b..c1e47427a0f 100644
--- a/googleapiclient/discovery_cache/documents/apikeys.v2.json
+++ b/googleapiclient/discovery_cache/documents/apikeys.v2.json
@@ -424,7 +424,7 @@
       }
     }
   },
-  "revision": "20211105",
+  "revision": "20211112",
   "rootUrl": "https://apikeys.googleapis.com/",
   "schemas": {
     "Operation": {
diff --git a/googleapiclient/discovery_cache/documents/appengine.v1.json b/googleapiclient/discovery_cache/documents/appengine.v1.json
index f0a00720b7c..7692c0432a0 100644
--- a/googleapiclient/discovery_cache/documents/appengine.v1.json
+++ b/googleapiclient/discovery_cache/documents/appengine.v1.json
@@ -1595,7 +1595,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211106",
   "rootUrl": "https://appengine.googleapis.com/",
   "schemas": {
     "ApiConfigHandler": {
diff --git a/googleapiclient/discovery_cache/documents/appengine.v1alpha.json b/googleapiclient/discovery_cache/documents/appengine.v1alpha.json
index e3dbac110ae..728c935c09d 100644
--- a/googleapiclient/discovery_cache/documents/appengine.v1alpha.json
+++ b/googleapiclient/discovery_cache/documents/appengine.v1alpha.json
@@ -887,7 +887,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211106",
   "rootUrl": "https://appengine.googleapis.com/",
   "schemas": {
     "AuthorizedCertificate": {
diff --git a/googleapiclient/discovery_cache/documents/appengine.v1beta.json b/googleapiclient/discovery_cache/documents/appengine.v1beta.json
index 5d09d71909b..a4b1c5581d4 100644
--- a/googleapiclient/discovery_cache/documents/appengine.v1beta.json
+++ b/googleapiclient/discovery_cache/documents/appengine.v1beta.json
@@ -1595,7 +1595,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211106",
   "rootUrl": "https://appengine.googleapis.com/",
   "schemas": {
     "ApiConfigHandler": {
diff --git a/googleapiclient/discovery_cache/documents/area120tables.v1alpha1.json b/googleapiclient/discovery_cache/documents/area120tables.v1alpha1.json
index 7335392115c..21a00eda78a 100644
--- a/googleapiclient/discovery_cache/documents/area120tables.v1alpha1.json
+++ b/googleapiclient/discovery_cache/documents/area120tables.v1alpha1.json
@@ -586,7 +586,7 @@
       }
     }
   },
-  "revision": "20211105",
+  "revision": "20211112",
   "rootUrl": "https://area120tables.googleapis.com/",
   "schemas": {
     "BatchCreateRowsRequest": {
diff --git a/googleapiclient/discovery_cache/documents/assuredworkloads.v1.json b/googleapiclient/discovery_cache/documents/assuredworkloads.v1.json
index 79292fc6ff0..c8ed49882fe 100644
--- a/googleapiclient/discovery_cache/documents/assuredworkloads.v1.json
+++ b/googleapiclient/discovery_cache/documents/assuredworkloads.v1.json
@@ -351,7 +351,7 @@
       }
     }
   },
-  "revision": "20211027",
+  "revision": "20211103",
   "rootUrl": "https://assuredworkloads.googleapis.com/",
   "schemas": {
     "GoogleCloudAssuredworkloadsV1CreateWorkloadOperationMetadata": {
diff --git a/googleapiclient/discovery_cache/documents/authorizedbuyersmarketplace.v1.json b/googleapiclient/discovery_cache/documents/authorizedbuyersmarketplace.v1.json
index ac16ed9d680..a8b25feb689 100644
--- a/googleapiclient/discovery_cache/documents/authorizedbuyersmarketplace.v1.json
+++ b/googleapiclient/discovery_cache/documents/authorizedbuyersmarketplace.v1.json
@@ -1307,7 +1307,7 @@
       }
     }
   },
-  "revision": "20211106",
+  "revision": "20211115",
   "rootUrl": "https://authorizedbuyersmarketplace.googleapis.com/",
   "schemas": {
     "AcceptProposalRequest": {
@@ -2351,7 +2351,7 @@
       "id": "PauseFinalizedDealRequest",
       "properties": {
         "reason": {
-          "description": "The reason to pause the finalized deal, will be displayed to the seller. Maximum length is 1000 characters.",
+          "description": "Required. The reason to pause the finalized deal, will be displayed to the seller. Maximum length is 1000 characters.",
           "type": "string"
         }
       },
diff --git a/googleapiclient/discovery_cache/documents/bigquerydatatransfer.v1.json b/googleapiclient/discovery_cache/documents/bigquerydatatransfer.v1.json
index 3a9ae571667..cc5561e825d 100644
--- a/googleapiclient/discovery_cache/documents/bigquerydatatransfer.v1.json
+++ b/googleapiclient/discovery_cache/documents/bigquerydatatransfer.v1.json
@@ -1340,7 +1340,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211106",
   "rootUrl": "https://bigquerydatatransfer.googleapis.com/",
   "schemas": {
     "CheckValidCredsRequest": {
diff --git a/googleapiclient/discovery_cache/documents/bigqueryreservation.v1.json b/googleapiclient/discovery_cache/documents/bigqueryreservation.v1.json
index 4a2c9aaec03..82f79fb4737 100644
--- a/googleapiclient/discovery_cache/documents/bigqueryreservation.v1.json
+++ b/googleapiclient/discovery_cache/documents/bigqueryreservation.v1.json
@@ -788,7 +788,7 @@
       }
     }
   },
-  "revision": "20211026",
+  "revision": "20211105",
   "rootUrl": "https://bigqueryreservation.googleapis.com/",
   "schemas": {
     "Assignment": {
diff --git a/googleapiclient/discovery_cache/documents/bigqueryreservation.v1beta1.json b/googleapiclient/discovery_cache/documents/bigqueryreservation.v1beta1.json
index 298c8171bf4..72e5d43ac2c 100644
--- a/googleapiclient/discovery_cache/documents/bigqueryreservation.v1beta1.json
+++ b/googleapiclient/discovery_cache/documents/bigqueryreservation.v1beta1.json
@@ -786,7 +786,7 @@
       }
     }
   },
-  "revision": "20211026",
+  "revision": "20211105",
   "rootUrl": "https://bigqueryreservation.googleapis.com/",
   "schemas": {
     "Assignment": {
diff --git a/googleapiclient/discovery_cache/documents/bigtableadmin.v1.json b/googleapiclient/discovery_cache/documents/bigtableadmin.v1.json
index b3ea72ff211..df425ada302 100644
--- a/googleapiclient/discovery_cache/documents/bigtableadmin.v1.json
+++ b/googleapiclient/discovery_cache/documents/bigtableadmin.v1.json
@@ -96,9 +96,38 @@
   },
   "protocol": "rest",
   "resources": {},
-  "revision": "20211025",
+  "revision": "20211104",
   "rootUrl": "https://bigtableadmin.googleapis.com/",
   "schemas": {
+    "AutoscalingLimits": {
+      "description": "Limits for the number of nodes a Cluster can autoscale up/down to.",
+      "id": "AutoscalingLimits",
+      "properties": {
+        "maxServeNodes": {
+          "description": "Required. Maximum number of nodes to scale up to.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "minServeNodes": {
+          "description": "Required. Minimum number of nodes to scale down to.",
+          "format": "int32",
+          "type": "integer"
+        }
+      },
+      "type": "object"
+    },
+    "AutoscalingTargets": {
+      "description": "The Autoscaling targets for a Cluster. These determine the recommended nodes.",
+      "id": "AutoscalingTargets",
+      "properties": {
+        "cpuUtilizationPercent": {
+          "description": "The cpu utilization that the Autoscaler should be trying to achieve. This number is on a scale from 0 (no utilization) to 100 (total utilization).",
+          "format": "int32",
+          "type": "integer"
+        }
+      },
+      "type": "object"
+    },
     "Backup": {
       "description": "A backup of a Cloud Bigtable table.",
       "id": "Backup",
@@ -190,6 +219,10 @@
       "description": "A resizable group of nodes in a particular cloud location, capable of serving all Tables in the parent Instance.",
       "id": "Cluster",
       "properties": {
+        "clusterConfig": {
+          "$ref": "ClusterConfig",
+          "description": "Configuration for this cluster."
+        },
         "defaultStorageType": {
           "description": "Immutable. The type of storage used by this cluster to serve its parent instance's tables, unless explicitly overridden.",
           "enum": [
@@ -243,6 +276,32 @@
       },
       "type": "object"
     },
+    "ClusterAutoscalingConfig": {
+      "description": "Autoscaling config for a cluster.",
+      "id": "ClusterAutoscalingConfig",
+      "properties": {
+        "autoscalingLimits": {
+          "$ref": "AutoscalingLimits",
+          "description": "Required. Autoscaling limits for this cluster."
+        },
+        "autoscalingTargets": {
+          "$ref": "AutoscalingTargets",
+          "description": "Required. Autoscaling targets for this cluster."
+        }
+      },
+      "type": "object"
+    },
+    "ClusterConfig": {
+      "description": "Configuration for a cluster.",
+      "id": "ClusterConfig",
+      "properties": {
+        "clusterAutoscalingConfig": {
+          "$ref": "ClusterAutoscalingConfig",
+          "description": "Autoscaling configuration for this cluster. Note that when creating or updating a cluster, exactly one of serve_nodes or cluster_autoscaling_config must be set. If serve_nodes is set, then serve_nodes is fixed and autoscaling is turned off. If cluster_autoscaling_config is set, then serve_nodes will be autoscaled."
+        }
+      },
+      "type": "object"
+    },
     "CreateBackupMetadata": {
       "description": "Metadata type for the operation returned by CreateBackup.",
       "id": "CreateBackupMetadata",
@@ -438,7 +497,7 @@
       "id": "Instance",
       "properties": {
         "createTime": {
-          "description": "Output only. A server-assigned timestamp representing when this Instance was created.",
+          "description": "Output only. A server-assigned timestamp representing when this Instance was created. For instances created before this field was added (August 2021), this value is `seconds: 0, nanos: 1`.",
           "format": "google-datetime",
           "readOnly": true,
           "type": "string"
@@ -527,6 +586,42 @@
       },
       "type": "object"
     },
+    "PartialUpdateClusterMetadata": {
+      "description": "The metadata for the Operation returned by PartialUpdateCluster.",
+      "id": "PartialUpdateClusterMetadata",
+      "properties": {
+        "finishTime": {
+          "description": "The time at which the operation failed or was completed successfully.",
+          "format": "google-datetime",
+          "type": "string"
+        },
+        "originalRequest": {
+          "$ref": "PartialUpdateClusterRequest"
+        },
+        "requestTime": {
+          "description": "The time at which the original request was received.",
+          "format": "google-datetime",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "PartialUpdateClusterRequest": {
+      "description": "Request message for BigtableInstanceAdmin.PartialUpdateCluster.",
+      "id": "PartialUpdateClusterRequest",
+      "properties": {
+        "cluster": {
+          "$ref": "Cluster",
+          "description": "Required. The Cluster which contains the partial updates to be applied, subject to the update_mask."
+        },
+        "updateMask": {
+          "description": "Required. The subset of Cluster fields which should be replaced. Must be explicitly set.",
+          "format": "google-fieldmask",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
     "PartialUpdateInstanceRequest": {
       "description": "Request message for BigtableInstanceAdmin.PartialUpdateInstance.",
       "id": "PartialUpdateInstanceRequest",
diff --git a/googleapiclient/discovery_cache/documents/bigtableadmin.v2.json b/googleapiclient/discovery_cache/documents/bigtableadmin.v2.json
index 197e5f3ded4..595e73773d4 100644
--- a/googleapiclient/discovery_cache/documents/bigtableadmin.v2.json
+++ b/googleapiclient/discovery_cache/documents/bigtableadmin.v2.json
@@ -1803,7 +1803,7 @@
       }
     }
   },
-  "revision": "20211025",
+  "revision": "20211104",
   "rootUrl": "https://bigtableadmin.googleapis.com/",
   "schemas": {
     "AppProfile": {
@@ -1881,6 +1881,35 @@
       },
       "type": "object"
     },
+    "AutoscalingLimits": {
+      "description": "Limits for the number of nodes a Cluster can autoscale up/down to.",
+      "id": "AutoscalingLimits",
+      "properties": {
+        "maxServeNodes": {
+          "description": "Required. Maximum number of nodes to scale up to.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "minServeNodes": {
+          "description": "Required. Minimum number of nodes to scale down to.",
+          "format": "int32",
+          "type": "integer"
+        }
+      },
+      "type": "object"
+    },
+    "AutoscalingTargets": {
+      "description": "The Autoscaling targets for a Cluster. These determine the recommended nodes.",
+      "id": "AutoscalingTargets",
+      "properties": {
+        "cpuUtilizationPercent": {
+          "description": "The cpu utilization that the Autoscaler should be trying to achieve. This number is on a scale from 0 (no utilization) to 100 (total utilization).",
+          "format": "int32",
+          "type": "integer"
+        }
+      },
+      "type": "object"
+    },
     "Backup": {
       "description": "A backup of a Cloud Bigtable table.",
       "id": "Backup",
@@ -1969,22 +1998,22 @@
       "type": "object"
     },
     "Binding": {
-      "description": "Associates `members` with a `role`.",
+      "description": "Associates `members`, or principals, with a `role`.",
       "id": "Binding",
       "properties": {
         "condition": {
           "$ref": "Expr",
-          "description": "The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
+          "description": "The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
         },
         "members": {
-          "description": "Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. ",
+          "description": "Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. ",
           "items": {
             "type": "string"
           },
           "type": "array"
         },
         "role": {
-          "description": "Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.",
+          "description": "Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.",
           "type": "string"
         }
       },
@@ -2016,6 +2045,10 @@
       "description": "A resizable group of nodes in a particular cloud location, capable of serving all Tables in the parent Instance.",
       "id": "Cluster",
       "properties": {
+        "clusterConfig": {
+          "$ref": "ClusterConfig",
+          "description": "Configuration for this cluster."
+        },
         "defaultStorageType": {
           "description": "Immutable. The type of storage used by this cluster to serve its parent instance's tables, unless explicitly overridden.",
           "enum": [
@@ -2069,6 +2102,32 @@
       },
       "type": "object"
     },
+    "ClusterAutoscalingConfig": {
+      "description": "Autoscaling config for a cluster.",
+      "id": "ClusterAutoscalingConfig",
+      "properties": {
+        "autoscalingLimits": {
+          "$ref": "AutoscalingLimits",
+          "description": "Required. Autoscaling limits for this cluster."
+        },
+        "autoscalingTargets": {
+          "$ref": "AutoscalingTargets",
+          "description": "Required. Autoscaling targets for this cluster."
+        }
+      },
+      "type": "object"
+    },
+    "ClusterConfig": {
+      "description": "Configuration for a cluster.",
+      "id": "ClusterConfig",
+      "properties": {
+        "clusterAutoscalingConfig": {
+          "$ref": "ClusterAutoscalingConfig",
+          "description": "Autoscaling configuration for this cluster. Note that when creating or updating a cluster, exactly one of serve_nodes or cluster_autoscaling_config must be set. If serve_nodes is set, then serve_nodes is fixed and autoscaling is turned off. If cluster_autoscaling_config is set, then serve_nodes will be autoscaled."
+        }
+      },
+      "type": "object"
+    },
     "ClusterState": {
       "description": "The state of a table's data in a particular cluster.",
       "id": "ClusterState",
@@ -2443,7 +2502,7 @@
       "id": "Instance",
       "properties": {
         "createTime": {
-          "description": "Output only. A server-assigned timestamp representing when this Instance was created.",
+          "description": "Output only. A server-assigned timestamp representing when this Instance was created. For instances created before this field was added (August 2021), this value is `seconds: 0, nanos: 1`.",
           "format": "google-datetime",
           "readOnly": true,
           "type": "string"
@@ -2813,6 +2872,42 @@
       },
       "type": "object"
     },
+    "PartialUpdateClusterMetadata": {
+      "description": "The metadata for the Operation returned by PartialUpdateCluster.",
+      "id": "PartialUpdateClusterMetadata",
+      "properties": {
+        "finishTime": {
+          "description": "The time at which the operation failed or was completed successfully.",
+          "format": "google-datetime",
+          "type": "string"
+        },
+        "originalRequest": {
+          "$ref": "PartialUpdateClusterRequest"
+        },
+        "requestTime": {
+          "description": "The time at which the original request was received.",
+          "format": "google-datetime",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "PartialUpdateClusterRequest": {
+      "description": "Request message for BigtableInstanceAdmin.PartialUpdateCluster.",
+      "id": "PartialUpdateClusterRequest",
+      "properties": {
+        "cluster": {
+          "$ref": "Cluster",
+          "description": "Required. The Cluster which contains the partial updates to be applied, subject to the update_mask."
+        },
+        "updateMask": {
+          "description": "Required. The subset of Cluster fields which should be replaced. Must be explicitly set.",
+          "format": "google-fieldmask",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
     "PartialUpdateInstanceRequest": {
       "description": "Request message for BigtableInstanceAdmin.PartialUpdateInstance.",
       "id": "PartialUpdateInstanceRequest",
@@ -2830,7 +2925,7 @@
       "type": "object"
     },
     "Policy": {
-      "description": "An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { \"bindings\": [ { \"role\": \"roles/resourcemanager.organizationAdmin\", \"members\": [ \"user:mike@example.com\", \"group:admins@example.com\", \"domain:google.com\", \"serviceAccount:my-project-id@appspot.gserviceaccount.com\" ] }, { \"role\": \"roles/resourcemanager.organizationViewer\", \"members\": [ \"user:eve@example.com\" ], \"condition\": { \"title\": \"expirable access\", \"description\": \"Does not grant access after Sep 2020\", \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\", } } ], \"etag\": \"BwWWja0YfJA=\", \"version\": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).",
+      "description": "An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { \"bindings\": [ { \"role\": \"roles/resourcemanager.organizationAdmin\", \"members\": [ \"user:mike@example.com\", \"group:admins@example.com\", \"domain:google.com\", \"serviceAccount:my-project-id@appspot.gserviceaccount.com\" ] }, { \"role\": \"roles/resourcemanager.organizationViewer\", \"members\": [ \"user:eve@example.com\" ], \"condition\": { \"title\": \"expirable access\", \"description\": \"Does not grant access after Sep 2020\", \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\", } } ], \"etag\": \"BwWWja0YfJA=\", \"version\": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).",
       "id": "Policy",
       "properties": {
         "auditConfigs": {
@@ -2841,7 +2936,7 @@
           "type": "array"
         },
         "bindings": {
-          "description": "Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member.",
+          "description": "Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.",
           "items": {
             "$ref": "Binding"
           },
diff --git a/googleapiclient/discovery_cache/documents/billingbudgets.v1.json b/googleapiclient/discovery_cache/documents/billingbudgets.v1.json
index fd813dd5413..201472397cb 100644
--- a/googleapiclient/discovery_cache/documents/billingbudgets.v1.json
+++ b/googleapiclient/discovery_cache/documents/billingbudgets.v1.json
@@ -270,7 +270,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211112",
   "rootUrl": "https://billingbudgets.googleapis.com/",
   "schemas": {
     "GoogleCloudBillingBudgetsV1Budget": {
diff --git a/googleapiclient/discovery_cache/documents/billingbudgets.v1beta1.json b/googleapiclient/discovery_cache/documents/billingbudgets.v1beta1.json
index 7a10fcd12bd..263736f7540 100644
--- a/googleapiclient/discovery_cache/documents/billingbudgets.v1beta1.json
+++ b/googleapiclient/discovery_cache/documents/billingbudgets.v1beta1.json
@@ -264,7 +264,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211112",
   "rootUrl": "https://billingbudgets.googleapis.com/",
   "schemas": {
     "GoogleCloudBillingBudgetsV1beta1AllUpdatesRule": {
diff --git a/googleapiclient/discovery_cache/documents/binaryauthorization.v1.json b/googleapiclient/discovery_cache/documents/binaryauthorization.v1.json
index 01b1b33b22b..2262b5790e7 100644
--- a/googleapiclient/discovery_cache/documents/binaryauthorization.v1.json
+++ b/googleapiclient/discovery_cache/documents/binaryauthorization.v1.json
@@ -257,7 +257,7 @@
               ],
               "parameters": {
                 "options.requestedPolicyVersion": {
-                  "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+                  "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
                   "format": "int32",
                   "location": "query",
                   "type": "integer"
@@ -440,7 +440,7 @@
               ],
               "parameters": {
                 "options.requestedPolicyVersion": {
-                  "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+                  "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
                   "format": "int32",
                   "location": "query",
                   "type": "integer"
@@ -551,7 +551,7 @@
       }
     }
   },
-  "revision": "20211028",
+  "revision": "20211105",
   "rootUrl": "https://binaryauthorization.googleapis.com/",
   "schemas": {
     "AdmissionRule": {
@@ -583,7 +583,7 @@
           "enumDescriptions": [
             "Do not use.",
             "This rule allows all all pod creations.",
-            "This rule allows a pod creation if all the attestors listed in 'require_attestations_by' have valid attestations for all of the images in the pod spec.",
+            "This rule allows a pod creation if all the attestors listed in `require_attestations_by` have valid attestations for all of the images in the pod spec.",
             "This rule denies all pod creations."
           ],
           "type": "string"
@@ -879,21 +879,21 @@
           "additionalProperties": {
             "$ref": "AdmissionRule"
           },
-          "description": "Optional. Per-istio-service-identity admission rules. Istio service identity spec format: spiffe:///ns//sa/ or /ns//sa/ e.g. spiffe://example.com/ns/test-ns/sa/default",
+          "description": "Optional. Per-istio-service-identity admission rules. Istio service identity spec format: `spiffe:///ns//sa/` or `/ns//sa/` e.g. `spiffe://example.com/ns/test-ns/sa/default`",
           "type": "object"
         },
         "kubernetesNamespaceAdmissionRules": {
           "additionalProperties": {
             "$ref": "AdmissionRule"
           },
-          "description": "Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: [a-z.-]+, e.g. 'some-namespace'",
+          "description": "Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: `[a-z.-]+`, e.g. `some-namespace`",
           "type": "object"
         },
         "kubernetesServiceAccountAdmissionRules": {
           "additionalProperties": {
             "$ref": "AdmissionRule"
           },
-          "description": "Optional. Per-kubernetes-service-account admission rules. Service account spec format: `namespace:serviceaccount`. e.g. 'test-ns:default'",
+          "description": "Optional. Per-kubernetes-service-account admission rules. Service account spec format: `namespace:serviceaccount`. e.g. `test-ns:default`",
           "type": "object"
         },
         "name": {
diff --git a/googleapiclient/discovery_cache/documents/blogger.v2.json b/googleapiclient/discovery_cache/documents/blogger.v2.json
index d8e070892d9..284590ba837 100644
--- a/googleapiclient/discovery_cache/documents/blogger.v2.json
+++ b/googleapiclient/discovery_cache/documents/blogger.v2.json
@@ -401,7 +401,7 @@
       }
     }
   },
-  "revision": "20211105",
+  "revision": "20211112",
   "rootUrl": "https://blogger.googleapis.com/",
   "schemas": {
     "Blog": {
diff --git a/googleapiclient/discovery_cache/documents/blogger.v3.json b/googleapiclient/discovery_cache/documents/blogger.v3.json
index 196164cd99b..31121582470 100644
--- a/googleapiclient/discovery_cache/documents/blogger.v3.json
+++ b/googleapiclient/discovery_cache/documents/blogger.v3.json
@@ -1678,7 +1678,7 @@
       }
     }
   },
-  "revision": "20211105",
+  "revision": "20211112",
   "rootUrl": "https://blogger.googleapis.com/",
   "schemas": {
     "Blog": {
diff --git a/googleapiclient/discovery_cache/documents/books.v1.json b/googleapiclient/discovery_cache/documents/books.v1.json
index 5545f69e2c1..1e19b6d1d33 100644
--- a/googleapiclient/discovery_cache/documents/books.v1.json
+++ b/googleapiclient/discovery_cache/documents/books.v1.json
@@ -2671,7 +2671,7 @@
       }
     }
   },
-  "revision": "20211105",
+  "revision": "20211110",
   "rootUrl": "https://books.googleapis.com/",
   "schemas": {
     "Annotation": {
diff --git a/googleapiclient/discovery_cache/documents/calendar.v3.json b/googleapiclient/discovery_cache/documents/calendar.v3.json
index d04ff700aec..26850fbd9bd 100644
--- a/googleapiclient/discovery_cache/documents/calendar.v3.json
+++ b/googleapiclient/discovery_cache/documents/calendar.v3.json
@@ -1723,7 +1723,7 @@
       }
     }
   },
-  "revision": "20211007",
+  "revision": "20211105",
   "rootUrl": "https://www.googleapis.com/",
   "schemas": {
     "Acl": {
@@ -2380,7 +2380,7 @@
         },
         "eventType": {
           "default": "default",
-          "description": "Specific type of the event. Read-only. Possible values are:  \n- \"default\" - A regular event or not further specified. \n- \"outOfOffice\" - An out-of-office event.",
+          "description": "Specific type of the event. Read-only. Possible values are:  \n- \"default\" - A regular event or not further specified. \n- \"outOfOffice\" - An out-of-office event. \n- \"focusTime\" - A focus-time event.",
           "type": "string"
         },
         "extendedProperties": {
diff --git a/googleapiclient/discovery_cache/documents/chat.v1.json b/googleapiclient/discovery_cache/documents/chat.v1.json
index fcabae8ed19..069f4ee22da 100644
--- a/googleapiclient/discovery_cache/documents/chat.v1.json
+++ b/googleapiclient/discovery_cache/documents/chat.v1.json
@@ -642,7 +642,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211106",
   "rootUrl": "https://chat.googleapis.com/",
   "schemas": {
     "ActionParameter": {
@@ -1100,7 +1100,7 @@
           "type": "string"
         },
         "eventTime": {
-          "description": "The timestamp indicating when the event was dispatched.",
+          "description": "The timestamp indicating when the event occurred.",
           "format": "google-datetime",
           "type": "string"
         },
diff --git a/googleapiclient/discovery_cache/documents/chromemanagement.v1.json b/googleapiclient/discovery_cache/documents/chromemanagement.v1.json
index 4b34695b566..a1f85cb3e67 100644
--- a/googleapiclient/discovery_cache/documents/chromemanagement.v1.json
+++ b/googleapiclient/discovery_cache/documents/chromemanagement.v1.json
@@ -7,6 +7,9 @@
         },
         "https://www.googleapis.com/auth/chrome.management.reports.readonly": {
           "description": "See reports about devices and Chrome browsers managed within your organization"
+        },
+        "https://www.googleapis.com/auth/chrome.management.telemetry.readonly": {
+          "description": "See basic device and telemetry information collected from Chrome OS devices or users managed within your organization"
         }
       }
     }
@@ -426,11 +429,66 @@
               ]
             }
           }
+        },
+        "telemetry": {
+          "resources": {
+            "devices": {
+              "methods": {
+                "list": {
+                  "description": "List all telemetry devices.",
+                  "flatPath": "v1/customers/{customersId}/telemetry/devices",
+                  "httpMethod": "GET",
+                  "id": "chromemanagement.customers.telemetry.devices.list",
+                  "parameterOrder": [
+                    "parent"
+                  ],
+                  "parameters": {
+                    "filter": {
+                      "description": "Optional. Only include resources that match the filter. Supported filter fields: - org_unit_id - serial_number ",
+                      "location": "query",
+                      "type": "string"
+                    },
+                    "pageSize": {
+                      "description": "Maximum number of results to return. Maximum and default are 100.",
+                      "format": "int32",
+                      "location": "query",
+                      "type": "integer"
+                    },
+                    "pageToken": {
+                      "description": "Token to specify next page in the list.",
+                      "location": "query",
+                      "type": "string"
+                    },
+                    "parent": {
+                      "description": "Required. Customer id or \"my_customer\" to use the customer associated to the account making the request.",
+                      "location": "path",
+                      "pattern": "^customers/[^/]+$",
+                      "required": true,
+                      "type": "string"
+                    },
+                    "readMask": {
+                      "description": "Required. Read mask to specify which fields to return.",
+                      "format": "google-fieldmask",
+                      "location": "query",
+                      "type": "string"
+                    }
+                  },
+                  "path": "v1/{+parent}/telemetry/devices",
+                  "response": {
+                    "$ref": "GoogleChromeManagementV1ListTelemetryDevicesResponse"
+                  },
+                  "scopes": [
+                    "https://www.googleapis.com/auth/chrome.management.telemetry.readonly"
+                  ]
+                }
+              }
+            }
+          }
         }
       }
     }
   },
-  "revision": "20211105",
+  "revision": "20211112",
   "rootUrl": "https://chromemanagement.googleapis.com/",
   "schemas": {
     "GoogleChromeManagementV1AndroidAppInfo": {
@@ -578,6 +636,154 @@
       },
       "type": "object"
     },
+    "GoogleChromeManagementV1BatteryInfo": {
+      "description": "Battery info",
+      "id": "GoogleChromeManagementV1BatteryInfo",
+      "properties": {
+        "designCapacity": {
+          "description": "Output only. Design capacity (mAmpere-hours).",
+          "format": "int64",
+          "readOnly": true,
+          "type": "string"
+        },
+        "designMinVoltage": {
+          "description": "Output only. Designed minimum output voltage (mV)",
+          "format": "int32",
+          "readOnly": true,
+          "type": "integer"
+        },
+        "manufactureDate": {
+          "$ref": "GoogleTypeDate",
+          "description": "Output only. The date the battery was manufactured.",
+          "readOnly": true
+        },
+        "manufacturer": {
+          "description": "Output only. Battery manufacturer.",
+          "readOnly": true,
+          "type": "string"
+        },
+        "serialNumber": {
+          "description": "Output only. Battery serial number.",
+          "readOnly": true,
+          "type": "string"
+        },
+        "technology": {
+          "description": "Output only. Technology of the battery. Example: Li-ion",
+          "readOnly": true,
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "GoogleChromeManagementV1BatterySampleReport": {
+      "description": "Sampling data for battery.",
+      "id": "GoogleChromeManagementV1BatterySampleReport",
+      "properties": {
+        "chargeRate": {
+          "description": "Output only. Battery charge percentage.",
+          "format": "int32",
+          "readOnly": true,
+          "type": "integer"
+        },
+        "current": {
+          "description": "Output only. Battery current (mA).",
+          "format": "int64",
+          "readOnly": true,
+          "type": "string"
+        },
+        "dischargeRate": {
+          "description": "Output only. The battery discharge rate measured in mW. Positive if the battery is being discharged, negative if it's being charged.",
+          "format": "int32",
+          "readOnly": true,
+          "type": "integer"
+        },
+        "remainingCapacity": {
+          "description": "Output only. Battery remaining capacity (mAmpere-hours).",
+          "format": "int64",
+          "readOnly": true,
+          "type": "string"
+        },
+        "reportTime": {
+          "description": "Output only. Timestamp of when the sample was collected on device",
+          "format": "google-datetime",
+          "readOnly": true,
+          "type": "string"
+        },
+        "status": {
+          "description": "Output only. Battery status read from sysfs. Example: Discharging",
+          "readOnly": true,
+          "type": "string"
+        },
+        "temperature": {
+          "description": "Output only. Temperature in Celsius degrees.",
+          "format": "int32",
+          "readOnly": true,
+          "type": "integer"
+        },
+        "voltage": {
+          "description": "Output only. Battery voltage (millivolt).",
+          "format": "int64",
+          "readOnly": true,
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "GoogleChromeManagementV1BatteryStatusReport": {
+      "description": "Status data for battery.",
+      "id": "GoogleChromeManagementV1BatteryStatusReport",
+      "properties": {
+        "batteryHealth": {
+          "description": "Output only. Battery health.",
+          "enum": [
+            "BATTERY_HEALTH_UNSPECIFIED",
+            "BATTERY_HEALTH_NORMAL",
+            "BATTERY_REPLACE_SOON",
+            "BATTERY_REPLACE_NOW"
+          ],
+          "enumDescriptions": [
+            "Health unknown.",
+            "Battery is healthy.",
+            "Battery is moderately unhealthy and should be replaced soon.",
+            "Battery is unhealthy and should be replaced."
+          ],
+          "readOnly": true,
+          "type": "string"
+        },
+        "cycleCount": {
+          "description": "Output only. Cycle count.",
+          "format": "int32",
+          "readOnly": true,
+          "type": "integer"
+        },
+        "fullChargeCapacity": {
+          "description": "Output only. Full charge capacity (mAmpere-hours).",
+          "format": "int64",
+          "readOnly": true,
+          "type": "string"
+        },
+        "reportTime": {
+          "description": "Output only. Timestamp of when the sample was collected on device",
+          "format": "google-datetime",
+          "readOnly": true,
+          "type": "string"
+        },
+        "sample": {
+          "description": "Output only. Sampling data for the battery.",
+          "items": {
+            "$ref": "GoogleChromeManagementV1BatterySampleReport"
+          },
+          "readOnly": true,
+          "type": "array"
+        },
+        "serialNumber": {
+          "description": "Output only. Battery serial number.",
+          "readOnly": true,
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
     "GoogleChromeManagementV1BrowserVersion": {
       "description": "Describes a browser version and its install count.",
       "id": "GoogleChromeManagementV1BrowserVersion",
@@ -841,6 +1047,88 @@
       },
       "type": "object"
     },
+    "GoogleChromeManagementV1CpuInfo": {
+      "description": "CPU specs for a CPU.",
+      "id": "GoogleChromeManagementV1CpuInfo",
+      "properties": {
+        "architecture": {
+          "description": "Output only. The CPU architecture.",
+          "enum": [
+            "ARCHITECTURE_UNSPECIFIED",
+            "X64"
+          ],
+          "enumDescriptions": [
+            "Architecture unknown.",
+            "x64 architecture"
+          ],
+          "readOnly": true,
+          "type": "string"
+        },
+        "maxClockSpeed": {
+          "description": "Output only. The max CPU clock speed in kHz.",
+          "format": "int32",
+          "readOnly": true,
+          "type": "integer"
+        },
+        "model": {
+          "description": "Output only. The CPU model name. Example: Intel(R) Core(TM) i5-8250U CPU @ 1.60GHz",
+          "readOnly": true,
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "GoogleChromeManagementV1CpuStatusReport": {
+      "description": "Contains samples of the cpu status reports.",
+      "id": "GoogleChromeManagementV1CpuStatusReport",
+      "properties": {
+        "cpuTemperatureInfo": {
+          "description": "Output only. CPU temperature sample info per CPU core in Celsius",
+          "items": {
+            "$ref": "GoogleChromeManagementV1CpuTemperatureInfo"
+          },
+          "readOnly": true,
+          "type": "array"
+        },
+        "cpuUtilizationPct": {
+          "description": "Output only. Sample of CPU utilization (0-100 percent).",
+          "format": "int32",
+          "readOnly": true,
+          "type": "integer"
+        },
+        "reportTime": {
+          "description": "Output only. The timestamp in milliseconds representing time at which this report was sampled.",
+          "format": "google-datetime",
+          "readOnly": true,
+          "type": "string"
+        },
+        "sampleFrequency": {
+          "description": "Output only. Frequency the report is sampled.",
+          "format": "google-duration",
+          "readOnly": true,
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "GoogleChromeManagementV1CpuTemperatureInfo": {
+      "description": "CPU temperature of a device. Sampled per CPU core in Celsius",
+      "id": "GoogleChromeManagementV1CpuTemperatureInfo",
+      "properties": {
+        "label": {
+          "description": "Output only. CPU label. Example: Core 0",
+          "readOnly": true,
+          "type": "string"
+        },
+        "temperatureCelsius": {
+          "description": "Output only. CPU temperature in Celsius.",
+          "format": "int32",
+          "readOnly": true,
+          "type": "integer"
+        }
+      },
+      "type": "object"
+    },
     "GoogleChromeManagementV1Device": {
       "description": "Describes a device reporting Chrome browser information.",
       "id": "GoogleChromeManagementV1Device",
@@ -858,6 +1146,124 @@
       },
       "type": "object"
     },
+    "GoogleChromeManagementV1DiskInfo": {
+      "description": "Status of the single storage device.",
+      "id": "GoogleChromeManagementV1DiskInfo",
+      "properties": {
+        "bytesReadThisSession": {
+          "description": "Output only. Number of bytes read since last boot.",
+          "format": "int64",
+          "readOnly": true,
+          "type": "string"
+        },
+        "bytesWrittenThisSession": {
+          "description": "Output only. Number of bytes written since last boot.",
+          "format": "int64",
+          "readOnly": true,
+          "type": "string"
+        },
+        "discardTimeThisSession": {
+          "description": "Output only. Time spent discarding since last boot. Discarding is writing to clear blocks which are no longer in use. Supported on kernels 4.18+.",
+          "format": "google-duration",
+          "readOnly": true,
+          "type": "string"
+        },
+        "health": {
+          "description": "Output only. Disk health.",
+          "readOnly": true,
+          "type": "string"
+        },
+        "ioTimeThisSession": {
+          "description": "Output only. Counts the time the disk and queue were busy, so unlike the fields above, parallel requests are not counted multiple times.",
+          "format": "google-duration",
+          "readOnly": true,
+          "type": "string"
+        },
+        "manufacturer": {
+          "description": "Output only. Disk manufacturer.",
+          "readOnly": true,
+          "type": "string"
+        },
+        "model": {
+          "description": "Output only. Disk model.",
+          "readOnly": true,
+          "type": "string"
+        },
+        "readTimeThisSession": {
+          "description": "Output only. Time spent reading from disk since last boot.",
+          "format": "google-duration",
+          "readOnly": true,
+          "type": "string"
+        },
+        "serialNumber": {
+          "description": "Output only. Disk serial number.",
+          "readOnly": true,
+          "type": "string"
+        },
+        "sizeBytes": {
+          "description": "Output only. Disk size.",
+          "format": "int64",
+          "readOnly": true,
+          "type": "string"
+        },
+        "type": {
+          "description": "Output only. Disk type: eMMC / NVMe / ATA / SCSI.",
+          "readOnly": true,
+          "type": "string"
+        },
+        "volumeIds": {
+          "description": "Output only. Disk volumes.",
+          "items": {
+            "type": "string"
+          },
+          "readOnly": true,
+          "type": "array"
+        },
+        "writeTimeThisSession": {
+          "description": "Output only. Time spent writing to disk since last boot.",
+          "format": "google-duration",
+          "readOnly": true,
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "GoogleChromeManagementV1DisplayInfo": {
+      "description": "Information for a display.",
+      "id": "GoogleChromeManagementV1DisplayInfo",
+      "properties": {
+        "deviceId": {
+          "description": "Output only. Represents the graphics card device id.",
+          "format": "int64",
+          "readOnly": true,
+          "type": "string"
+        },
+        "isInternal": {
+          "description": "Output only. Indicates if display is internal or not.",
+          "readOnly": true,
+          "type": "boolean"
+        },
+        "refreshRate": {
+          "description": "Output only. Refresh rate in Hz.",
+          "format": "int32",
+          "readOnly": true,
+          "type": "integer"
+        },
+        "resolutionHeight": {
+          "description": "Output only. Resolution height in pixels.",
+          "format": "int32",
+          "readOnly": true,
+          "type": "integer"
+        },
+        "resolutionWidth": {
+          "description": "Output only. Resolution width in pixels.",
+          "format": "int32",
+          "readOnly": true,
+          "type": "integer"
+        }
+      },
+      "type": "object"
+    },
     "GoogleChromeManagementV1FindInstalledAppDevicesResponse": {
       "description": "Response containing a list of devices with queried app installed.",
       "id": "GoogleChromeManagementV1FindInstalledAppDevicesResponse",
@@ -881,6 +1287,62 @@
       },
       "type": "object"
     },
+    "GoogleChromeManagementV1GraphicsAdapterInfo": {
+      "description": "Information of a graphics adapter (GPU).",
+      "id": "GoogleChromeManagementV1GraphicsAdapterInfo",
+      "properties": {
+        "adapter": {
+          "description": "Output only. Adapter name. Example: Mesa DRI Intel(R) UHD Graphics 620 (Kabylake GT2).",
+          "readOnly": true,
+          "type": "string"
+        },
+        "deviceId": {
+          "description": "Output only. Represents the graphics card device id.",
+          "format": "int64",
+          "readOnly": true,
+          "type": "string"
+        },
+        "driverVersion": {
+          "description": "Output only. Version of the GPU driver.",
+          "readOnly": true,
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "GoogleChromeManagementV1GraphicsInfo": {
+      "description": "Information of the graphics subsystem.",
+      "id": "GoogleChromeManagementV1GraphicsInfo",
+      "properties": {
+        "adapterInfo": {
+          "$ref": "GoogleChromeManagementV1GraphicsAdapterInfo",
+          "description": "Output only. Information about the graphics adapter (GPU).",
+          "readOnly": true
+        }
+      },
+      "type": "object"
+    },
+    "GoogleChromeManagementV1GraphicsStatusReport": {
+      "description": "Information of the graphics subsystem.",
+      "id": "GoogleChromeManagementV1GraphicsStatusReport",
+      "properties": {
+        "displays": {
+          "description": "Output only. Information about the displays for the device.",
+          "items": {
+            "$ref": "GoogleChromeManagementV1DisplayInfo"
+          },
+          "readOnly": true,
+          "type": "array"
+        },
+        "reportTime": {
+          "description": "Output only. Time at which the graphics data was reported.",
+          "format": "google-datetime",
+          "readOnly": true,
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
     "GoogleChromeManagementV1InstalledApp": {
       "description": "Describes an installed app.",
       "id": "GoogleChromeManagementV1InstalledApp",
@@ -992,6 +1454,345 @@
       },
       "type": "object"
     },
+    "GoogleChromeManagementV1ListTelemetryDevicesResponse": {
+      "id": "GoogleChromeManagementV1ListTelemetryDevicesResponse",
+      "properties": {
+        "devices": {
+          "description": "Telemetry devices returned in the response.",
+          "items": {
+            "$ref": "GoogleChromeManagementV1TelemetryDevice"
+          },
+          "type": "array"
+        },
+        "nextPageToken": {
+          "description": "Token to specify next page in the list.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "GoogleChromeManagementV1MemoryInfo": {
+      "description": "Memory information of a device.",
+      "id": "GoogleChromeManagementV1MemoryInfo",
+      "properties": {
+        "availableRamBytes": {
+          "description": "Output only. Amount of available RAM in bytes.",
+          "format": "int64",
+          "readOnly": true,
+          "type": "string"
+        },
+        "totalRamBytes": {
+          "description": "Output only. Total RAM in bytes.",
+          "format": "int64",
+          "readOnly": true,
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "GoogleChromeManagementV1MemoryStatusReport": {
+      "description": "Contains samples of memory status reports.",
+      "id": "GoogleChromeManagementV1MemoryStatusReport",
+      "properties": {
+        "pageFaults": {
+          "description": "Output only. Number of page faults during this collection",
+          "format": "int32",
+          "readOnly": true,
+          "type": "integer"
+        },
+        "reportTime": {
+          "description": "Output only. The timestamp in milliseconds representing time at which this report was sampled.",
+          "format": "google-datetime",
+          "readOnly": true,
+          "type": "string"
+        },
+        "sampleFrequency": {
+          "description": "Output only. Frequency the report is sampled.",
+          "format": "google-duration",
+          "readOnly": true,
+          "type": "string"
+        },
+        "systemRamFreeBytes": {
+          "description": "Output only. Amount of free RAM in bytes (unreliable due to Garbage Collection).",
+          "format": "int64",
+          "readOnly": true,
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "GoogleChromeManagementV1NetworkStatusReport": {
+      "description": "State of visible/configured networks.",
+      "id": "GoogleChromeManagementV1NetworkStatusReport",
+      "properties": {
+        "gatewayIpAddress": {
+          "description": "Output only. Gateway IP address.",
+          "readOnly": true,
+          "type": "string"
+        },
+        "lanIpAddress": {
+          "description": "Output only. LAN IP address.",
+          "readOnly": true,
+          "type": "string"
+        },
+        "reportTime": {
+          "description": "Output only. Time at which the network state was reported.",
+          "format": "google-datetime",
+          "readOnly": true,
+          "type": "string"
+        },
+        "sampleFrequency": {
+          "description": "Output only. Frequency the report is sampled.",
+          "format": "google-duration",
+          "readOnly": true,
+          "type": "string"
+        },
+        "signalStrengthDbm": {
+          "description": "Output only. Signal strength for wireless networks measured in decibels.",
+          "format": "int32",
+          "readOnly": true,
+          "type": "integer"
+        }
+      },
+      "type": "object"
+    },
+    "GoogleChromeManagementV1OsUpdateStatus": {
+      "description": "Contains information regarding the current OS update status.",
+      "id": "GoogleChromeManagementV1OsUpdateStatus",
+      "properties": {
+        "lastRebootTime": {
+          "description": "Output only. Timestamp of the last reboot.",
+          "format": "google-datetime",
+          "readOnly": true,
+          "type": "string"
+        },
+        "lastUpdateCheckTime": {
+          "description": "Output only. Timestamp of the last update check.",
+          "format": "google-datetime",
+          "readOnly": true,
+          "type": "string"
+        },
+        "lastUpdateTime": {
+          "description": "Output only. Timestamp of the last successful update.",
+          "format": "google-datetime",
+          "readOnly": true,
+          "type": "string"
+        },
+        "newPlatformVersion": {
+          "description": "Output only. New platform version of the os image being downloaded and applied. It is only set when update status is OS_IMAGE_DOWNLOAD_IN_PROGRESS or OS_UPDATE_NEED_REBOOT. Note this could be a dummy \"0.0.0.0\" for OS_UPDATE_NEED_REBOOT status for some edge cases, e.g. update engine is restarted without a reboot.",
+          "readOnly": true,
+          "type": "string"
+        },
+        "newRequestedPlatformVersion": {
+          "description": "Output only. New requested platform version from the pending updated kiosk app.",
+          "readOnly": true,
+          "type": "string"
+        },
+        "updateState": {
+          "description": "Output only. Current state of the os update.",
+          "enum": [
+            "UPDATE_STATE_UNSPECIFIED",
+            "OS_IMAGE_DOWNLOAD_NOT_STARTED",
+            "OS_IMAGE_DOWNLOAD_IN_PROGRESS",
+            "OS_UPDATE_NEED_REBOOT"
+          ],
+          "enumDescriptions": [
+            "State unspecified.",
+            "OS has not started downloading.",
+            "OS has started download on device.",
+            "Device needs reboot to finish upload."
+          ],
+          "readOnly": true,
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "GoogleChromeManagementV1StorageInfo": {
+      "description": "Status data for storage.",
+      "id": "GoogleChromeManagementV1StorageInfo",
+      "properties": {
+        "availableDiskBytes": {
+          "description": "The available space for user data storage in the device in bytes.",
+          "format": "int64",
+          "type": "string"
+        },
+        "totalDiskBytes": {
+          "description": "The total space for user data storage in the device in bytes.",
+          "format": "int64",
+          "type": "string"
+        },
+        "volume": {
+          "description": "Information for disk volumes",
+          "items": {
+            "$ref": "GoogleChromeManagementV1StorageInfoDiskVolume"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "GoogleChromeManagementV1StorageInfoDiskVolume": {
+      "description": "Information for disk volumes",
+      "id": "GoogleChromeManagementV1StorageInfoDiskVolume",
+      "properties": {
+        "storageFreeBytes": {
+          "description": "Free storage space in bytes.",
+          "format": "int64",
+          "type": "string"
+        },
+        "storageTotalBytes": {
+          "description": "Total storage space in bytes.",
+          "format": "int64",
+          "type": "string"
+        },
+        "volumeId": {
+          "description": "Disk volume id.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "GoogleChromeManagementV1StorageStatusReport": {
+      "description": "Status data for storage.",
+      "id": "GoogleChromeManagementV1StorageStatusReport",
+      "properties": {
+        "disk": {
+          "description": "Output only. Reports on disk",
+          "items": {
+            "$ref": "GoogleChromeManagementV1DiskInfo"
+          },
+          "readOnly": true,
+          "type": "array"
+        },
+        "reportTime": {
+          "description": "Output only. Timestamp of when the sample was collected on device",
+          "format": "google-datetime",
+          "readOnly": true,
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "GoogleChromeManagementV1TelemetryDevice": {
+      "description": "Telemetry data collected from a managed device.",
+      "id": "GoogleChromeManagementV1TelemetryDevice",
+      "properties": {
+        "batteryInfo": {
+          "description": "Output only. Information on battery specs for the device.",
+          "items": {
+            "$ref": "GoogleChromeManagementV1BatteryInfo"
+          },
+          "readOnly": true,
+          "type": "array"
+        },
+        "batteryStatusReport": {
+          "description": "Output only. Battery reports collected periodically.",
+          "items": {
+            "$ref": "GoogleChromeManagementV1BatteryStatusReport"
+          },
+          "readOnly": true,
+          "type": "array"
+        },
+        "cpuInfo": {
+          "description": "Output only. Information regarding CPU specs for the device.",
+          "items": {
+            "$ref": "GoogleChromeManagementV1CpuInfo"
+          },
+          "readOnly": true,
+          "type": "array"
+        },
+        "cpuStatusReport": {
+          "description": "Output only. CPU status reports collected periodically.",
+          "items": {
+            "$ref": "GoogleChromeManagementV1CpuStatusReport"
+          },
+          "readOnly": true,
+          "type": "array"
+        },
+        "customer": {
+          "description": "Output only. Google Workspace Customer whose enterprise enrolled the device.",
+          "readOnly": true,
+          "type": "string"
+        },
+        "deviceId": {
+          "description": "Output only. The unique Directory API ID of the device. This value is the same as the Admin Console's Directory API ID in the Chrome OS Devices tab",
+          "readOnly": true,
+          "type": "string"
+        },
+        "graphicsInfo": {
+          "$ref": "GoogleChromeManagementV1GraphicsInfo",
+          "description": "Output only. Contains information regarding Graphic peripherals for the device.",
+          "readOnly": true
+        },
+        "graphicsStatusReport": {
+          "description": "Output only. Graphics reports collected periodically.",
+          "items": {
+            "$ref": "GoogleChromeManagementV1GraphicsStatusReport"
+          },
+          "readOnly": true,
+          "type": "array"
+        },
+        "memoryInfo": {
+          "$ref": "GoogleChromeManagementV1MemoryInfo",
+          "description": "Output only. Information regarding memory specs for the device.",
+          "readOnly": true
+        },
+        "memoryStatusReport": {
+          "description": "Output only. Memory status reports collected periodically.",
+          "items": {
+            "$ref": "GoogleChromeManagementV1MemoryStatusReport"
+          },
+          "readOnly": true,
+          "type": "array"
+        },
+        "name": {
+          "description": "Output only. Resource name of the device.",
+          "readOnly": true,
+          "type": "string"
+        },
+        "networkStatusReport": {
+          "description": "Output only. Network specs collected periodically.",
+          "items": {
+            "$ref": "GoogleChromeManagementV1NetworkStatusReport"
+          },
+          "readOnly": true,
+          "type": "array"
+        },
+        "orgUnitId": {
+          "description": "Output only. Organization unit ID of the device.",
+          "readOnly": true,
+          "type": "string"
+        },
+        "osUpdateStatus": {
+          "description": "Output only. Contains relevant information regarding ChromeOS update status.",
+          "items": {
+            "$ref": "GoogleChromeManagementV1OsUpdateStatus"
+          },
+          "readOnly": true,
+          "type": "array"
+        },
+        "serialNumber": {
+          "description": "Output only. Device serial number. This value is the same as the Admin Console's Serial Number in the Chrome OS Devices tab.",
+          "readOnly": true,
+          "type": "string"
+        },
+        "storageInfo": {
+          "$ref": "GoogleChromeManagementV1StorageInfo",
+          "description": "Output only. Information of storage specs for the device.",
+          "readOnly": true
+        },
+        "storageStatusReport": {
+          "description": "Output only. Storage reports collected periodically.",
+          "items": {
+            "$ref": "GoogleChromeManagementV1StorageStatusReport"
+          },
+          "readOnly": true,
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
     "GoogleRpcStatus": {
       "description": "The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors).",
       "id": "GoogleRpcStatus",
@@ -1018,6 +1819,28 @@
         }
       },
       "type": "object"
+    },
+    "GoogleTypeDate": {
+      "description": "Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values * A month and day value, with a zero year, such as an anniversary * A year on its own, with zero month and day values * A year and month value, with a zero day, such as a credit card expiration date Related types are google.type.TimeOfDay and `google.protobuf.Timestamp`.",
+      "id": "GoogleTypeDate",
+      "properties": {
+        "day": {
+          "description": "Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "month": {
+          "description": "Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "year": {
+          "description": "Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.",
+          "format": "int32",
+          "type": "integer"
+        }
+      },
+      "type": "object"
     }
   },
   "servicePath": "",
diff --git a/googleapiclient/discovery_cache/documents/chromepolicy.v1.json b/googleapiclient/discovery_cache/documents/chromepolicy.v1.json
index 4c847a5cb7b..a5c20894bb0 100644
--- a/googleapiclient/discovery_cache/documents/chromepolicy.v1.json
+++ b/googleapiclient/discovery_cache/documents/chromepolicy.v1.json
@@ -324,7 +324,7 @@
       }
     }
   },
-  "revision": "20211105",
+  "revision": "20211112",
   "rootUrl": "https://chromepolicy.googleapis.com/",
   "schemas": {
     "ChromeCrosDpanelAutosettingsProtoPolicyApiLifecycle": {
diff --git a/googleapiclient/discovery_cache/documents/chromeuxreport.v1.json b/googleapiclient/discovery_cache/documents/chromeuxreport.v1.json
index 0cb47d1b0aa..59c56525f64 100644
--- a/googleapiclient/discovery_cache/documents/chromeuxreport.v1.json
+++ b/googleapiclient/discovery_cache/documents/chromeuxreport.v1.json
@@ -116,7 +116,7 @@
       }
     }
   },
-  "revision": "20211104",
+  "revision": "20211111",
   "rootUrl": "https://chromeuxreport.googleapis.com/",
   "schemas": {
     "Bin": {
diff --git a/googleapiclient/discovery_cache/documents/classroom.v1.json b/googleapiclient/discovery_cache/documents/classroom.v1.json
index 42b51d2e7dc..0263a8815bf 100644
--- a/googleapiclient/discovery_cache/documents/classroom.v1.json
+++ b/googleapiclient/discovery_cache/documents/classroom.v1.json
@@ -2400,7 +2400,7 @@
       }
     }
   },
-  "revision": "20211101",
+  "revision": "20211110",
   "rootUrl": "https://classroom.googleapis.com/",
   "schemas": {
     "Announcement": {
diff --git a/googleapiclient/discovery_cache/documents/cloudasset.v1.json b/googleapiclient/discovery_cache/documents/cloudasset.v1.json
index f946d724e9c..75c4b2e3f29 100644
--- a/googleapiclient/discovery_cache/documents/cloudasset.v1.json
+++ b/googleapiclient/discovery_cache/documents/cloudasset.v1.json
@@ -350,6 +350,168 @@
         }
       }
     },
+    "savedQueries": {
+      "methods": {
+        "create": {
+          "description": "Creates a saved query in a parent project/folder/organization.",
+          "flatPath": "v1/{v1Id}/{v1Id1}/savedQueries",
+          "httpMethod": "POST",
+          "id": "cloudasset.savedQueries.create",
+          "parameterOrder": [
+            "parent"
+          ],
+          "parameters": {
+            "parent": {
+              "description": "Required. The name of the project/folder/organization where this saved_query should be created in. It can only be an organization number (such as \"organizations/123\"), a folder number (such as \"folders/123\"), a project ID (such as \"projects/my-project-id\")\", or a project number (such as \"projects/12345\").",
+              "location": "path",
+              "pattern": "^[^/]+/[^/]+$",
+              "required": true,
+              "type": "string"
+            },
+            "savedQueryId": {
+              "description": "Required. The ID to use for the saved query, which must be unique in the specified parent. It will become the final component of the saved query's resource name. This value should be 4-63 characters, and valid characters are /a-z-/. Notice that this field is required in the saved query creation, and the `name` field of the `saved_query` will be ignored.",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "v1/{+parent}/savedQueries",
+          "request": {
+            "$ref": "SavedQuery"
+          },
+          "response": {
+            "$ref": "SavedQuery"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform"
+          ]
+        },
+        "delete": {
+          "description": "Deletes a saved query.",
+          "flatPath": "v1/{v1Id}/{v1Id1}/savedQueries/{savedQueriesId}",
+          "httpMethod": "DELETE",
+          "id": "cloudasset.savedQueries.delete",
+          "parameterOrder": [
+            "name"
+          ],
+          "parameters": {
+            "name": {
+              "description": "Required. The name of the saved query to delete. It must be in the format of: * projects/project_number/savedQueries/saved_query_id * folders/folder_number/savedQueries/saved_query_id * organizations/organization_number/savedQueries/saved_query_id",
+              "location": "path",
+              "pattern": "^[^/]+/[^/]+/savedQueries/[^/]+$",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "v1/{+name}",
+          "response": {
+            "$ref": "Empty"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform"
+          ]
+        },
+        "get": {
+          "description": "Gets details about a saved query.",
+          "flatPath": "v1/{v1Id}/{v1Id1}/savedQueries/{savedQueriesId}",
+          "httpMethod": "GET",
+          "id": "cloudasset.savedQueries.get",
+          "parameterOrder": [
+            "name"
+          ],
+          "parameters": {
+            "name": {
+              "description": "Required. The name of the saved query and it must be in the format of: * projects/project_number/savedQueries/saved_query_id * folders/folder_number/savedQueries/saved_query_id * organizations/organization_number/savedQueries/saved_query_id",
+              "location": "path",
+              "pattern": "^[^/]+/[^/]+/savedQueries/[^/]+$",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "v1/{+name}",
+          "response": {
+            "$ref": "SavedQuery"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform"
+          ]
+        },
+        "list": {
+          "description": "Lists all saved queries in a parent project/folder/organization.",
+          "flatPath": "v1/{v1Id}/{v1Id1}/savedQueries",
+          "httpMethod": "GET",
+          "id": "cloudasset.savedQueries.list",
+          "parameterOrder": [
+            "parent"
+          ],
+          "parameters": {
+            "filter": {
+              "description": "Optional. The expression to filter resources. The expression is a list of zero or more restrictions combined via logical operators `AND` and `OR`. When `AND` and `OR` are both used in the expression, parentheses must be appropriately used to group the combinations. The expression may also contain regular expressions. See https://google.aip.dev/160 for more information on the grammar.",
+              "location": "query",
+              "type": "string"
+            },
+            "pageSize": {
+              "description": "Optional. The maximum number of saved queries to return per page. The service may return fewer than this value. If unspecified, at most 50 will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.",
+              "format": "int32",
+              "location": "query",
+              "type": "integer"
+            },
+            "pageToken": {
+              "description": "Optional. A page token, received from a previous `ListSavedQueries` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListSavedQueries` must match the call that provided the page token.",
+              "location": "query",
+              "type": "string"
+            },
+            "parent": {
+              "description": "Required. The parent project/folder/organization whose savedQueries are to be listed. It can only be using project/folder/organization number (such as \"folders/12345\")\", or a project ID (such as \"projects/my-project-id\").",
+              "location": "path",
+              "pattern": "^[^/]+/[^/]+$",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "v1/{+parent}/savedQueries",
+          "response": {
+            "$ref": "ListSavedQueriesResponse"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform"
+          ]
+        },
+        "patch": {
+          "description": "Updates a saved query.",
+          "flatPath": "v1/{v1Id}/{v1Id1}/savedQueries/{savedQueriesId}",
+          "httpMethod": "PATCH",
+          "id": "cloudasset.savedQueries.patch",
+          "parameterOrder": [
+            "name"
+          ],
+          "parameters": {
+            "name": {
+              "description": "The resource name of the saved query. The format must be: * projects/project_number/savedQueries/saved_query_id * folders/folder_number/savedQueries/saved_query_id * organizations/organization_number/savedQueries/saved_query_id",
+              "location": "path",
+              "pattern": "^[^/]+/[^/]+/savedQueries/[^/]+$",
+              "required": true,
+              "type": "string"
+            },
+            "updateMask": {
+              "description": "Required. The list of fields to update.",
+              "format": "google-fieldmask",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "v1/{+name}",
+          "request": {
+            "$ref": "SavedQuery"
+          },
+          "response": {
+            "$ref": "SavedQuery"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform"
+          ]
+        }
+      }
+    },
     "v1": {
       "methods": {
         "analyzeIamPolicy": {
@@ -425,6 +587,11 @@
               "location": "query",
               "type": "string"
             },
+            "savedAnalysisQuery": {
+              "description": "Optional. The name of a saved query, which must be in the format of: * projects/project_number/savedQueries/saved_query_id * folders/folder_number/savedQueries/saved_query_id * organizations/organization_number/savedQueries/saved_query_id If both `analysis_query` and `saved_analysis_query` are provided, they will be merged together with the `saved_analysis_query` as base and the `analysis_query` as overrides. For more details of the merge behavior, please refer to the [MergeFrom](https://developers.google.com/protocol-buffers/docs/reference/cpp/google.protobuf.message#Message.MergeFrom.details) page. Note that you cannot override primitive fields with default value, such as 0 or empty string, etc., because we use proto3, which doesn't support field presence yet.",
+              "location": "query",
+              "type": "string"
+            },
             "scope": {
               "description": "Required. The relative name of the root asset. Only resources and IAM policies within the scope will be analyzed. This can only be an organization number (such as \"organizations/123\"), a folder number (such as \"folders/123\"), a project ID (such as \"projects/my-project-id\"), or a project number (such as \"projects/12345\"). To know how to get organization id, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id). To know how to get folder or project id, visit [here ](https://cloud.google.com/resource-manager/docs/creating-managing-folders#viewing_or_listing_folders_and_projects).",
               "location": "path",
@@ -727,7 +894,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211105",
   "rootUrl": "https://cloudasset.googleapis.com/",
   "schemas": {
     "AccessSelector": {
@@ -775,6 +942,10 @@
         "outputConfig": {
           "$ref": "IamPolicyAnalysisOutputConfig",
           "description": "Required. Output configuration indicating where the results will be output to."
+        },
+        "savedAnalysisQuery": {
+          "description": "Optional. The name of a saved query, which must be in the format of: * projects/project_number/savedQueries/saved_query_id * folders/folder_number/savedQueries/saved_query_id * organizations/organization_number/savedQueries/saved_query_id If both `analysis_query` and `saved_analysis_query` are provided, they will be merged together with the `saved_analysis_query` as base and the `analysis_query` as overrides. For more details of the merge behavior, please refer to the [MergeFrom](https://developers.google.com/protocol-buffers/docs/reference/cpp/google.protobuf.message#Message.MergeFrom.details) doc. Note that you cannot override primitive fields with default value, such as 0 or empty string, etc., because we use proto3, which doesn't support field presence yet.",
+          "type": "string"
         }
       },
       "type": "object"
@@ -2536,6 +2707,24 @@
       },
       "type": "object"
     },
+    "ListSavedQueriesResponse": {
+      "description": "Response of listing saved queries.",
+      "id": "ListSavedQueriesResponse",
+      "properties": {
+        "nextPageToken": {
+          "description": "A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.",
+          "type": "string"
+        },
+        "savedQueries": {
+          "description": "A list of savedQueries.",
+          "items": {
+            "$ref": "SavedQuery"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
     "MoveAnalysis": {
       "description": "A message to group the analysis information.",
       "id": "MoveAnalysis",
@@ -2784,6 +2973,17 @@
       },
       "type": "object"
     },
+    "QueryContent": {
+      "description": "The query content.",
+      "id": "QueryContent",
+      "properties": {
+        "iamPolicyAnalysisQuery": {
+          "$ref": "IamPolicyAnalysisQuery",
+          "description": "An IAM Policy Analysis query, which could be used in the AssetService.AnalyzeIamPolicy rpc or the AssetService.AnalyzeIamPolicyLongrunning rpc."
+        }
+      },
+      "type": "object"
+    },
     "RelatedAsset": {
       "description": "An asset identifier in Google Cloud which contains its name, type and ancestors. An asset can be any resource in the Google Cloud [resource hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), a resource outside the Google Cloud resource hierarchy (such as Google Kubernetes Engine clusters and objects), or a policy (e.g. Cloud IAM policy). See [Supported asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) for more information.",
       "id": "RelatedAsset",
@@ -3037,6 +3237,54 @@
       },
       "type": "object"
     },
+    "SavedQuery": {
+      "description": "A saved query which can be shared with others or used later.",
+      "id": "SavedQuery",
+      "properties": {
+        "content": {
+          "$ref": "QueryContent",
+          "description": "The query content."
+        },
+        "createTime": {
+          "description": "Output only. The create time of this saved query.",
+          "format": "google-datetime",
+          "readOnly": true,
+          "type": "string"
+        },
+        "creator": {
+          "description": "Output only. The account's email address who has created this saved query.",
+          "readOnly": true,
+          "type": "string"
+        },
+        "description": {
+          "description": "The description of this saved query. This value should be fewer than 255 characters.",
+          "type": "string"
+        },
+        "labels": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "description": "Labels applied on the resource. This value should not contain more than 10 entries. The key and value of each entry must be non-empty and fewer than 64 characters.",
+          "type": "object"
+        },
+        "lastUpdateTime": {
+          "description": "Output only. The last update time of this saved query.",
+          "format": "google-datetime",
+          "readOnly": true,
+          "type": "string"
+        },
+        "lastUpdater": {
+          "description": "Output only. The account's email address who has updated this saved query most recently.",
+          "readOnly": true,
+          "type": "string"
+        },
+        "name": {
+          "description": "The resource name of the saved query. The format must be: * projects/project_number/savedQueries/saved_query_id * folders/folder_number/savedQueries/saved_query_id * organizations/organization_number/savedQueries/saved_query_id",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
     "SearchAllIamPoliciesResponse": {
       "description": "Search all IAM policies response.",
       "id": "SearchAllIamPoliciesResponse",
diff --git a/googleapiclient/discovery_cache/documents/cloudasset.v1beta1.json b/googleapiclient/discovery_cache/documents/cloudasset.v1beta1.json
index 88e65c9093f..b392f6e156b 100644
--- a/googleapiclient/discovery_cache/documents/cloudasset.v1beta1.json
+++ b/googleapiclient/discovery_cache/documents/cloudasset.v1beta1.json
@@ -411,7 +411,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211105",
   "rootUrl": "https://cloudasset.googleapis.com/",
   "schemas": {
     "AnalyzeIamPolicyLongrunningMetadata": {
diff --git a/googleapiclient/discovery_cache/documents/cloudasset.v1p1beta1.json b/googleapiclient/discovery_cache/documents/cloudasset.v1p1beta1.json
index e64a9ae76a5..5ebedc73d3e 100644
--- a/googleapiclient/discovery_cache/documents/cloudasset.v1p1beta1.json
+++ b/googleapiclient/discovery_cache/documents/cloudasset.v1p1beta1.json
@@ -207,7 +207,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211105",
   "rootUrl": "https://cloudasset.googleapis.com/",
   "schemas": {
     "AnalyzeIamPolicyLongrunningMetadata": {
diff --git a/googleapiclient/discovery_cache/documents/cloudasset.v1p4beta1.json b/googleapiclient/discovery_cache/documents/cloudasset.v1p4beta1.json
index cb1f75f22bd..523b2abee7b 100644
--- a/googleapiclient/discovery_cache/documents/cloudasset.v1p4beta1.json
+++ b/googleapiclient/discovery_cache/documents/cloudasset.v1p4beta1.json
@@ -221,7 +221,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211105",
   "rootUrl": "https://cloudasset.googleapis.com/",
   "schemas": {
     "AccessSelector": {
diff --git a/googleapiclient/discovery_cache/documents/cloudasset.v1p5beta1.json b/googleapiclient/discovery_cache/documents/cloudasset.v1p5beta1.json
index 31e4b5bd71f..d5c5ca59996 100644
--- a/googleapiclient/discovery_cache/documents/cloudasset.v1p5beta1.json
+++ b/googleapiclient/discovery_cache/documents/cloudasset.v1p5beta1.json
@@ -177,7 +177,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211105",
   "rootUrl": "https://cloudasset.googleapis.com/",
   "schemas": {
     "AnalyzeIamPolicyLongrunningMetadata": {
diff --git a/googleapiclient/discovery_cache/documents/cloudasset.v1p7beta1.json b/googleapiclient/discovery_cache/documents/cloudasset.v1p7beta1.json
index 29cd86132f5..223222ba4ea 100644
--- a/googleapiclient/discovery_cache/documents/cloudasset.v1p7beta1.json
+++ b/googleapiclient/discovery_cache/documents/cloudasset.v1p7beta1.json
@@ -167,7 +167,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211105",
   "rootUrl": "https://cloudasset.googleapis.com/",
   "schemas": {
     "AnalyzeIamPolicyLongrunningMetadata": {
diff --git a/googleapiclient/discovery_cache/documents/cloudbilling.v1.json b/googleapiclient/discovery_cache/documents/cloudbilling.v1.json
index 2f0816d278a..a7f831bbaa1 100644
--- a/googleapiclient/discovery_cache/documents/cloudbilling.v1.json
+++ b/googleapiclient/discovery_cache/documents/cloudbilling.v1.json
@@ -521,7 +521,7 @@
       }
     }
   },
-  "revision": "20211106",
+  "revision": "20211112",
   "rootUrl": "https://cloudbilling.googleapis.com/",
   "schemas": {
     "AggregationInfo": {
diff --git a/googleapiclient/discovery_cache/documents/cloudchannel.v1.json b/googleapiclient/discovery_cache/documents/cloudchannel.v1.json
index e75e320e552..bbb6cc845a9 100644
--- a/googleapiclient/discovery_cache/documents/cloudchannel.v1.json
+++ b/googleapiclient/discovery_cache/documents/cloudchannel.v1.json
@@ -1589,7 +1589,7 @@
       }
     }
   },
-  "revision": "20211105",
+  "revision": "20211112",
   "rootUrl": "https://cloudchannel.googleapis.com/",
   "schemas": {
     "GoogleCloudChannelV1ActivateEntitlementRequest": {
diff --git a/googleapiclient/discovery_cache/documents/clouddebugger.v2.json b/googleapiclient/discovery_cache/documents/clouddebugger.v2.json
index e86bc11490f..bab28ae0601 100644
--- a/googleapiclient/discovery_cache/documents/clouddebugger.v2.json
+++ b/googleapiclient/discovery_cache/documents/clouddebugger.v2.json
@@ -448,7 +448,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211105",
   "rootUrl": "https://clouddebugger.googleapis.com/",
   "schemas": {
     "AliasContext": {
diff --git a/googleapiclient/discovery_cache/documents/cloudfunctions.v1.json b/googleapiclient/discovery_cache/documents/cloudfunctions.v1.json
index ed83caa8f04..20a61c0cca8 100644
--- a/googleapiclient/discovery_cache/documents/cloudfunctions.v1.json
+++ b/googleapiclient/discovery_cache/documents/cloudfunctions.v1.json
@@ -392,7 +392,7 @@
                   ],
                   "parameters": {
                     "options.requestedPolicyVersion": {
-                      "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+                      "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
                       "format": "int32",
                       "location": "query",
                       "type": "integer"
@@ -546,7 +546,7 @@
       }
     }
   },
-  "revision": "20211027",
+  "revision": "20211108",
   "rootUrl": "https://cloudfunctions.googleapis.com/",
   "schemas": {
     "AuditConfig": {
@@ -683,6 +683,10 @@
           "description": "User-provided description of a function.",
           "type": "string"
         },
+        "dockerRepository": {
+          "description": "User managed repository created in Artifact Registry optionally with a customer managed encryption key. If specified, deployments will use Artifact Registry. If unspecified and the deployment is eligible to use Artifact Registry, GCF will create and use a repository named 'gcf-artifacts' for every deployed region. This is the repository to which the function docker image will be pushed after it is built by Cloud Build. It must match the pattern `projects/{project}/locations/{location}/repositories/{repository}`. Cross-project repositories are not supported. Cross-location repositories are not supported. Repository format must be 'DOCKER'.",
+          "type": "string"
+        },
         "entryPoint": {
           "description": "The name of the function (as defined in source code) that will be executed. Defaults to the resource name suffix, if not specified. For backward compatibility, if function with given name is not found, then the system will try to use function named \"function\". For Node.js this is name of a function exported by the module specified in `source_location`.",
           "type": "string"
@@ -718,6 +722,10 @@
           ],
           "type": "string"
         },
+        "kmsKeyName": {
+          "description": "Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources. It must match the pattern `projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}`. If specified, you must also provide an artifact registry repository using the `docker_repository` field that was created with the same KMS crypto key. The following service accounts need to be granted the role 'Cloud KMS CryptoKey Encrypter/Decrypter (roles/cloudkms.cryptoKeyEncrypterDecrypter)' on the Key/KeyRing/Project/Organization (least access preferred). 1. Google Cloud Functions service account (service-{project_number}@gcf-admin-robot.iam.gserviceaccount.com) - Required to protect the function's image. 2. Google Storage service account (service-{project_number}@gs-project-accounts.iam.gserviceaccount.com) - Required to protect the function's source code. If this service account does not exist, deploying a function without a KMS key or retrieving the service agent name provisions it. For more information, see https://cloud.google.com/storage/docs/projects#service-agents and https://cloud.google.com/storage/docs/getting-service-agent#gsutil. Google Cloud Functions delegates access to service agents to protect function resources in internal projects that are not accessible by the end user.",
+          "type": "string"
+        },
         "labels": {
           "additionalProperties": {
             "type": "string"
diff --git a/googleapiclient/discovery_cache/documents/cloudidentity.v1.json b/googleapiclient/discovery_cache/documents/cloudidentity.v1.json
index 5bd9c74b8fd..6cc91529f43 100644
--- a/googleapiclient/discovery_cache/documents/cloudidentity.v1.json
+++ b/googleapiclient/discovery_cache/documents/cloudidentity.v1.json
@@ -1273,7 +1273,7 @@
       }
     }
   },
-  "revision": "20211102",
+  "revision": "20211108",
   "rootUrl": "https://cloudidentity.googleapis.com/",
   "schemas": {
     "CheckTransitiveMembershipResponse": {
diff --git a/googleapiclient/discovery_cache/documents/cloudidentity.v1beta1.json b/googleapiclient/discovery_cache/documents/cloudidentity.v1beta1.json
index 2b95477e6f9..3bcecaf9ede 100644
--- a/googleapiclient/discovery_cache/documents/cloudidentity.v1beta1.json
+++ b/googleapiclient/discovery_cache/documents/cloudidentity.v1beta1.json
@@ -1404,7 +1404,7 @@
       }
     }
   },
-  "revision": "20211102",
+  "revision": "20211108",
   "rootUrl": "https://cloudidentity.googleapis.com/",
   "schemas": {
     "AndroidAttributes": {
diff --git a/googleapiclient/discovery_cache/documents/cloudiot.v1.json b/googleapiclient/discovery_cache/documents/cloudiot.v1.json
index 94d9c0b85ca..8fd04e9255e 100644
--- a/googleapiclient/discovery_cache/documents/cloudiot.v1.json
+++ b/googleapiclient/discovery_cache/documents/cloudiot.v1.json
@@ -938,7 +938,7 @@
       }
     }
   },
-  "revision": "20211018",
+  "revision": "20211102",
   "rootUrl": "https://cloudiot.googleapis.com/",
   "schemas": {
     "BindDeviceToGatewayRequest": {
diff --git a/googleapiclient/discovery_cache/documents/cloudkms.v1.json b/googleapiclient/discovery_cache/documents/cloudkms.v1.json
index c26cb34edc3..7d9ad21a2cf 100644
--- a/googleapiclient/discovery_cache/documents/cloudkms.v1.json
+++ b/googleapiclient/discovery_cache/documents/cloudkms.v1.json
@@ -283,7 +283,7 @@
                   ],
                   "parameters": {
                     "options.requestedPolicyVersion": {
-                      "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+                      "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
                       "format": "int32",
                       "location": "query",
                       "type": "integer"
@@ -547,7 +547,7 @@
                       ],
                       "parameters": {
                         "options.requestedPolicyVersion": {
-                          "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+                          "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
                           "format": "int32",
                           "location": "query",
                           "type": "integer"
@@ -1210,7 +1210,7 @@
                       ],
                       "parameters": {
                         "options.requestedPolicyVersion": {
-                          "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+                          "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
                           "format": "int32",
                           "location": "query",
                           "type": "integer"
@@ -1346,7 +1346,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211105",
   "rootUrl": "https://cloudkms.googleapis.com/",
   "schemas": {
     "AsymmetricDecryptRequest": {
diff --git a/googleapiclient/discovery_cache/documents/cloudprofiler.v2.json b/googleapiclient/discovery_cache/documents/cloudprofiler.v2.json
index ee8311dfc86..042034f18a9 100644
--- a/googleapiclient/discovery_cache/documents/cloudprofiler.v2.json
+++ b/googleapiclient/discovery_cache/documents/cloudprofiler.v2.json
@@ -216,7 +216,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211106",
   "rootUrl": "https://cloudprofiler.googleapis.com/",
   "schemas": {
     "CreateProfileRequest": {
diff --git a/googleapiclient/discovery_cache/documents/cloudresourcemanager.v1.json b/googleapiclient/discovery_cache/documents/cloudresourcemanager.v1.json
index 688b8011c99..b48929c6d90 100644
--- a/googleapiclient/discovery_cache/documents/cloudresourcemanager.v1.json
+++ b/googleapiclient/discovery_cache/documents/cloudresourcemanager.v1.json
@@ -1171,7 +1171,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211107",
   "rootUrl": "https://cloudresourcemanager.googleapis.com/",
   "schemas": {
     "Ancestor": {
@@ -1460,7 +1460,7 @@
       "type": "object"
     },
     "DeleteOrganizationMetadata": {
-      "description": "LINT.IfChange A status object which is used as the `metadata` field for the operation returned by DeleteOrganization.",
+      "description": "A status object which is used as the `metadata` field for the operation returned by DeleteOrganization.",
       "id": "DeleteOrganizationMetadata",
       "properties": {},
       "type": "object"
@@ -1644,7 +1644,7 @@
       "id": "GetPolicyOptions",
       "properties": {
         "requestedPolicyVersion": {
-          "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+          "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
           "format": "int32",
           "type": "integer"
         }
@@ -2246,7 +2246,7 @@
       "type": "object"
     },
     "UndeleteOrganizationMetadata": {
-      "description": "LINT.IfChange A status object which is used as the `metadata` field for the Operation returned by UndeleteOrganization.",
+      "description": "A status object which is used as the `metadata` field for the Operation returned by UndeleteOrganization.",
       "id": "UndeleteOrganizationMetadata",
       "properties": {},
       "type": "object"
diff --git a/googleapiclient/discovery_cache/documents/cloudresourcemanager.v1beta1.json b/googleapiclient/discovery_cache/documents/cloudresourcemanager.v1beta1.json
index 4b08d961ec6..d4248f9cbb2 100644
--- a/googleapiclient/discovery_cache/documents/cloudresourcemanager.v1beta1.json
+++ b/googleapiclient/discovery_cache/documents/cloudresourcemanager.v1beta1.json
@@ -566,7 +566,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211107",
   "rootUrl": "https://cloudresourcemanager.googleapis.com/",
   "schemas": {
     "Ancestor": {
@@ -776,7 +776,7 @@
       "type": "object"
     },
     "DeleteOrganizationMetadata": {
-      "description": "LINT.IfChange A status object which is used as the `metadata` field for the operation returned by DeleteOrganization.",
+      "description": "A status object which is used as the `metadata` field for the operation returned by DeleteOrganization.",
       "id": "DeleteOrganizationMetadata",
       "properties": {},
       "type": "object"
@@ -938,7 +938,7 @@
       "id": "GetPolicyOptions",
       "properties": {
         "requestedPolicyVersion": {
-          "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+          "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
           "format": "int32",
           "type": "integer"
         }
@@ -1228,7 +1228,7 @@
       "type": "object"
     },
     "UndeleteOrganizationMetadata": {
-      "description": "LINT.IfChange A status object which is used as the `metadata` field for the Operation returned by UndeleteOrganization.",
+      "description": "A status object which is used as the `metadata` field for the Operation returned by UndeleteOrganization.",
       "id": "UndeleteOrganizationMetadata",
       "properties": {},
       "type": "object"
diff --git a/googleapiclient/discovery_cache/documents/cloudresourcemanager.v2.json b/googleapiclient/discovery_cache/documents/cloudresourcemanager.v2.json
index 28b037d435e..e8d3756573b 100644
--- a/googleapiclient/discovery_cache/documents/cloudresourcemanager.v2.json
+++ b/googleapiclient/discovery_cache/documents/cloudresourcemanager.v2.json
@@ -450,7 +450,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211107",
   "rootUrl": "https://cloudresourcemanager.googleapis.com/",
   "schemas": {
     "AuditConfig": {
@@ -649,7 +649,7 @@
       "type": "object"
     },
     "DeleteOrganizationMetadata": {
-      "description": "LINT.IfChange A status object which is used as the `metadata` field for the operation returned by DeleteOrganization.",
+      "description": "A status object which is used as the `metadata` field for the operation returned by DeleteOrganization.",
       "id": "DeleteOrganizationMetadata",
       "properties": {},
       "type": "object"
@@ -826,7 +826,7 @@
       "id": "GetPolicyOptions",
       "properties": {
         "requestedPolicyVersion": {
-          "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+          "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
           "format": "int32",
           "type": "integer"
         }
@@ -1095,7 +1095,7 @@
       "type": "object"
     },
     "UndeleteOrganizationMetadata": {
-      "description": "LINT.IfChange A status object which is used as the `metadata` field for the Operation returned by UndeleteOrganization.",
+      "description": "A status object which is used as the `metadata` field for the Operation returned by UndeleteOrganization.",
       "id": "UndeleteOrganizationMetadata",
       "properties": {},
       "type": "object"
diff --git a/googleapiclient/discovery_cache/documents/cloudresourcemanager.v2beta1.json b/googleapiclient/discovery_cache/documents/cloudresourcemanager.v2beta1.json
index c07f9f9da93..fc12809b145 100644
--- a/googleapiclient/discovery_cache/documents/cloudresourcemanager.v2beta1.json
+++ b/googleapiclient/discovery_cache/documents/cloudresourcemanager.v2beta1.json
@@ -450,7 +450,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211107",
   "rootUrl": "https://cloudresourcemanager.googleapis.com/",
   "schemas": {
     "AuditConfig": {
@@ -649,7 +649,7 @@
       "type": "object"
     },
     "DeleteOrganizationMetadata": {
-      "description": "LINT.IfChange A status object which is used as the `metadata` field for the operation returned by DeleteOrganization.",
+      "description": "A status object which is used as the `metadata` field for the operation returned by DeleteOrganization.",
       "id": "DeleteOrganizationMetadata",
       "properties": {},
       "type": "object"
@@ -826,7 +826,7 @@
       "id": "GetPolicyOptions",
       "properties": {
         "requestedPolicyVersion": {
-          "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+          "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
           "format": "int32",
           "type": "integer"
         }
@@ -1095,7 +1095,7 @@
       "type": "object"
     },
     "UndeleteOrganizationMetadata": {
-      "description": "LINT.IfChange A status object which is used as the `metadata` field for the Operation returned by UndeleteOrganization.",
+      "description": "A status object which is used as the `metadata` field for the Operation returned by UndeleteOrganization.",
       "id": "UndeleteOrganizationMetadata",
       "properties": {},
       "type": "object"
diff --git a/googleapiclient/discovery_cache/documents/cloudresourcemanager.v3.json b/googleapiclient/discovery_cache/documents/cloudresourcemanager.v3.json
index b39ab2cf56b..4b918da23d9 100644
--- a/googleapiclient/discovery_cache/documents/cloudresourcemanager.v3.json
+++ b/googleapiclient/discovery_cache/documents/cloudresourcemanager.v3.json
@@ -1612,7 +1612,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211107",
   "rootUrl": "https://cloudresourcemanager.googleapis.com/",
   "schemas": {
     "AuditConfig": {
@@ -1811,7 +1811,7 @@
       "type": "object"
     },
     "DeleteOrganizationMetadata": {
-      "description": "LINT.IfChange A status object which is used as the `metadata` field for the operation returned by DeleteOrganization.",
+      "description": "A status object which is used as the `metadata` field for the operation returned by DeleteOrganization.",
       "id": "DeleteOrganizationMetadata",
       "properties": {},
       "type": "object"
@@ -2011,7 +2011,7 @@
       "id": "GetPolicyOptions",
       "properties": {
         "requestedPolicyVersion": {
-          "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+          "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
           "format": "int32",
           "type": "integer"
         }
@@ -2668,7 +2668,7 @@
       "type": "object"
     },
     "UndeleteOrganizationMetadata": {
-      "description": "LINT.IfChange A status object which is used as the `metadata` field for the Operation returned by UndeleteOrganization.",
+      "description": "A status object which is used as the `metadata` field for the Operation returned by UndeleteOrganization.",
       "id": "UndeleteOrganizationMetadata",
       "properties": {},
       "type": "object"
diff --git a/googleapiclient/discovery_cache/documents/cloudscheduler.v1.json b/googleapiclient/discovery_cache/documents/cloudscheduler.v1.json
index 7535fc300c5..f6290e5f023 100644
--- a/googleapiclient/discovery_cache/documents/cloudscheduler.v1.json
+++ b/googleapiclient/discovery_cache/documents/cloudscheduler.v1.json
@@ -418,7 +418,7 @@
       }
     }
   },
-  "revision": "20211015",
+  "revision": "20211106",
   "rootUrl": "https://cloudscheduler.googleapis.com/",
   "schemas": {
     "AppEngineHttpTarget": {
diff --git a/googleapiclient/discovery_cache/documents/cloudscheduler.v1beta1.json b/googleapiclient/discovery_cache/documents/cloudscheduler.v1beta1.json
index 853341ca05f..3fb11fc72b5 100644
--- a/googleapiclient/discovery_cache/documents/cloudscheduler.v1beta1.json
+++ b/googleapiclient/discovery_cache/documents/cloudscheduler.v1beta1.json
@@ -433,7 +433,7 @@
       }
     }
   },
-  "revision": "20211015",
+  "revision": "20211106",
   "rootUrl": "https://cloudscheduler.googleapis.com/",
   "schemas": {
     "AppEngineHttpTarget": {
diff --git a/googleapiclient/discovery_cache/documents/cloudsearch.v1.json b/googleapiclient/discovery_cache/documents/cloudsearch.v1.json
index 1ec6ad04ceb..5eb7ac6fca8 100644
--- a/googleapiclient/discovery_cache/documents/cloudsearch.v1.json
+++ b/googleapiclient/discovery_cache/documents/cloudsearch.v1.json
@@ -1940,7 +1940,7 @@
       }
     }
   },
-  "revision": "20211025",
+  "revision": "20211102",
   "rootUrl": "https://cloudsearch.googleapis.com/",
   "schemas": {
     "AuditLoggingSettings": {
diff --git a/googleapiclient/discovery_cache/documents/cloudshell.v1.json b/googleapiclient/discovery_cache/documents/cloudshell.v1.json
index a27428088a4..f383b9846fd 100644
--- a/googleapiclient/discovery_cache/documents/cloudshell.v1.json
+++ b/googleapiclient/discovery_cache/documents/cloudshell.v1.json
@@ -374,7 +374,7 @@
       }
     }
   },
-  "revision": "20211102",
+  "revision": "20211108",
   "rootUrl": "https://cloudshell.googleapis.com/",
   "schemas": {
     "AddPublicKeyMetadata": {
diff --git a/googleapiclient/discovery_cache/documents/cloudsupport.v2beta.json b/googleapiclient/discovery_cache/documents/cloudsupport.v2beta.json
index 98a49bd9787..0aadb033059 100644
--- a/googleapiclient/discovery_cache/documents/cloudsupport.v2beta.json
+++ b/googleapiclient/discovery_cache/documents/cloudsupport.v2beta.json
@@ -580,7 +580,7 @@
       }
     }
   },
-  "revision": "20211105",
+  "revision": "20211112",
   "rootUrl": "https://cloudsupport.googleapis.com/",
   "schemas": {
     "Actor": {
diff --git a/googleapiclient/discovery_cache/documents/cloudtasks.v2.json b/googleapiclient/discovery_cache/documents/cloudtasks.v2.json
index 52d8d1762f8..c0e5feaa3bb 100644
--- a/googleapiclient/discovery_cache/documents/cloudtasks.v2.json
+++ b/googleapiclient/discovery_cache/documents/cloudtasks.v2.json
@@ -685,7 +685,7 @@
       }
     }
   },
-  "revision": "20211015",
+  "revision": "20211103",
   "rootUrl": "https://cloudtasks.googleapis.com/",
   "schemas": {
     "AppEngineHttpRequest": {
diff --git a/googleapiclient/discovery_cache/documents/cloudtasks.v2beta2.json b/googleapiclient/discovery_cache/documents/cloudtasks.v2beta2.json
index 79aa6a52f20..4bcf3044a66 100644
--- a/googleapiclient/discovery_cache/documents/cloudtasks.v2beta2.json
+++ b/googleapiclient/discovery_cache/documents/cloudtasks.v2beta2.json
@@ -809,7 +809,7 @@
       }
     }
   },
-  "revision": "20211015",
+  "revision": "20211103",
   "rootUrl": "https://cloudtasks.googleapis.com/",
   "schemas": {
     "AcknowledgeTaskRequest": {
diff --git a/googleapiclient/discovery_cache/documents/cloudtasks.v2beta3.json b/googleapiclient/discovery_cache/documents/cloudtasks.v2beta3.json
index a78205de6be..f73f1e51471 100644
--- a/googleapiclient/discovery_cache/documents/cloudtasks.v2beta3.json
+++ b/googleapiclient/discovery_cache/documents/cloudtasks.v2beta3.json
@@ -697,7 +697,7 @@
       }
     }
   },
-  "revision": "20211015",
+  "revision": "20211103",
   "rootUrl": "https://cloudtasks.googleapis.com/",
   "schemas": {
     "AppEngineHttpQueue": {
diff --git a/googleapiclient/discovery_cache/documents/cloudtrace.v1.json b/googleapiclient/discovery_cache/documents/cloudtrace.v1.json
index 9b3ebc23e54..4b5e6c0f512 100644
--- a/googleapiclient/discovery_cache/documents/cloudtrace.v1.json
+++ b/googleapiclient/discovery_cache/documents/cloudtrace.v1.json
@@ -257,7 +257,7 @@
       }
     }
   },
-  "revision": "20211022",
+  "revision": "20211105",
   "rootUrl": "https://cloudtrace.googleapis.com/",
   "schemas": {
     "Empty": {
diff --git a/googleapiclient/discovery_cache/documents/cloudtrace.v2.json b/googleapiclient/discovery_cache/documents/cloudtrace.v2.json
index 62724467617..62b8eae5d52 100644
--- a/googleapiclient/discovery_cache/documents/cloudtrace.v2.json
+++ b/googleapiclient/discovery_cache/documents/cloudtrace.v2.json
@@ -181,7 +181,7 @@
       }
     }
   },
-  "revision": "20211022",
+  "revision": "20211105",
   "rootUrl": "https://cloudtrace.googleapis.com/",
   "schemas": {
     "Annotation": {
diff --git a/googleapiclient/discovery_cache/documents/cloudtrace.v2beta1.json b/googleapiclient/discovery_cache/documents/cloudtrace.v2beta1.json
index 6846b627681..b6973ffc855 100644
--- a/googleapiclient/discovery_cache/documents/cloudtrace.v2beta1.json
+++ b/googleapiclient/discovery_cache/documents/cloudtrace.v2beta1.json
@@ -273,7 +273,7 @@
       }
     }
   },
-  "revision": "20211022",
+  "revision": "20211105",
   "rootUrl": "https://cloudtrace.googleapis.com/",
   "schemas": {
     "Empty": {
diff --git a/googleapiclient/discovery_cache/documents/connectors.v1.json b/googleapiclient/discovery_cache/documents/connectors.v1.json
index 6309f8e886d..1a9f7595d92 100644
--- a/googleapiclient/discovery_cache/documents/connectors.v1.json
+++ b/googleapiclient/discovery_cache/documents/connectors.v1.json
@@ -337,7 +337,7 @@
                   ],
                   "parameters": {
                     "options.requestedPolicyVersion": {
-                      "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+                      "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
                       "format": "int32",
                       "location": "query",
                       "type": "integer"
@@ -523,7 +523,7 @@
                       ],
                       "parameters": {
                         "filter": {
-                          "description": "Filter",
+                          "description": "Required. Filter Format: action=\"{actionId}\" Only action field is supported with literal equality operator. Accepted filter example: action=\"CancelOrder\" Wildcards are not supported in the filter currently.",
                           "location": "query",
                           "type": "string"
                         },
@@ -568,7 +568,7 @@
                       ],
                       "parameters": {
                         "filter": {
-                          "description": "Filter",
+                          "description": "Required. Filter Format: entity=\"{entityId}\" Only entity field is supported with literal equality operator. Accepted filter example: entity=\"Order\" Wildcards are not supported in the filter currently.",
                           "location": "query",
                           "type": "string"
                         },
@@ -971,7 +971,7 @@
                   ],
                   "parameters": {
                     "options.requestedPolicyVersion": {
-                      "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+                      "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
                       "format": "int32",
                       "location": "query",
                       "type": "integer"
@@ -1055,7 +1055,7 @@
       }
     }
   },
-  "revision": "20211003",
+  "revision": "20211106",
   "rootUrl": "https://connectors.googleapis.com/",
   "schemas": {
     "AuditConfig": {
@@ -1179,22 +1179,22 @@
       "type": "object"
     },
     "Binding": {
-      "description": "Associates `members` with a `role`.",
+      "description": "Associates `members`, or principals, with a `role`.",
       "id": "Binding",
       "properties": {
         "condition": {
           "$ref": "Expr",
-          "description": "The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
+          "description": "The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
         },
         "members": {
-          "description": "Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. ",
+          "description": "Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. ",
           "items": {
             "type": "string"
           },
           "type": "array"
         },
         "role": {
-          "description": "Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.",
+          "description": "Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.",
           "type": "string"
         }
       },
@@ -2269,7 +2269,7 @@
       "type": "object"
     },
     "Policy": {
-      "description": "An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { \"bindings\": [ { \"role\": \"roles/resourcemanager.organizationAdmin\", \"members\": [ \"user:mike@example.com\", \"group:admins@example.com\", \"domain:google.com\", \"serviceAccount:my-project-id@appspot.gserviceaccount.com\" ] }, { \"role\": \"roles/resourcemanager.organizationViewer\", \"members\": [ \"user:eve@example.com\" ], \"condition\": { \"title\": \"expirable access\", \"description\": \"Does not grant access after Sep 2020\", \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\", } } ], \"etag\": \"BwWWja0YfJA=\", \"version\": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).",
+      "description": "An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { \"bindings\": [ { \"role\": \"roles/resourcemanager.organizationAdmin\", \"members\": [ \"user:mike@example.com\", \"group:admins@example.com\", \"domain:google.com\", \"serviceAccount:my-project-id@appspot.gserviceaccount.com\" ] }, { \"role\": \"roles/resourcemanager.organizationViewer\", \"members\": [ \"user:eve@example.com\" ], \"condition\": { \"title\": \"expirable access\", \"description\": \"Does not grant access after Sep 2020\", \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\", } } ], \"etag\": \"BwWWja0YfJA=\", \"version\": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).",
       "id": "Policy",
       "properties": {
         "auditConfigs": {
@@ -2280,7 +2280,7 @@
           "type": "array"
         },
         "bindings": {
-          "description": "Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.",
+          "description": "Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.",
           "items": {
             "$ref": "Binding"
           },
diff --git a/googleapiclient/discovery_cache/documents/contactcenterinsights.v1.json b/googleapiclient/discovery_cache/documents/contactcenterinsights.v1.json
index 69df146210d..a90f52816db 100644
--- a/googleapiclient/discovery_cache/documents/contactcenterinsights.v1.json
+++ b/googleapiclient/discovery_cache/documents/contactcenterinsights.v1.json
@@ -212,7 +212,7 @@
                   ],
                   "parameters": {
                     "conversationId": {
-                      "description": "A unique ID for the new conversation. This ID will become the final component of the conversation's resource name. If no ID is specified, a server-generated ID will be used. This value should be 4-32 characters and must match the regular expression /^[a-z0-9-]{4,32}$/. Valid characters are /a-z-/",
+                      "description": "A unique ID for the new conversation. This ID will become the final component of the conversation's resource name. If no ID is specified, a server-generated ID will be used. This value should be 4-64 characters and must match the regular expression /^[a-z0-9-]{4,64}$/. Valid characters are /a-z-/",
                       "location": "query",
                       "type": "string"
                     },
@@ -1123,7 +1123,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211112",
   "rootUrl": "https://contactcenterinsights.googleapis.com/",
   "schemas": {
     "GoogleCloudContactcenterinsightsV1Analysis": {
@@ -1349,6 +1349,13 @@
           "description": "A map associating each issue resource name with its respective number of matches in the set of conversations. Key has the format: `projects//locations//issueModels//issues/` Deprecated, use `issue_matches_stats` field instead.",
           "type": "object"
         },
+        "issueMatchesStats": {
+          "additionalProperties": {
+            "$ref": "GoogleCloudContactcenterinsightsV1IssueModelLabelStatsIssueStats"
+          },
+          "description": "A map associating each issue resource name with its respective number of matches in the set of conversations. Key has the format: `projects//locations//issueModels//issues/`",
+          "type": "object"
+        },
         "smartHighlighterMatches": {
           "additionalProperties": {
             "format": "int32",
@@ -2355,6 +2362,10 @@
       "description": "Aggregated statistics about an issue.",
       "id": "GoogleCloudContactcenterinsightsV1IssueModelLabelStatsIssueStats",
       "properties": {
+        "displayName": {
+          "description": "Display name of the issue.",
+          "type": "string"
+        },
         "issue": {
           "description": "Issue resource. Format: projects/{project}/locations/{location}/issueModels/{issue_model}/issues/{issue}",
           "type": "string"
@@ -3175,6 +3186,10 @@
       "description": "Aggregated statistics about an issue.",
       "id": "GoogleCloudContactcenterinsightsV1alpha1IssueModelLabelStatsIssueStats",
       "properties": {
+        "displayName": {
+          "description": "Display name of the issue.",
+          "type": "string"
+        },
         "issue": {
           "description": "Issue resource. Format: projects/{project}/locations/{location}/issueModels/{issue_model}/issues/{issue}",
           "type": "string"
diff --git a/googleapiclient/discovery_cache/documents/container.v1.json b/googleapiclient/discovery_cache/documents/container.v1.json
index 1d8435e4332..a7caa5972b6 100644
--- a/googleapiclient/discovery_cache/documents/container.v1.json
+++ b/googleapiclient/discovery_cache/documents/container.v1.json
@@ -2459,7 +2459,7 @@
       }
     }
   },
-  "revision": "20211016",
+  "revision": "20211103",
   "rootUrl": "https://container.googleapis.com/",
   "schemas": {
     "AcceleratorConfig": {
diff --git a/googleapiclient/discovery_cache/documents/container.v1beta1.json b/googleapiclient/discovery_cache/documents/container.v1beta1.json
index 649830d4419..508a296e657 100644
--- a/googleapiclient/discovery_cache/documents/container.v1beta1.json
+++ b/googleapiclient/discovery_cache/documents/container.v1beta1.json
@@ -2484,7 +2484,7 @@
       }
     }
   },
-  "revision": "20211016",
+  "revision": "20211103",
   "rootUrl": "https://container.googleapis.com/",
   "schemas": {
     "AcceleratorConfig": {
diff --git a/googleapiclient/discovery_cache/documents/containeranalysis.v1.json b/googleapiclient/discovery_cache/documents/containeranalysis.v1.json
index 1f8abe3d405..9704feb4eb0 100644
--- a/googleapiclient/discovery_cache/documents/containeranalysis.v1.json
+++ b/googleapiclient/discovery_cache/documents/containeranalysis.v1.json
@@ -878,7 +878,7 @@
       }
     }
   },
-  "revision": "20211027",
+  "revision": "20211105",
   "rootUrl": "https://containeranalysis.googleapis.com/",
   "schemas": {
     "AliasContext": {
@@ -1062,11 +1062,15 @@
       "properties": {
         "intotoProvenance": {
           "$ref": "InTotoProvenance",
-          "description": "In-toto Provenance representation as defined in spec."
+          "description": "Deprecated. See InTotoStatement for the replacement. In-toto Provenance representation as defined in spec."
+        },
+        "intotoStatement": {
+          "$ref": "InTotoStatement",
+          "description": "In-toto Statement representation as defined in spec. The intoto_statement can contain any type of provenance. The serialized payload of the statement can be stored and signed in the Occurrence's envelope."
         },
         "provenance": {
           "$ref": "BuildProvenance",
-          "description": "Required. The actual provenance for the build."
+          "description": "The actual provenance for the build."
         },
         "provenanceBytes": {
           "description": "Serialized JSON representation of the provenance, used in generating the build signature in the corresponding build note. After verifying the signature, `provenance_bytes` can be unmarshalled and compared to the provenance to confirm that it is unchanged. A base64-encoded string representation of the provenance bytes is used for the signature in order to interoperate with openssl which expects this format for signature verification. The serialized form is captured both to avoid ambiguity in how the provenance is marshalled to json as well to prevent incompatibilities with future changes.",
@@ -1146,112 +1150,6 @@
       },
       "type": "object"
     },
-    "BuildStep": {
-      "description": "A step in the build pipeline.",
-      "id": "BuildStep",
-      "properties": {
-        "args": {
-          "description": "A list of arguments that will be presented to the step when it is started. If the image used to run the step's container has an entrypoint, the `args` are used as arguments to that entrypoint. If the image does not define an entrypoint, the first element in args is used as the entrypoint, and the remainder will be used as arguments.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "dir": {
-          "description": "Working directory to use when running this step's container. If this value is a relative path, it is relative to the build's working directory. If this value is absolute, it may be outside the build's working directory, in which case the contents of the path may not be persisted across build step executions, unless a `volume` for that path is specified. If the build specifies a `RepoSource` with `dir` and a step with a `dir`, which specifies an absolute path, the `RepoSource` `dir` is ignored for the step's execution.",
-          "type": "string"
-        },
-        "entrypoint": {
-          "description": "Entrypoint to be used instead of the build step image's default entrypoint. If unset, the image's default entrypoint is used.",
-          "type": "string"
-        },
-        "env": {
-          "description": "A list of environment variable definitions to be used when running a step. The elements are of the form \"KEY=VALUE\" for the environment variable \"KEY\" being given the value \"VALUE\".",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "id": {
-          "description": "Unique identifier for this build step, used in `wait_for` to reference this build step as a dependency.",
-          "type": "string"
-        },
-        "name": {
-          "description": "Required. The name of the container image that will run this particular build step. If the image is available in the host's Docker daemon's cache, it will be run directly. If not, the host will attempt to pull the image first, using the builder service account's credentials if necessary. The Docker daemon's cache will already have the latest versions of all of the officially supported build steps ([https://github.com/GoogleCloudPlatform/cloud-builders](https://github.com/GoogleCloudPlatform/cloud-builders)). The Docker daemon will also have cached many of the layers for some popular images, like \"ubuntu\", \"debian\", but they will be refreshed at the time you attempt to use them. If you built an image in a previous build step, it will be stored in the host's Docker daemon's cache and is available to use as the name for a later build step.",
-          "type": "string"
-        },
-        "pullTiming": {
-          "$ref": "TimeSpan",
-          "description": "Output only. Stores timing information for pulling this build step's builder image only.",
-          "readOnly": true
-        },
-        "script": {
-          "description": "A shell script to be executed in the step. When script is provided, the user cannot specify the entrypoint or args.",
-          "type": "string"
-        },
-        "secretEnv": {
-          "description": "A list of environment variables which are encrypted using a Cloud Key Management Service crypto key. These values must be specified in the build's `Secret`.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "status": {
-          "description": "Output only. Status of the build step. At this time, build step status is only updated on build completion; step status is not updated in real-time as the build progresses.",
-          "enum": [
-            "STATUS_UNKNOWN",
-            "PENDING",
-            "QUEUED",
-            "WORKING",
-            "SUCCESS",
-            "FAILURE",
-            "INTERNAL_ERROR",
-            "TIMEOUT",
-            "CANCELLED",
-            "EXPIRED"
-          ],
-          "enumDescriptions": [
-            "Status of the build is unknown.",
-            "Build has been created and is pending execution and queuing. It has not been queued.",
-            "Build or step is queued; work has not yet begun.",
-            "Build or step is being executed.",
-            "Build or step finished successfully.",
-            "Build or step failed to complete successfully.",
-            "Build or step failed due to an internal cause.",
-            "Build or step took longer than was allowed.",
-            "Build or step was canceled by a user.",
-            "Build was enqueued for longer than the value of `queue_ttl`."
-          ],
-          "readOnly": true,
-          "type": "string"
-        },
-        "timeout": {
-          "description": "Time limit for executing this build step. If not defined, the step has no time limit and will be allowed to continue to run until either it completes or the build itself times out.",
-          "format": "google-duration",
-          "type": "string"
-        },
-        "timing": {
-          "$ref": "TimeSpan",
-          "description": "Output only. Stores timing information for executing this build step.",
-          "readOnly": true
-        },
-        "volumes": {
-          "description": "List of volumes to mount into the build step. Each volume is created as an empty volume prior to execution of the build step. Upon completion of the build, volumes and their contents are discarded. Using a named volume in only one step is not valid as it is indicative of a build request with an incorrect configuration.",
-          "items": {
-            "$ref": "Volume"
-          },
-          "type": "array"
-        },
-        "waitFor": {
-          "description": "The ID(s) of the step(s) that this build step depends on. This build step will not start until all the build steps in `wait_for` have completed successfully. If `wait_for` is empty, this build step will start when all previous build steps in the `Build.Steps` list have completed successfully.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        }
-      },
-      "type": "object"
-    },
     "BuilderConfig": {
       "id": "BuilderConfig",
       "properties": {
@@ -1468,128 +1366,1096 @@
       },
       "type": "object"
     },
-    "Command": {
-      "description": "Command describes a step performed as part of the build pipeline.",
-      "id": "Command",
+    "Command": {
+      "description": "Command describes a step performed as part of the build pipeline.",
+      "id": "Command",
+      "properties": {
+        "args": {
+          "description": "Command-line arguments used when executing this command.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "dir": {
+          "description": "Working directory (relative to project source root) used when running this command.",
+          "type": "string"
+        },
+        "env": {
+          "description": "Environment variables set before running this command.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "id": {
+          "description": "Optional unique identifier for this command, used in wait_for to reference this command as a dependency.",
+          "type": "string"
+        },
+        "name": {
+          "description": "Required. Name of the command, as presented on the command line, or if the command is packaged as a Docker container, as presented to `docker pull`.",
+          "type": "string"
+        },
+        "waitFor": {
+          "description": "The ID(s) of the command(s) that this command depends on.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "Completeness": {
+      "description": "Indicates that the builder claims certain fields in this message to be complete.",
+      "id": "Completeness",
+      "properties": {
+        "arguments": {
+          "description": "If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.",
+          "type": "boolean"
+        },
+        "environment": {
+          "description": "If true, the builder claims that recipe.environment is claimed to be complete.",
+          "type": "boolean"
+        },
+        "materials": {
+          "description": "If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called \"hermetic\".",
+          "type": "boolean"
+        }
+      },
+      "type": "object"
+    },
+    "ComplianceNote": {
+      "id": "ComplianceNote",
+      "properties": {
+        "cisBenchmark": {
+          "$ref": "CisBenchmark"
+        },
+        "description": {
+          "description": "A description about this compliance check.",
+          "type": "string"
+        },
+        "rationale": {
+          "description": "A rationale for the existence of this compliance check.",
+          "type": "string"
+        },
+        "remediation": {
+          "description": "A description of remediation steps if the compliance check fails.",
+          "type": "string"
+        },
+        "scanInstructions": {
+          "description": "Serialized scan instructions with a predefined format.",
+          "format": "byte",
+          "type": "string"
+        },
+        "title": {
+          "description": "The title that identifies this compliance check.",
+          "type": "string"
+        },
+        "version": {
+          "description": "The OS and config versions the benchmark applies to.",
+          "items": {
+            "$ref": "ComplianceVersion"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "ComplianceOccurrence": {
+      "description": "An indication that the compliance checks in the associated ComplianceNote were not satisfied for particular resources or a specified reason.",
+      "id": "ComplianceOccurrence",
+      "properties": {
+        "nonComplianceReason": {
+          "type": "string"
+        },
+        "nonCompliantFiles": {
+          "items": {
+            "$ref": "NonCompliantFile"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "ComplianceVersion": {
+      "description": "Describes the CIS benchmark version that is applicable to a given OS and os version.",
+      "id": "ComplianceVersion",
+      "properties": {
+        "cpeUri": {
+          "description": "The CPE URI (https://cpe.mitre.org/specification/) this benchmark is applicable to.",
+          "type": "string"
+        },
+        "version": {
+          "description": "The version of the benchmark. This is set to the version of the OS-specific CIS document the benchmark is defined in.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1ApprovalConfig": {
+      "description": "ApprovalConfig describes configuration for manual approval of a build.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1ApprovalConfig",
+      "properties": {
+        "approvalRequired": {
+          "description": "Whether or not approval is needed. If this is set on a build, it will become pending when created, and will need to be explicitly approved to start.",
+          "type": "boolean"
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1ApprovalResult": {
+      "description": "ApprovalResult describes the decision and associated metadata of a manual approval of a build.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1ApprovalResult",
+      "properties": {
+        "approvalTime": {
+          "description": "Output only. The time when the approval decision was made.",
+          "format": "google-datetime",
+          "readOnly": true,
+          "type": "string"
+        },
+        "approverAccount": {
+          "description": "Output only. Email of the user that called the ApproveBuild API to approve or reject a build at the time that the API was called.",
+          "readOnly": true,
+          "type": "string"
+        },
+        "comment": {
+          "description": "Optional. An optional comment for this manual approval result.",
+          "type": "string"
+        },
+        "decision": {
+          "description": "Required. The decision of this manual approval.",
+          "enum": [
+            "DECISION_UNSPECIFIED",
+            "APPROVED",
+            "REJECTED"
+          ],
+          "enumDescriptions": [
+            "Default enum type. This should not be used.",
+            "Build is approved.",
+            "Build is rejected."
+          ],
+          "type": "string"
+        },
+        "url": {
+          "description": "Optional. An optional URL tied to this manual approval result. This field is essentially the same as comment, except that it will be rendered by the UI differently. An example use case is a link to an external job that approved this Build.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1Artifacts": {
+      "description": "Artifacts produced by a build that should be uploaded upon successful completion of all build steps.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1Artifacts",
+      "properties": {
+        "images": {
+          "description": "A list of images to be pushed upon the successful completion of all build steps. The images will be pushed using the builder service account's credentials. The digests of the pushed images will be stored in the Build resource's results field. If any of the images fail to be pushed, the build is marked FAILURE.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "objects": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1ArtifactsArtifactObjects",
+          "description": "A list of objects to be uploaded to Cloud Storage upon successful completion of all build steps. Files in the workspace matching specified paths globs will be uploaded to the specified Cloud Storage location using the builder service account's credentials. The location and generation of the uploaded objects will be stored in the Build resource's results field. If any objects fail to be pushed, the build is marked FAILURE."
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1ArtifactsArtifactObjects": {
+      "description": "Files in the workspace to upload to Cloud Storage upon successful completion of all build steps.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1ArtifactsArtifactObjects",
+      "properties": {
+        "location": {
+          "description": "Cloud Storage bucket and optional object path, in the form \"gs://bucket/path/to/somewhere/\". (see [Bucket Name Requirements](https://cloud.google.com/storage/docs/bucket-naming#requirements)). Files in the workspace matching any path pattern will be uploaded to Cloud Storage with this location as a prefix.",
+          "type": "string"
+        },
+        "paths": {
+          "description": "Path globs used to match files in the build's workspace.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "timing": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1TimeSpan",
+          "description": "Output only. Stores timing information for pushing all artifact objects.",
+          "readOnly": true
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1Build": {
+      "description": "A build resource in the Cloud Build API. At a high level, a `Build` describes where to find source code, how to build it (for example, the builder image to run on the source), and where to store the built artifacts. Fields can include the following variables, which will be expanded when the build is created: - $PROJECT_ID: the project ID of the build. - $PROJECT_NUMBER: the project number of the build. - $LOCATION: the location/region of the build. - $BUILD_ID: the autogenerated ID of the build. - $REPO_NAME: the source repository name specified by RepoSource. - $BRANCH_NAME: the branch name specified by RepoSource. - $TAG_NAME: the tag name specified by RepoSource. - $REVISION_ID or $COMMIT_SHA: the commit SHA specified by RepoSource or resolved from the specified branch or tag. - $SHORT_SHA: first 7 characters of $REVISION_ID or $COMMIT_SHA.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1Build",
+      "properties": {
+        "approval": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1BuildApproval",
+          "description": "Output only. Describes this build's approval configuration, status, and result.",
+          "readOnly": true
+        },
+        "artifacts": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1Artifacts",
+          "description": "Artifacts produced by the build that should be uploaded upon successful completion of all build steps."
+        },
+        "availableSecrets": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1Secrets",
+          "description": "Secrets and secret environment variables."
+        },
+        "buildTriggerId": {
+          "description": "Output only. The ID of the `BuildTrigger` that triggered this build, if it was triggered automatically.",
+          "readOnly": true,
+          "type": "string"
+        },
+        "createTime": {
+          "description": "Output only. Time at which the request to create the build was received.",
+          "format": "google-datetime",
+          "readOnly": true,
+          "type": "string"
+        },
+        "failureInfo": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1BuildFailureInfo",
+          "description": "Output only. Contains information about the build when status=FAILURE.",
+          "readOnly": true
+        },
+        "finishTime": {
+          "description": "Output only. Time at which execution of the build was finished. The difference between finish_time and start_time is the duration of the build's execution.",
+          "format": "google-datetime",
+          "readOnly": true,
+          "type": "string"
+        },
+        "id": {
+          "description": "Output only. Unique identifier of the build.",
+          "readOnly": true,
+          "type": "string"
+        },
+        "images": {
+          "description": "A list of images to be pushed upon the successful completion of all build steps. The images are pushed using the builder service account's credentials. The digests of the pushed images will be stored in the `Build` resource's results field. If any of the images fail to be pushed, the build status is marked `FAILURE`.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "logUrl": {
+          "description": "Output only. URL to logs for this build in Google Cloud Console.",
+          "readOnly": true,
+          "type": "string"
+        },
+        "logsBucket": {
+          "description": "Google Cloud Storage bucket where logs should be written (see [Bucket Name Requirements](https://cloud.google.com/storage/docs/bucket-naming#requirements)). Logs file names will be of the format `${logs_bucket}/log-${build_id}.txt`.",
+          "type": "string"
+        },
+        "name": {
+          "description": "Output only. The 'Build' name with format: `projects/{project}/locations/{location}/builds/{build}`, where {build} is a unique identifier generated by the service.",
+          "readOnly": true,
+          "type": "string"
+        },
+        "options": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1BuildOptions",
+          "description": "Special options for this build."
+        },
+        "projectId": {
+          "description": "Output only. ID of the project.",
+          "readOnly": true,
+          "type": "string"
+        },
+        "queueTtl": {
+          "description": "TTL in queue for this build. If provided and the build is enqueued longer than this value, the build will expire and the build status will be `EXPIRED`. The TTL starts ticking from create_time.",
+          "format": "google-duration",
+          "type": "string"
+        },
+        "results": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1Results",
+          "description": "Output only. Results of the build.",
+          "readOnly": true
+        },
+        "secrets": {
+          "description": "Secrets to decrypt using Cloud Key Management Service. Note: Secret Manager is the recommended technique for managing sensitive data with Cloud Build. Use `available_secrets` to configure builds to access secrets from Secret Manager. For instructions, see: https://cloud.google.com/cloud-build/docs/securing-builds/use-secrets",
+          "items": {
+            "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1Secret"
+          },
+          "type": "array"
+        },
+        "serviceAccount": {
+          "description": "IAM service account whose credentials will be used at build runtime. Must be of the format `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`. ACCOUNT can be email address or uniqueId of the service account. ",
+          "type": "string"
+        },
+        "source": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1Source",
+          "description": "The location of the source files to build."
+        },
+        "sourceProvenance": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1SourceProvenance",
+          "description": "Output only. A permanent fixed identifier for source.",
+          "readOnly": true
+        },
+        "startTime": {
+          "description": "Output only. Time at which execution of the build was started.",
+          "format": "google-datetime",
+          "readOnly": true,
+          "type": "string"
+        },
+        "status": {
+          "description": "Output only. Status of the build.",
+          "enum": [
+            "STATUS_UNKNOWN",
+            "PENDING",
+            "QUEUED",
+            "WORKING",
+            "SUCCESS",
+            "FAILURE",
+            "INTERNAL_ERROR",
+            "TIMEOUT",
+            "CANCELLED",
+            "EXPIRED"
+          ],
+          "enumDescriptions": [
+            "Status of the build is unknown.",
+            "Build has been created and is pending execution and queuing. It has not been queued.",
+            "Build or step is queued; work has not yet begun.",
+            "Build or step is being executed.",
+            "Build or step finished successfully.",
+            "Build or step failed to complete successfully.",
+            "Build or step failed due to an internal cause.",
+            "Build or step took longer than was allowed.",
+            "Build or step was canceled by a user.",
+            "Build was enqueued for longer than the value of `queue_ttl`."
+          ],
+          "readOnly": true,
+          "type": "string"
+        },
+        "statusDetail": {
+          "description": "Output only. Customer-readable message about the current status.",
+          "readOnly": true,
+          "type": "string"
+        },
+        "steps": {
+          "description": "Required. The operations to be performed on the workspace.",
+          "items": {
+            "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1BuildStep"
+          },
+          "type": "array"
+        },
+        "substitutions": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "description": "Substitutions data for `Build` resource.",
+          "type": "object"
+        },
+        "tags": {
+          "description": "Tags for annotation of a `Build`. These are not docker tags.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "timeout": {
+          "description": "Amount of time that this build should be allowed to run, to second granularity. If this amount of time elapses, work on the build will cease and the build status will be `TIMEOUT`. `timeout` starts ticking from `startTime`. Default time is ten minutes.",
+          "format": "google-duration",
+          "type": "string"
+        },
+        "timing": {
+          "additionalProperties": {
+            "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1TimeSpan"
+          },
+          "description": "Output only. Stores timing information for phases of the build. Valid keys are: * BUILD: time to execute all build steps. * PUSH: time to push all specified images. * FETCHSOURCE: time to fetch source. * SETUPBUILD: time to set up build. If the build does not specify source or images, these keys will not be included.",
+          "readOnly": true,
+          "type": "object"
+        },
+        "warnings": {
+          "description": "Output only. Non-fatal problems encountered during the execution of the build.",
+          "items": {
+            "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1BuildWarning"
+          },
+          "readOnly": true,
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1BuildApproval": {
+      "description": "BuildApproval describes a build's approval configuration, state, and result.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1BuildApproval",
+      "properties": {
+        "config": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1ApprovalConfig",
+          "description": "Output only. Configuration for manual approval of this build.",
+          "readOnly": true
+        },
+        "result": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1ApprovalResult",
+          "description": "Output only. Result of manual approval for this Build.",
+          "readOnly": true
+        },
+        "state": {
+          "description": "Output only. The state of this build's approval.",
+          "enum": [
+            "STATE_UNSPECIFIED",
+            "PENDING",
+            "APPROVED",
+            "REJECTED",
+            "CANCELLED"
+          ],
+          "enumDescriptions": [
+            "Default enum type. This should not be used.",
+            "Build approval is pending.",
+            "Build approval has been approved.",
+            "Build approval has been rejected.",
+            "Build was cancelled while it was still pending approval."
+          ],
+          "readOnly": true,
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1BuildFailureInfo": {
+      "description": "A fatal problem encountered during the execution of the build.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1BuildFailureInfo",
+      "properties": {
+        "detail": {
+          "description": "Explains the failure issue in more detail using hard-coded text.",
+          "type": "string"
+        },
+        "type": {
+          "description": "The name of the failure.",
+          "enum": [
+            "FAILURE_TYPE_UNSPECIFIED",
+            "PUSH_FAILED",
+            "PUSH_IMAGE_NOT_FOUND",
+            "PUSH_NOT_AUTHORIZED",
+            "LOGGING_FAILURE",
+            "USER_BUILD_STEP",
+            "FETCH_SOURCE_FAILED"
+          ],
+          "enumDescriptions": [
+            "Type unspecified",
+            "Unable to push the image to the repository.",
+            "Final image not found.",
+            "Unauthorized push of the final image.",
+            "Backend logging failures. Should retry.",
+            "A build step has failed.",
+            "The source fetching has failed."
+          ],
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1BuildOptions": {
+      "description": "Optional arguments to enable specific features of builds.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1BuildOptions",
+      "properties": {
+        "diskSizeGb": {
+          "description": "Requested disk size for the VM that runs the build. Note that this is *NOT* \"disk free\"; some of the space will be used by the operating system and build utilities. Also note that this is the minimum disk size that will be allocated for the build -- the build may run with a larger disk than requested. At present, the maximum disk size is 1000GB; builds that request more than the maximum are rejected with an error.",
+          "format": "int64",
+          "type": "string"
+        },
+        "dynamicSubstitutions": {
+          "description": "Option to specify whether or not to apply bash style string operations to the substitutions. NOTE: this is always enabled for triggered builds and cannot be overridden in the build configuration file.",
+          "type": "boolean"
+        },
+        "env": {
+          "description": "A list of global environment variable definitions that will exist for all build steps in this build. If a variable is defined in both globally and in a build step, the variable will use the build step value. The elements are of the form \"KEY=VALUE\" for the environment variable \"KEY\" being given the value \"VALUE\".",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "logStreamingOption": {
+          "description": "Option to define build log streaming behavior to Google Cloud Storage.",
+          "enum": [
+            "STREAM_DEFAULT",
+            "STREAM_ON",
+            "STREAM_OFF"
+          ],
+          "enumDescriptions": [
+            "Service may automatically determine build log streaming behavior.",
+            "Build logs should be streamed to Google Cloud Storage.",
+            "Build logs should not be streamed to Google Cloud Storage; they will be written when the build is completed."
+          ],
+          "type": "string"
+        },
+        "logging": {
+          "description": "Option to specify the logging mode, which determines if and where build logs are stored.",
+          "enum": [
+            "LOGGING_UNSPECIFIED",
+            "LEGACY",
+            "GCS_ONLY",
+            "STACKDRIVER_ONLY",
+            "CLOUD_LOGGING_ONLY",
+            "NONE"
+          ],
+          "enumDescriptions": [
+            "The service determines the logging mode. The default is `LEGACY`. Do not rely on the default logging behavior as it may change in the future.",
+            "Build logs are stored in Cloud Logging and Cloud Storage.",
+            "Build logs are stored in Cloud Storage.",
+            "This option is the same as CLOUD_LOGGING_ONLY.",
+            "Build logs are stored in Cloud Logging. Selecting this option will not allow [logs streaming](https://cloud.google.com/sdk/gcloud/reference/builds/log).",
+            "Turn off all logging. No build logs will be captured."
+          ],
+          "type": "string"
+        },
+        "machineType": {
+          "description": "Compute Engine machine type on which to run the build.",
+          "enum": [
+            "UNSPECIFIED",
+            "N1_HIGHCPU_8",
+            "N1_HIGHCPU_32",
+            "E2_HIGHCPU_8",
+            "E2_HIGHCPU_32"
+          ],
+          "enumDescriptions": [
+            "Standard machine type.",
+            "Highcpu machine with 8 CPUs.",
+            "Highcpu machine with 32 CPUs.",
+            "Highcpu e2 machine with 8 CPUs.",
+            "Highcpu e2 machine with 32 CPUs."
+          ],
+          "type": "string"
+        },
+        "pool": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1BuildOptionsPoolOption",
+          "description": "Optional. Specification for execution on a `WorkerPool`. See [running builds in a private pool](https://cloud.google.com/build/docs/private-pools/run-builds-in-private-pool) for more information."
+        },
+        "requestedVerifyOption": {
+          "description": "Requested verifiability options.",
+          "enum": [
+            "NOT_VERIFIED",
+            "VERIFIED"
+          ],
+          "enumDescriptions": [
+            "Not a verifiable build. (default)",
+            "Verified build."
+          ],
+          "type": "string"
+        },
+        "secretEnv": {
+          "description": "A list of global environment variables, which are encrypted using a Cloud Key Management Service crypto key. These values must be specified in the build's `Secret`. These variables will be available to all build steps in this build.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "sourceProvenanceHash": {
+          "description": "Requested hash for SourceProvenance.",
+          "items": {
+            "enum": [
+              "NONE",
+              "SHA256",
+              "MD5"
+            ],
+            "enumDescriptions": [
+              "No hash requested.",
+              "Use a sha256 hash.",
+              "Use a md5 hash."
+            ],
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "substitutionOption": {
+          "description": "Option to specify behavior when there is an error in the substitution checks. NOTE: this is always set to ALLOW_LOOSE for triggered builds and cannot be overridden in the build configuration file.",
+          "enum": [
+            "MUST_MATCH",
+            "ALLOW_LOOSE"
+          ],
+          "enumDescriptions": [
+            "Fails the build if error in substitutions checks, like missing a substitution in the template or in the map.",
+            "Do not fail the build if error in substitutions checks."
+          ],
+          "type": "string"
+        },
+        "volumes": {
+          "description": "Global list of volumes to mount for ALL build steps Each volume is created as an empty volume prior to starting the build process. Upon completion of the build, volumes and their contents are discarded. Global volume names and paths cannot conflict with the volumes defined a build step. Using a global volume in a build with only one step is not valid as it is indicative of a build request with an incorrect configuration.",
+          "items": {
+            "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1Volume"
+          },
+          "type": "array"
+        },
+        "workerPool": {
+          "description": "This field deprecated; please use `pool.name` instead.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1BuildOptionsPoolOption": {
+      "description": "Details about how a build should be executed on a `WorkerPool`. See [running builds in a private pool](https://cloud.google.com/build/docs/private-pools/run-builds-in-private-pool) for more information.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1BuildOptionsPoolOption",
+      "properties": {
+        "name": {
+          "description": "The `WorkerPool` resource to execute the build on. You must have `cloudbuild.workerpools.use` on the project hosting the WorkerPool. Format projects/{project}/locations/{location}/workerPools/{workerPoolId}",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1BuildStep": {
+      "description": "A step in the build pipeline.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1BuildStep",
+      "properties": {
+        "args": {
+          "description": "A list of arguments that will be presented to the step when it is started. If the image used to run the step's container has an entrypoint, the `args` are used as arguments to that entrypoint. If the image does not define an entrypoint, the first element in args is used as the entrypoint, and the remainder will be used as arguments.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "dir": {
+          "description": "Working directory to use when running this step's container. If this value is a relative path, it is relative to the build's working directory. If this value is absolute, it may be outside the build's working directory, in which case the contents of the path may not be persisted across build step executions, unless a `volume` for that path is specified. If the build specifies a `RepoSource` with `dir` and a step with a `dir`, which specifies an absolute path, the `RepoSource` `dir` is ignored for the step's execution.",
+          "type": "string"
+        },
+        "entrypoint": {
+          "description": "Entrypoint to be used instead of the build step image's default entrypoint. If unset, the image's default entrypoint is used.",
+          "type": "string"
+        },
+        "env": {
+          "description": "A list of environment variable definitions to be used when running a step. The elements are of the form \"KEY=VALUE\" for the environment variable \"KEY\" being given the value \"VALUE\".",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "id": {
+          "description": "Unique identifier for this build step, used in `wait_for` to reference this build step as a dependency.",
+          "type": "string"
+        },
+        "name": {
+          "description": "Required. The name of the container image that will run this particular build step. If the image is available in the host's Docker daemon's cache, it will be run directly. If not, the host will attempt to pull the image first, using the builder service account's credentials if necessary. The Docker daemon's cache will already have the latest versions of all of the officially supported build steps ([https://github.com/GoogleCloudPlatform/cloud-builders](https://github.com/GoogleCloudPlatform/cloud-builders)). The Docker daemon will also have cached many of the layers for some popular images, like \"ubuntu\", \"debian\", but they will be refreshed at the time you attempt to use them. If you built an image in a previous build step, it will be stored in the host's Docker daemon's cache and is available to use as the name for a later build step.",
+          "type": "string"
+        },
+        "pullTiming": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1TimeSpan",
+          "description": "Output only. Stores timing information for pulling this build step's builder image only.",
+          "readOnly": true
+        },
+        "script": {
+          "description": "A shell script to be executed in the step. When script is provided, the user cannot specify the entrypoint or args.",
+          "type": "string"
+        },
+        "secretEnv": {
+          "description": "A list of environment variables which are encrypted using a Cloud Key Management Service crypto key. These values must be specified in the build's `Secret`.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "status": {
+          "description": "Output only. Status of the build step. At this time, build step status is only updated on build completion; step status is not updated in real-time as the build progresses.",
+          "enum": [
+            "STATUS_UNKNOWN",
+            "PENDING",
+            "QUEUED",
+            "WORKING",
+            "SUCCESS",
+            "FAILURE",
+            "INTERNAL_ERROR",
+            "TIMEOUT",
+            "CANCELLED",
+            "EXPIRED"
+          ],
+          "enumDescriptions": [
+            "Status of the build is unknown.",
+            "Build has been created and is pending execution and queuing. It has not been queued.",
+            "Build or step is queued; work has not yet begun.",
+            "Build or step is being executed.",
+            "Build or step finished successfully.",
+            "Build or step failed to complete successfully.",
+            "Build or step failed due to an internal cause.",
+            "Build or step took longer than was allowed.",
+            "Build or step was canceled by a user.",
+            "Build was enqueued for longer than the value of `queue_ttl`."
+          ],
+          "readOnly": true,
+          "type": "string"
+        },
+        "timeout": {
+          "description": "Time limit for executing this build step. If not defined, the step has no time limit and will be allowed to continue to run until either it completes or the build itself times out.",
+          "format": "google-duration",
+          "type": "string"
+        },
+        "timing": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1TimeSpan",
+          "description": "Output only. Stores timing information for executing this build step.",
+          "readOnly": true
+        },
+        "volumes": {
+          "description": "List of volumes to mount into the build step. Each volume is created as an empty volume prior to execution of the build step. Upon completion of the build, volumes and their contents are discarded. Using a named volume in only one step is not valid as it is indicative of a build request with an incorrect configuration.",
+          "items": {
+            "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1Volume"
+          },
+          "type": "array"
+        },
+        "waitFor": {
+          "description": "The ID(s) of the step(s) that this build step depends on. This build step will not start until all the build steps in `wait_for` have completed successfully. If `wait_for` is empty, this build step will start when all previous build steps in the `Build.Steps` list have completed successfully.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1BuildWarning": {
+      "description": "A non-fatal problem encountered during the execution of the build.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1BuildWarning",
+      "properties": {
+        "priority": {
+          "description": "The priority for this warning.",
+          "enum": [
+            "PRIORITY_UNSPECIFIED",
+            "INFO",
+            "WARNING",
+            "ALERT"
+          ],
+          "enumDescriptions": [
+            "Should not be used.",
+            "e.g. deprecation warnings and alternative feature highlights.",
+            "e.g. automated detection of possible issues with the build.",
+            "e.g. alerts that a feature used in the build is pending removal"
+          ],
+          "type": "string"
+        },
+        "text": {
+          "description": "Explanation of the warning generated.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1BuiltImage": {
+      "description": "An image built by the pipeline.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1BuiltImage",
+      "properties": {
+        "digest": {
+          "description": "Docker Registry 2.0 digest.",
+          "type": "string"
+        },
+        "name": {
+          "description": "Name used to push the container image to Google Container Registry, as presented to `docker push`.",
+          "type": "string"
+        },
+        "pushTiming": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1TimeSpan",
+          "description": "Output only. Stores timing information for pushing the specified image.",
+          "readOnly": true
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1FileHashes": {
+      "description": "Container message for hashes of byte content of files, used in SourceProvenance messages to verify integrity of source input to the build.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1FileHashes",
+      "properties": {
+        "fileHash": {
+          "description": "Collection of file hashes.",
+          "items": {
+            "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1Hash"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1Hash": {
+      "description": "Container message for hash values.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1Hash",
+      "properties": {
+        "type": {
+          "description": "The type of hash that was performed.",
+          "enum": [
+            "NONE",
+            "SHA256",
+            "MD5"
+          ],
+          "enumDescriptions": [
+            "No hash requested.",
+            "Use a sha256 hash.",
+            "Use a md5 hash."
+          ],
+          "type": "string"
+        },
+        "value": {
+          "description": "The hash value.",
+          "format": "byte",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1InlineSecret": {
+      "description": "Pairs a set of secret environment variables mapped to encrypted values with the Cloud KMS key to use to decrypt the value.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1InlineSecret",
+      "properties": {
+        "envMap": {
+          "additionalProperties": {
+            "format": "byte",
+            "type": "string"
+          },
+          "description": "Map of environment variable name to its encrypted value. Secret environment variables must be unique across all of a build's secrets, and must be used by at least one build step. Values can be at most 64 KB in size. There can be at most 100 secret values across all of a build's secrets.",
+          "type": "object"
+        },
+        "kmsKeyName": {
+          "description": "Resource name of Cloud KMS crypto key to decrypt the encrypted value. In format: projects/*/locations/*/keyRings/*/cryptoKeys/*",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1RepoSource": {
+      "description": "Location of the source in a Google Cloud Source Repository.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1RepoSource",
+      "properties": {
+        "branchName": {
+          "description": "Regex matching branches to build. The syntax of the regular expressions accepted is the syntax accepted by RE2 and described at https://github.com/google/re2/wiki/Syntax",
+          "type": "string"
+        },
+        "commitSha": {
+          "description": "Explicit commit SHA to build.",
+          "type": "string"
+        },
+        "dir": {
+          "description": "Directory, relative to the source root, in which to run the build. This must be a relative path. If a step's `dir` is specified and is an absolute path, this value is ignored for that step's execution.",
+          "type": "string"
+        },
+        "invertRegex": {
+          "description": "Only trigger a build if the revision regex does NOT match the revision regex.",
+          "type": "boolean"
+        },
+        "projectId": {
+          "description": "ID of the project that owns the Cloud Source Repository. If omitted, the project ID requesting the build is assumed.",
+          "type": "string"
+        },
+        "repoName": {
+          "description": "Name of the Cloud Source Repository.",
+          "type": "string"
+        },
+        "substitutions": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "description": "Substitutions to use in a triggered build. Should only be used with RunBuildTrigger",
+          "type": "object"
+        },
+        "tagName": {
+          "description": "Regex matching tags to build. The syntax of the regular expressions accepted is the syntax accepted by RE2 and described at https://github.com/google/re2/wiki/Syntax",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1Results": {
+      "description": "Artifacts created by the build pipeline.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1Results",
+      "properties": {
+        "artifactManifest": {
+          "description": "Path to the artifact manifest. Only populated when artifacts are uploaded.",
+          "type": "string"
+        },
+        "artifactTiming": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1TimeSpan",
+          "description": "Time to push all non-container artifacts."
+        },
+        "buildStepImages": {
+          "description": "List of build step digests, in the order corresponding to build step indices.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "buildStepOutputs": {
+          "description": "List of build step outputs, produced by builder images, in the order corresponding to build step indices. [Cloud Builders](https://cloud.google.com/cloud-build/docs/cloud-builders) can produce this output by writing to `$BUILDER_OUTPUT/output`. Only the first 4KB of data is stored.",
+          "items": {
+            "format": "byte",
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "images": {
+          "description": "Container images that were built as a part of the build.",
+          "items": {
+            "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1BuiltImage"
+          },
+          "type": "array"
+        },
+        "numArtifacts": {
+          "description": "Number of artifacts uploaded. Only populated when artifacts are uploaded.",
+          "format": "int64",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1Secret": {
+      "description": "Pairs a set of secret environment variables containing encrypted values with the Cloud KMS key to use to decrypt the value. Note: Use `kmsKeyName` with `available_secrets` instead of using `kmsKeyName` with `secret`. For instructions see: https://cloud.google.com/cloud-build/docs/securing-builds/use-encrypted-credentials.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1Secret",
+      "properties": {
+        "kmsKeyName": {
+          "description": "Cloud KMS key name to use to decrypt these envs.",
+          "type": "string"
+        },
+        "secretEnv": {
+          "additionalProperties": {
+            "format": "byte",
+            "type": "string"
+          },
+          "description": "Map of environment variable name to its encrypted value. Secret environment variables must be unique across all of a build's secrets, and must be used by at least one build step. Values can be at most 64 KB in size. There can be at most 100 secret values across all of a build's secrets.",
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1SecretManagerSecret": {
+      "description": "Pairs a secret environment variable with a SecretVersion in Secret Manager.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1SecretManagerSecret",
+      "properties": {
+        "env": {
+          "description": "Environment variable name to associate with the secret. Secret environment variables must be unique across all of a build's secrets, and must be used by at least one build step.",
+          "type": "string"
+        },
+        "versionName": {
+          "description": "Resource name of the SecretVersion. In format: projects/*/secrets/*/versions/*",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1Secrets": {
+      "description": "Secrets and secret environment variables.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1Secrets",
       "properties": {
-        "args": {
-          "description": "Command-line arguments used when executing this command.",
+        "inline": {
+          "description": "Secrets encrypted with KMS key and the associated secret environment variable.",
           "items": {
-            "type": "string"
+            "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1InlineSecret"
           },
           "type": "array"
         },
-        "dir": {
-          "description": "Working directory (relative to project source root) used when running this command.",
-          "type": "string"
-        },
-        "env": {
-          "description": "Environment variables set before running this command.",
+        "secretManager": {
+          "description": "Secrets in Secret Manager and associated secret environment variable.",
           "items": {
-            "type": "string"
+            "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1SecretManagerSecret"
           },
           "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1Source": {
+      "description": "Location of the source in a supported storage service.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1Source",
+      "properties": {
+        "repoSource": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1RepoSource",
+          "description": "If provided, get the source from this location in a Cloud Source Repository."
         },
-        "id": {
-          "description": "Optional unique identifier for this command, used in wait_for to reference this command as a dependency.",
-          "type": "string"
-        },
-        "name": {
-          "description": "Required. Name of the command, as presented on the command line, or if the command is packaged as a Docker container, as presented to `docker pull`.",
-          "type": "string"
+        "storageSource": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1StorageSource",
+          "description": "If provided, get the source from this location in Google Cloud Storage."
         },
-        "waitFor": {
-          "description": "The ID(s) of the command(s) that this command depends on.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
+        "storageSourceManifest": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1StorageSourceManifest",
+          "description": "If provided, get the source from this manifest in Google Cloud Storage. This feature is in Preview; see description [here](https://github.com/GoogleCloudPlatform/cloud-builders/tree/master/gcs-fetcher)."
         }
       },
       "type": "object"
     },
-    "Completeness": {
-      "description": "Indicates that the builder claims certain fields in this message to be complete.",
-      "id": "Completeness",
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1SourceProvenance": {
+      "description": "Provenance of the source. Ways to find the original source, or verify that some source was used for this build.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1SourceProvenance",
       "properties": {
-        "arguments": {
-          "description": "If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.",
-          "type": "boolean"
+        "fileHashes": {
+          "additionalProperties": {
+            "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1FileHashes"
+          },
+          "description": "Output only. Hash(es) of the build source, which can be used to verify that the original source integrity was maintained in the build. Note that `FileHashes` will only be populated if `BuildOptions` has requested a `SourceProvenanceHash`. The keys to this map are file paths used as build source and the values contain the hash values for those files. If the build source came in a single package such as a gzipped tarfile (`.tar.gz`), the `FileHash` will be for the single path to that file.",
+          "readOnly": true,
+          "type": "object"
         },
-        "environment": {
-          "description": "If true, the builder claims that recipe.environment is claimed to be complete.",
-          "type": "boolean"
+        "resolvedRepoSource": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1RepoSource",
+          "description": "A copy of the build's `source.repo_source`, if exists, with any revisions resolved."
         },
-        "materials": {
-          "description": "If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called \"hermetic\".",
-          "type": "boolean"
+        "resolvedStorageSource": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1StorageSource",
+          "description": "A copy of the build's `source.storage_source`, if exists, with any generations resolved."
+        },
+        "resolvedStorageSourceManifest": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1StorageSourceManifest",
+          "description": "A copy of the build's `source.storage_source_manifest`, if exists, with any revisions resolved. This feature is in Preview."
         }
       },
       "type": "object"
     },
-    "ComplianceNote": {
-      "id": "ComplianceNote",
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1StorageSource": {
+      "description": "Location of the source in an archive file in Google Cloud Storage.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1StorageSource",
       "properties": {
-        "cisBenchmark": {
-          "$ref": "CisBenchmark"
-        },
-        "description": {
-          "description": "A description about this compliance check.",
+        "bucket": {
+          "description": "Google Cloud Storage bucket containing the source (see [Bucket Name Requirements](https://cloud.google.com/storage/docs/bucket-naming#requirements)).",
           "type": "string"
         },
-        "rationale": {
-          "description": "A rationale for the existence of this compliance check.",
+        "generation": {
+          "description": "Google Cloud Storage generation for the object. If the generation is omitted, the latest generation will be used.",
+          "format": "int64",
           "type": "string"
         },
-        "remediation": {
-          "description": "A description of remediation steps if the compliance check fails.",
+        "object": {
+          "description": "Google Cloud Storage object containing the source. This object must be a zipped (`.zip`) or gzipped archive file (`.tar.gz`) containing source to build.",
           "type": "string"
-        },
-        "scanInstructions": {
-          "description": "Serialized scan instructions with a predefined format.",
-          "format": "byte",
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1StorageSourceManifest": {
+      "description": "Location of the source manifest in Google Cloud Storage. This feature is in Preview; see description [here](https://github.com/GoogleCloudPlatform/cloud-builders/tree/master/gcs-fetcher).",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1StorageSourceManifest",
+      "properties": {
+        "bucket": {
+          "description": "Google Cloud Storage bucket containing the source manifest (see [Bucket Name Requirements](https://cloud.google.com/storage/docs/bucket-naming#requirements)).",
           "type": "string"
         },
-        "title": {
-          "description": "The title that identifies this compliance check.",
+        "generation": {
+          "description": "Google Cloud Storage generation for the object. If the generation is omitted, the latest generation will be used.",
+          "format": "int64",
           "type": "string"
         },
-        "version": {
-          "description": "The OS and config versions the benchmark applies to.",
-          "items": {
-            "$ref": "ComplianceVersion"
-          },
-          "type": "array"
+        "object": {
+          "description": "Google Cloud Storage object containing the source manifest. This object must be a JSON file.",
+          "type": "string"
         }
       },
       "type": "object"
     },
-    "ComplianceOccurrence": {
-      "description": "An indication that the compliance checks in the associated ComplianceNote were not satisfied for particular resources or a specified reason.",
-      "id": "ComplianceOccurrence",
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1TimeSpan": {
+      "description": "Start and end times for a build execution phase.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1TimeSpan",
       "properties": {
-        "nonComplianceReason": {
+        "endTime": {
+          "description": "End of time span.",
+          "format": "google-datetime",
           "type": "string"
         },
-        "nonCompliantFiles": {
-          "items": {
-            "$ref": "NonCompliantFile"
-          },
-          "type": "array"
+        "startTime": {
+          "description": "Start of time span.",
+          "format": "google-datetime",
+          "type": "string"
         }
       },
       "type": "object"
     },
-    "ComplianceVersion": {
-      "description": "Describes the CIS benchmark version that is applicable to a given OS and os version.",
-      "id": "ComplianceVersion",
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1Volume": {
+      "description": "Volume describes a Docker container volume which is mounted into build steps in order to persist files across build step execution.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1Volume",
       "properties": {
-        "cpeUri": {
-          "description": "The CPE URI (https://cpe.mitre.org/specification/) this benchmark is applicable to.",
+        "name": {
+          "description": "Name of the volume to mount. Volume names must be unique per build step and must be valid names for Docker volumes. Each named volume must be used by at least two build steps.",
           "type": "string"
         },
-        "version": {
-          "description": "The version of the benchmark. This is set to the version of the OS-specific CIS document the benchmark is defined in.",
+        "path": {
+          "description": "Path at which to mount the volume. Paths must be absolute and cannot conflict with other volume paths on the same build step or with certain reserved volume paths.",
           "type": "string"
         }
       },
@@ -1606,6 +2472,7 @@
       "type": "object"
     },
     "DSSEAttestationOccurrence": {
+      "description": "Deprecated. Prefer to use a regular Occurrence, and populate the Envelope at the top level of the Occurrence.",
       "id": "DSSEAttestationOccurrence",
       "properties": {
         "envelope": {
@@ -2069,7 +2936,7 @@
       "id": "GetPolicyOptions",
       "properties": {
         "requestedPolicyVersion": {
-          "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+          "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
           "format": "int32",
           "type": "integer"
         }
@@ -2221,22 +3088,25 @@
       "description": "Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload. Envelope.payloadType is always \"application/vnd.in-toto+json\".",
       "id": "InTotoStatement",
       "properties": {
+        "_type": {
+          "description": "Always \"https://in-toto.io/Statement/v0.1\".",
+          "type": "string"
+        },
         "predicateType": {
-          "description": "\"https://in-toto.io/Provenance/v0.1\" for InTotoProvenance.",
+          "description": "\"https://slsa.dev/provenance/v0.1\" for SlsaProvenance.",
           "type": "string"
         },
         "provenance": {
           "$ref": "InTotoProvenance"
         },
+        "slsaProvenance": {
+          "$ref": "SlsaProvenance"
+        },
         "subject": {
           "items": {
             "$ref": "Subject"
           },
           "type": "array"
-        },
-        "type": {
-          "description": "Always \"https://in-toto.io/Statement/v0.1\".",
-          "type": "string"
         }
       },
       "type": "object"
@@ -2371,6 +3241,21 @@
       },
       "type": "object"
     },
+    "Material": {
+      "id": "Material",
+      "properties": {
+        "digest": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "type": "object"
+        },
+        "uri": {
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
     "Metadata": {
       "description": "Other properties of the build.",
       "id": "Metadata",
@@ -2913,6 +3798,123 @@
       },
       "type": "object"
     },
+    "SlsaBuilder": {
+      "id": "SlsaBuilder",
+      "properties": {
+        "id": {
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "SlsaCompleteness": {
+      "description": "Indicates that the builder claims certain fields in this message to be complete.",
+      "id": "SlsaCompleteness",
+      "properties": {
+        "arguments": {
+          "description": "If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.",
+          "type": "boolean"
+        },
+        "environment": {
+          "description": "If true, the builder claims that recipe.environment is claimed to be complete.",
+          "type": "boolean"
+        },
+        "materials": {
+          "description": "If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called \"hermetic\".",
+          "type": "boolean"
+        }
+      },
+      "type": "object"
+    },
+    "SlsaMetadata": {
+      "description": "Other properties of the build.",
+      "id": "SlsaMetadata",
+      "properties": {
+        "buildFinishedOn": {
+          "description": "The timestamp of when the build completed.",
+          "format": "google-datetime",
+          "type": "string"
+        },
+        "buildInvocationId": {
+          "description": "Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.",
+          "type": "string"
+        },
+        "buildStartedOn": {
+          "description": "The timestamp of when the build started.",
+          "format": "google-datetime",
+          "type": "string"
+        },
+        "completeness": {
+          "$ref": "SlsaCompleteness",
+          "description": "Indicates that the builder claims certain fields in this message to be complete."
+        },
+        "reproducible": {
+          "description": "If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.",
+          "type": "boolean"
+        }
+      },
+      "type": "object"
+    },
+    "SlsaProvenance": {
+      "id": "SlsaProvenance",
+      "properties": {
+        "builder": {
+          "$ref": "SlsaBuilder",
+          "description": "required"
+        },
+        "materials": {
+          "description": "The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.",
+          "items": {
+            "$ref": "Material"
+          },
+          "type": "array"
+        },
+        "metadata": {
+          "$ref": "SlsaMetadata"
+        },
+        "recipe": {
+          "$ref": "SlsaRecipe",
+          "description": "Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required"
+        }
+      },
+      "type": "object"
+    },
+    "SlsaRecipe": {
+      "description": "Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe.",
+      "id": "SlsaRecipe",
+      "properties": {
+        "arguments": {
+          "additionalProperties": {
+            "description": "Properties of the object. Contains field @type with type URL.",
+            "type": "any"
+          },
+          "description": "Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were \"make\", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Depending on the recipe Type, the structure may be different.",
+          "type": "object"
+        },
+        "definedInMaterial": {
+          "description": "Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were \"make\", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.",
+          "format": "int64",
+          "type": "string"
+        },
+        "entryPoint": {
+          "description": "String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were \"make\", then this would reference the directory in which to run make as well as which target to use.",
+          "type": "string"
+        },
+        "environment": {
+          "additionalProperties": {
+            "description": "Properties of the object. Contains field @type with type URL.",
+            "type": "any"
+          },
+          "description": "Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Depending on the recipe Type, the structure may be different.",
+          "type": "object"
+        },
+        "type": {
+          "description": "URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
     "Source": {
       "description": "Source describes the location of the source used for the build.",
       "id": "Source",
@@ -3002,7 +4004,7 @@
           "additionalProperties": {
             "type": "string"
           },
-          "description": "\"\": \"\"",
+          "description": "\"\": \"\" Algorithms can be e.g. sha256, sha512 See https://github.com/in-toto/attestation/blob/main/spec/field_types.md#DigestSet",
           "type": "object"
         },
         "name": {
@@ -3039,23 +4041,6 @@
       },
       "type": "object"
     },
-    "TimeSpan": {
-      "description": "Start and end times for a build execution phase.",
-      "id": "TimeSpan",
-      "properties": {
-        "endTime": {
-          "description": "End of time span.",
-          "format": "google-datetime",
-          "type": "string"
-        },
-        "startTime": {
-          "description": "Start of time span.",
-          "format": "google-datetime",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
     "UpgradeDistribution": {
       "description": "The Upgrade Distribution represents metadata about the Upgrade for each operating system (CPE). Some distributions have additional metadata around updates, classifying them into various categories and severities.",
       "id": "UpgradeDistribution",
@@ -3175,21 +4160,6 @@
       },
       "type": "object"
     },
-    "Volume": {
-      "description": "Volume describes a Docker container volume which is mounted into build steps in order to persist files across build step execution.",
-      "id": "Volume",
-      "properties": {
-        "name": {
-          "description": "Name of the volume to mount. Volume names must be unique per build step and must be valid names for Docker volumes. Each named volume must be used by at least two build steps.",
-          "type": "string"
-        },
-        "path": {
-          "description": "Path at which to mount the volume. Paths must be absolute and cannot conflict with other volume paths on the same build step or with certain reserved volume paths.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
     "VulnerabilityNote": {
       "description": "A security vulnerability that can be found in resources.",
       "id": "VulnerabilityNote",
diff --git a/googleapiclient/discovery_cache/documents/containeranalysis.v1alpha1.json b/googleapiclient/discovery_cache/documents/containeranalysis.v1alpha1.json
index d56ba18f285..c3809456d7a 100644
--- a/googleapiclient/discovery_cache/documents/containeranalysis.v1alpha1.json
+++ b/googleapiclient/discovery_cache/documents/containeranalysis.v1alpha1.json
@@ -1229,7 +1229,7 @@
       }
     }
   },
-  "revision": "20211027",
+  "revision": "20211105",
   "rootUrl": "https://containeranalysis.googleapis.com/",
   "schemas": {
     "Artifact": {
@@ -1449,9 +1449,695 @@
       },
       "type": "object"
     },
-    "BuildStep": {
+    "BuildType": {
+      "description": "Note holding the version of the provider's builder and the signature of the provenance message in linked BuildDetails.",
+      "id": "BuildType",
+      "properties": {
+        "builderVersion": {
+          "description": "Version of the builder which produced this Note.",
+          "type": "string"
+        },
+        "signature": {
+          "$ref": "BuildSignature",
+          "description": "Signature of the build in Occurrences pointing to the Note containing this `BuilderDetails`."
+        }
+      },
+      "type": "object"
+    },
+    "BuilderConfig": {
+      "id": "BuilderConfig",
+      "properties": {
+        "id": {
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "CisBenchmark": {
+      "description": "A compliance check that is a CIS benchmark.",
+      "id": "CisBenchmark",
+      "properties": {
+        "profileLevel": {
+          "description": "The profile level of this CIS benchmark check.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "severity": {
+          "description": "The severity level of this CIS benchmark check.",
+          "enum": [
+            "SEVERITY_UNSPECIFIED",
+            "MINIMAL",
+            "LOW",
+            "MEDIUM",
+            "HIGH",
+            "CRITICAL"
+          ],
+          "enumDescriptions": [
+            "Unknown Impact",
+            "Minimal Impact",
+            "Low Impact",
+            "Medium Impact",
+            "High Impact",
+            "Critical Impact"
+          ],
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "Command": {
+      "description": "Command describes a step performed as part of the build pipeline.",
+      "id": "Command",
+      "properties": {
+        "args": {
+          "description": "Command-line arguments used when executing this Command.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "dir": {
+          "description": "Working directory (relative to project source root) used when running this Command.",
+          "type": "string"
+        },
+        "env": {
+          "description": "Environment variables set before running this Command.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "id": {
+          "description": "Optional unique identifier for this Command, used in wait_for to reference this Command as a dependency.",
+          "type": "string"
+        },
+        "name": {
+          "description": "Name of the command, as presented on the command line, or if the command is packaged as a Docker container, as presented to `docker pull`.",
+          "type": "string"
+        },
+        "waitFor": {
+          "description": "The ID(s) of the Command(s) that this Command depends on.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "Completeness": {
+      "description": "Indicates that the builder claims certain fields in this message to be complete.",
+      "id": "Completeness",
+      "properties": {
+        "arguments": {
+          "description": "If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.",
+          "type": "boolean"
+        },
+        "environment": {
+          "description": "If true, the builder claims that recipe.environment is claimed to be complete.",
+          "type": "boolean"
+        },
+        "materials": {
+          "description": "If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called \"hermetic\".",
+          "type": "boolean"
+        }
+      },
+      "type": "object"
+    },
+    "ComplianceNote": {
+      "description": "ComplianceNote encapsulates all information about a specific compliance check.",
+      "id": "ComplianceNote",
+      "properties": {
+        "cisBenchmark": {
+          "$ref": "CisBenchmark",
+          "description": "Right now we only have one compliance type, but we may add additional types in the future."
+        },
+        "description": {
+          "description": "A description about this compliance check.",
+          "type": "string"
+        },
+        "rationale": {
+          "description": "A rationale for the existence of this compliance check.",
+          "type": "string"
+        },
+        "remediation": {
+          "description": "A description of remediation steps if the compliance check fails.",
+          "type": "string"
+        },
+        "scanInstructions": {
+          "description": "Serialized scan instructions with a predefined format.",
+          "format": "byte",
+          "type": "string"
+        },
+        "title": {
+          "description": "The title that identifies this compliance check.",
+          "type": "string"
+        },
+        "version": {
+          "description": "The OS and config versions the benchmark applies to.",
+          "items": {
+            "$ref": "ComplianceVersion"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "ComplianceOccurrence": {
+      "description": "An indication that the compliance checks in the associated ComplianceNote were not satisfied for particular resources or a specified reason.",
+      "id": "ComplianceOccurrence",
+      "properties": {
+        "nonComplianceReason": {
+          "description": "The reason for non compliance of these files.",
+          "type": "string"
+        },
+        "nonCompliantFiles": {
+          "description": "A list of files which are violating compliance checks.",
+          "items": {
+            "$ref": "NonCompliantFile"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "ComplianceVersion": {
+      "description": "Describes the CIS benchmark version that is applicable to a given OS and os version.",
+      "id": "ComplianceVersion",
+      "properties": {
+        "cpeUri": {
+          "description": "The CPE URI (https://cpe.mitre.org/specification/) this benchmark is applicable to.",
+          "type": "string"
+        },
+        "version": {
+          "description": "The version of the benchmark. This is set to the version of the OS-specific CIS document the benchmark is defined in.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1ApprovalConfig": {
+      "description": "ApprovalConfig describes configuration for manual approval of a build.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1ApprovalConfig",
+      "properties": {
+        "approvalRequired": {
+          "description": "Whether or not approval is needed. If this is set on a build, it will become pending when created, and will need to be explicitly approved to start.",
+          "type": "boolean"
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1ApprovalResult": {
+      "description": "ApprovalResult describes the decision and associated metadata of a manual approval of a build.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1ApprovalResult",
+      "properties": {
+        "approvalTime": {
+          "description": "Output only. The time when the approval decision was made.",
+          "format": "google-datetime",
+          "readOnly": true,
+          "type": "string"
+        },
+        "approverAccount": {
+          "description": "Output only. Email of the user that called the ApproveBuild API to approve or reject a build at the time that the API was called.",
+          "readOnly": true,
+          "type": "string"
+        },
+        "comment": {
+          "description": "Optional. An optional comment for this manual approval result.",
+          "type": "string"
+        },
+        "decision": {
+          "description": "Required. The decision of this manual approval.",
+          "enum": [
+            "DECISION_UNSPECIFIED",
+            "APPROVED",
+            "REJECTED"
+          ],
+          "enumDescriptions": [
+            "Default enum type. This should not be used.",
+            "Build is approved.",
+            "Build is rejected."
+          ],
+          "type": "string"
+        },
+        "url": {
+          "description": "Optional. An optional URL tied to this manual approval result. This field is essentially the same as comment, except that it will be rendered by the UI differently. An example use case is a link to an external job that approved this Build.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1Artifacts": {
+      "description": "Artifacts produced by a build that should be uploaded upon successful completion of all build steps.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1Artifacts",
+      "properties": {
+        "images": {
+          "description": "A list of images to be pushed upon the successful completion of all build steps. The images will be pushed using the builder service account's credentials. The digests of the pushed images will be stored in the Build resource's results field. If any of the images fail to be pushed, the build is marked FAILURE.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "objects": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1ArtifactsArtifactObjects",
+          "description": "A list of objects to be uploaded to Cloud Storage upon successful completion of all build steps. Files in the workspace matching specified paths globs will be uploaded to the specified Cloud Storage location using the builder service account's credentials. The location and generation of the uploaded objects will be stored in the Build resource's results field. If any objects fail to be pushed, the build is marked FAILURE."
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1ArtifactsArtifactObjects": {
+      "description": "Files in the workspace to upload to Cloud Storage upon successful completion of all build steps.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1ArtifactsArtifactObjects",
+      "properties": {
+        "location": {
+          "description": "Cloud Storage bucket and optional object path, in the form \"gs://bucket/path/to/somewhere/\". (see [Bucket Name Requirements](https://cloud.google.com/storage/docs/bucket-naming#requirements)). Files in the workspace matching any path pattern will be uploaded to Cloud Storage with this location as a prefix.",
+          "type": "string"
+        },
+        "paths": {
+          "description": "Path globs used to match files in the build's workspace.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "timing": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1TimeSpan",
+          "description": "Output only. Stores timing information for pushing all artifact objects.",
+          "readOnly": true
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1Build": {
+      "description": "A build resource in the Cloud Build API. At a high level, a `Build` describes where to find source code, how to build it (for example, the builder image to run on the source), and where to store the built artifacts. Fields can include the following variables, which will be expanded when the build is created: - $PROJECT_ID: the project ID of the build. - $PROJECT_NUMBER: the project number of the build. - $LOCATION: the location/region of the build. - $BUILD_ID: the autogenerated ID of the build. - $REPO_NAME: the source repository name specified by RepoSource. - $BRANCH_NAME: the branch name specified by RepoSource. - $TAG_NAME: the tag name specified by RepoSource. - $REVISION_ID or $COMMIT_SHA: the commit SHA specified by RepoSource or resolved from the specified branch or tag. - $SHORT_SHA: first 7 characters of $REVISION_ID or $COMMIT_SHA.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1Build",
+      "properties": {
+        "approval": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1BuildApproval",
+          "description": "Output only. Describes this build's approval configuration, status, and result.",
+          "readOnly": true
+        },
+        "artifacts": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1Artifacts",
+          "description": "Artifacts produced by the build that should be uploaded upon successful completion of all build steps."
+        },
+        "availableSecrets": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1Secrets",
+          "description": "Secrets and secret environment variables."
+        },
+        "buildTriggerId": {
+          "description": "Output only. The ID of the `BuildTrigger` that triggered this build, if it was triggered automatically.",
+          "readOnly": true,
+          "type": "string"
+        },
+        "createTime": {
+          "description": "Output only. Time at which the request to create the build was received.",
+          "format": "google-datetime",
+          "readOnly": true,
+          "type": "string"
+        },
+        "failureInfo": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1BuildFailureInfo",
+          "description": "Output only. Contains information about the build when status=FAILURE.",
+          "readOnly": true
+        },
+        "finishTime": {
+          "description": "Output only. Time at which execution of the build was finished. The difference between finish_time and start_time is the duration of the build's execution.",
+          "format": "google-datetime",
+          "readOnly": true,
+          "type": "string"
+        },
+        "id": {
+          "description": "Output only. Unique identifier of the build.",
+          "readOnly": true,
+          "type": "string"
+        },
+        "images": {
+          "description": "A list of images to be pushed upon the successful completion of all build steps. The images are pushed using the builder service account's credentials. The digests of the pushed images will be stored in the `Build` resource's results field. If any of the images fail to be pushed, the build status is marked `FAILURE`.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "logUrl": {
+          "description": "Output only. URL to logs for this build in Google Cloud Console.",
+          "readOnly": true,
+          "type": "string"
+        },
+        "logsBucket": {
+          "description": "Google Cloud Storage bucket where logs should be written (see [Bucket Name Requirements](https://cloud.google.com/storage/docs/bucket-naming#requirements)). Logs file names will be of the format `${logs_bucket}/log-${build_id}.txt`.",
+          "type": "string"
+        },
+        "name": {
+          "description": "Output only. The 'Build' name with format: `projects/{project}/locations/{location}/builds/{build}`, where {build} is a unique identifier generated by the service.",
+          "readOnly": true,
+          "type": "string"
+        },
+        "options": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1BuildOptions",
+          "description": "Special options for this build."
+        },
+        "projectId": {
+          "description": "Output only. ID of the project.",
+          "readOnly": true,
+          "type": "string"
+        },
+        "queueTtl": {
+          "description": "TTL in queue for this build. If provided and the build is enqueued longer than this value, the build will expire and the build status will be `EXPIRED`. The TTL starts ticking from create_time.",
+          "format": "google-duration",
+          "type": "string"
+        },
+        "results": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1Results",
+          "description": "Output only. Results of the build.",
+          "readOnly": true
+        },
+        "secrets": {
+          "description": "Secrets to decrypt using Cloud Key Management Service. Note: Secret Manager is the recommended technique for managing sensitive data with Cloud Build. Use `available_secrets` to configure builds to access secrets from Secret Manager. For instructions, see: https://cloud.google.com/cloud-build/docs/securing-builds/use-secrets",
+          "items": {
+            "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1Secret"
+          },
+          "type": "array"
+        },
+        "serviceAccount": {
+          "description": "IAM service account whose credentials will be used at build runtime. Must be of the format `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`. ACCOUNT can be email address or uniqueId of the service account. ",
+          "type": "string"
+        },
+        "source": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1Source",
+          "description": "The location of the source files to build."
+        },
+        "sourceProvenance": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1SourceProvenance",
+          "description": "Output only. A permanent fixed identifier for source.",
+          "readOnly": true
+        },
+        "startTime": {
+          "description": "Output only. Time at which execution of the build was started.",
+          "format": "google-datetime",
+          "readOnly": true,
+          "type": "string"
+        },
+        "status": {
+          "description": "Output only. Status of the build.",
+          "enum": [
+            "STATUS_UNKNOWN",
+            "PENDING",
+            "QUEUED",
+            "WORKING",
+            "SUCCESS",
+            "FAILURE",
+            "INTERNAL_ERROR",
+            "TIMEOUT",
+            "CANCELLED",
+            "EXPIRED"
+          ],
+          "enumDescriptions": [
+            "Status of the build is unknown.",
+            "Build has been created and is pending execution and queuing. It has not been queued.",
+            "Build or step is queued; work has not yet begun.",
+            "Build or step is being executed.",
+            "Build or step finished successfully.",
+            "Build or step failed to complete successfully.",
+            "Build or step failed due to an internal cause.",
+            "Build or step took longer than was allowed.",
+            "Build or step was canceled by a user.",
+            "Build was enqueued for longer than the value of `queue_ttl`."
+          ],
+          "readOnly": true,
+          "type": "string"
+        },
+        "statusDetail": {
+          "description": "Output only. Customer-readable message about the current status.",
+          "readOnly": true,
+          "type": "string"
+        },
+        "steps": {
+          "description": "Required. The operations to be performed on the workspace.",
+          "items": {
+            "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1BuildStep"
+          },
+          "type": "array"
+        },
+        "substitutions": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "description": "Substitutions data for `Build` resource.",
+          "type": "object"
+        },
+        "tags": {
+          "description": "Tags for annotation of a `Build`. These are not docker tags.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "timeout": {
+          "description": "Amount of time that this build should be allowed to run, to second granularity. If this amount of time elapses, work on the build will cease and the build status will be `TIMEOUT`. `timeout` starts ticking from `startTime`. Default time is ten minutes.",
+          "format": "google-duration",
+          "type": "string"
+        },
+        "timing": {
+          "additionalProperties": {
+            "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1TimeSpan"
+          },
+          "description": "Output only. Stores timing information for phases of the build. Valid keys are: * BUILD: time to execute all build steps. * PUSH: time to push all specified images. * FETCHSOURCE: time to fetch source. * SETUPBUILD: time to set up build. If the build does not specify source or images, these keys will not be included.",
+          "readOnly": true,
+          "type": "object"
+        },
+        "warnings": {
+          "description": "Output only. Non-fatal problems encountered during the execution of the build.",
+          "items": {
+            "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1BuildWarning"
+          },
+          "readOnly": true,
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1BuildApproval": {
+      "description": "BuildApproval describes a build's approval configuration, state, and result.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1BuildApproval",
+      "properties": {
+        "config": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1ApprovalConfig",
+          "description": "Output only. Configuration for manual approval of this build.",
+          "readOnly": true
+        },
+        "result": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1ApprovalResult",
+          "description": "Output only. Result of manual approval for this Build.",
+          "readOnly": true
+        },
+        "state": {
+          "description": "Output only. The state of this build's approval.",
+          "enum": [
+            "STATE_UNSPECIFIED",
+            "PENDING",
+            "APPROVED",
+            "REJECTED",
+            "CANCELLED"
+          ],
+          "enumDescriptions": [
+            "Default enum type. This should not be used.",
+            "Build approval is pending.",
+            "Build approval has been approved.",
+            "Build approval has been rejected.",
+            "Build was cancelled while it was still pending approval."
+          ],
+          "readOnly": true,
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1BuildFailureInfo": {
+      "description": "A fatal problem encountered during the execution of the build.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1BuildFailureInfo",
+      "properties": {
+        "detail": {
+          "description": "Explains the failure issue in more detail using hard-coded text.",
+          "type": "string"
+        },
+        "type": {
+          "description": "The name of the failure.",
+          "enum": [
+            "FAILURE_TYPE_UNSPECIFIED",
+            "PUSH_FAILED",
+            "PUSH_IMAGE_NOT_FOUND",
+            "PUSH_NOT_AUTHORIZED",
+            "LOGGING_FAILURE",
+            "USER_BUILD_STEP",
+            "FETCH_SOURCE_FAILED"
+          ],
+          "enumDescriptions": [
+            "Type unspecified",
+            "Unable to push the image to the repository.",
+            "Final image not found.",
+            "Unauthorized push of the final image.",
+            "Backend logging failures. Should retry.",
+            "A build step has failed.",
+            "The source fetching has failed."
+          ],
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1BuildOptions": {
+      "description": "Optional arguments to enable specific features of builds.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1BuildOptions",
+      "properties": {
+        "diskSizeGb": {
+          "description": "Requested disk size for the VM that runs the build. Note that this is *NOT* \"disk free\"; some of the space will be used by the operating system and build utilities. Also note that this is the minimum disk size that will be allocated for the build -- the build may run with a larger disk than requested. At present, the maximum disk size is 1000GB; builds that request more than the maximum are rejected with an error.",
+          "format": "int64",
+          "type": "string"
+        },
+        "dynamicSubstitutions": {
+          "description": "Option to specify whether or not to apply bash style string operations to the substitutions. NOTE: this is always enabled for triggered builds and cannot be overridden in the build configuration file.",
+          "type": "boolean"
+        },
+        "env": {
+          "description": "A list of global environment variable definitions that will exist for all build steps in this build. If a variable is defined in both globally and in a build step, the variable will use the build step value. The elements are of the form \"KEY=VALUE\" for the environment variable \"KEY\" being given the value \"VALUE\".",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "logStreamingOption": {
+          "description": "Option to define build log streaming behavior to Google Cloud Storage.",
+          "enum": [
+            "STREAM_DEFAULT",
+            "STREAM_ON",
+            "STREAM_OFF"
+          ],
+          "enumDescriptions": [
+            "Service may automatically determine build log streaming behavior.",
+            "Build logs should be streamed to Google Cloud Storage.",
+            "Build logs should not be streamed to Google Cloud Storage; they will be written when the build is completed."
+          ],
+          "type": "string"
+        },
+        "logging": {
+          "description": "Option to specify the logging mode, which determines if and where build logs are stored.",
+          "enum": [
+            "LOGGING_UNSPECIFIED",
+            "LEGACY",
+            "GCS_ONLY",
+            "STACKDRIVER_ONLY",
+            "CLOUD_LOGGING_ONLY",
+            "NONE"
+          ],
+          "enumDescriptions": [
+            "The service determines the logging mode. The default is `LEGACY`. Do not rely on the default logging behavior as it may change in the future.",
+            "Build logs are stored in Cloud Logging and Cloud Storage.",
+            "Build logs are stored in Cloud Storage.",
+            "This option is the same as CLOUD_LOGGING_ONLY.",
+            "Build logs are stored in Cloud Logging. Selecting this option will not allow [logs streaming](https://cloud.google.com/sdk/gcloud/reference/builds/log).",
+            "Turn off all logging. No build logs will be captured."
+          ],
+          "type": "string"
+        },
+        "machineType": {
+          "description": "Compute Engine machine type on which to run the build.",
+          "enum": [
+            "UNSPECIFIED",
+            "N1_HIGHCPU_8",
+            "N1_HIGHCPU_32",
+            "E2_HIGHCPU_8",
+            "E2_HIGHCPU_32"
+          ],
+          "enumDescriptions": [
+            "Standard machine type.",
+            "Highcpu machine with 8 CPUs.",
+            "Highcpu machine with 32 CPUs.",
+            "Highcpu e2 machine with 8 CPUs.",
+            "Highcpu e2 machine with 32 CPUs."
+          ],
+          "type": "string"
+        },
+        "pool": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1BuildOptionsPoolOption",
+          "description": "Optional. Specification for execution on a `WorkerPool`. See [running builds in a private pool](https://cloud.google.com/build/docs/private-pools/run-builds-in-private-pool) for more information."
+        },
+        "requestedVerifyOption": {
+          "description": "Requested verifiability options.",
+          "enum": [
+            "NOT_VERIFIED",
+            "VERIFIED"
+          ],
+          "enumDescriptions": [
+            "Not a verifiable build. (default)",
+            "Verified build."
+          ],
+          "type": "string"
+        },
+        "secretEnv": {
+          "description": "A list of global environment variables, which are encrypted using a Cloud Key Management Service crypto key. These values must be specified in the build's `Secret`. These variables will be available to all build steps in this build.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "sourceProvenanceHash": {
+          "description": "Requested hash for SourceProvenance.",
+          "items": {
+            "enum": [
+              "NONE",
+              "SHA256",
+              "MD5"
+            ],
+            "enumDescriptions": [
+              "No hash requested.",
+              "Use a sha256 hash.",
+              "Use a md5 hash."
+            ],
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "substitutionOption": {
+          "description": "Option to specify behavior when there is an error in the substitution checks. NOTE: this is always set to ALLOW_LOOSE for triggered builds and cannot be overridden in the build configuration file.",
+          "enum": [
+            "MUST_MATCH",
+            "ALLOW_LOOSE"
+          ],
+          "enumDescriptions": [
+            "Fails the build if error in substitutions checks, like missing a substitution in the template or in the map.",
+            "Do not fail the build if error in substitutions checks."
+          ],
+          "type": "string"
+        },
+        "volumes": {
+          "description": "Global list of volumes to mount for ALL build steps Each volume is created as an empty volume prior to starting the build process. Upon completion of the build, volumes and their contents are discarded. Global volume names and paths cannot conflict with the volumes defined a build step. Using a global volume in a build with only one step is not valid as it is indicative of a build request with an incorrect configuration.",
+          "items": {
+            "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1Volume"
+          },
+          "type": "array"
+        },
+        "workerPool": {
+          "description": "This field deprecated; please use `pool.name` instead.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1BuildOptionsPoolOption": {
+      "description": "Details about how a build should be executed on a `WorkerPool`. See [running builds in a private pool](https://cloud.google.com/build/docs/private-pools/run-builds-in-private-pool) for more information.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1BuildOptionsPoolOption",
+      "properties": {
+        "name": {
+          "description": "The `WorkerPool` resource to execute the build on. You must have `cloudbuild.workerpools.use` on the project hosting the WorkerPool. Format projects/{project}/locations/{location}/workerPools/{workerPoolId}",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1BuildStep": {
       "description": "A step in the build pipeline.",
-      "id": "BuildStep",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1BuildStep",
       "properties": {
         "args": {
           "description": "A list of arguments that will be presented to the step when it is started. If the image used to run the step's container has an entrypoint, the `args` are used as arguments to that entrypoint. If the image does not define an entrypoint, the first element in args is used as the entrypoint, and the remainder will be used as arguments.",
@@ -1484,7 +2170,7 @@
           "type": "string"
         },
         "pullTiming": {
-          "$ref": "TimeSpan",
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1TimeSpan",
           "description": "Output only. Stores timing information for pulling this build step's builder image only.",
           "readOnly": true
         },
@@ -1534,14 +2220,14 @@
           "type": "string"
         },
         "timing": {
-          "$ref": "TimeSpan",
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1TimeSpan",
           "description": "Output only. Stores timing information for executing this build step.",
           "readOnly": true
         },
         "volumes": {
           "description": "List of volumes to mount into the build step. Each volume is created as an empty volume prior to execution of the build step. Upon completion of the build, volumes and their contents are discarded. Using a named volume in only one step is not valid as it is indicative of a build request with an incorrect configuration.",
           "items": {
-            "$ref": "Volume"
+            "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1Volume"
           },
           "type": "array"
         },
@@ -1555,188 +2241,364 @@
       },
       "type": "object"
     },
-    "BuildType": {
-      "description": "Note holding the version of the provider's builder and the signature of the provenance message in linked BuildDetails.",
-      "id": "BuildType",
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1BuildWarning": {
+      "description": "A non-fatal problem encountered during the execution of the build.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1BuildWarning",
       "properties": {
-        "builderVersion": {
-          "description": "Version of the builder which produced this Note.",
+        "priority": {
+          "description": "The priority for this warning.",
+          "enum": [
+            "PRIORITY_UNSPECIFIED",
+            "INFO",
+            "WARNING",
+            "ALERT"
+          ],
+          "enumDescriptions": [
+            "Should not be used.",
+            "e.g. deprecation warnings and alternative feature highlights.",
+            "e.g. automated detection of possible issues with the build.",
+            "e.g. alerts that a feature used in the build is pending removal"
+          ],
           "type": "string"
         },
-        "signature": {
-          "$ref": "BuildSignature",
-          "description": "Signature of the build in Occurrences pointing to the Note containing this `BuilderDetails`."
+        "text": {
+          "description": "Explanation of the warning generated.",
+          "type": "string"
         }
       },
       "type": "object"
     },
-    "BuilderConfig": {
-      "id": "BuilderConfig",
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1BuiltImage": {
+      "description": "An image built by the pipeline.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1BuiltImage",
       "properties": {
-        "id": {
+        "digest": {
+          "description": "Docker Registry 2.0 digest.",
+          "type": "string"
+        },
+        "name": {
+          "description": "Name used to push the container image to Google Container Registry, as presented to `docker push`.",
           "type": "string"
+        },
+        "pushTiming": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1TimeSpan",
+          "description": "Output only. Stores timing information for pushing the specified image.",
+          "readOnly": true
         }
       },
       "type": "object"
     },
-    "CisBenchmark": {
-      "description": "A compliance check that is a CIS benchmark.",
-      "id": "CisBenchmark",
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1FileHashes": {
+      "description": "Container message for hashes of byte content of files, used in SourceProvenance messages to verify integrity of source input to the build.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1FileHashes",
       "properties": {
-        "profileLevel": {
-          "description": "The profile level of this CIS benchmark check.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "severity": {
-          "description": "The severity level of this CIS benchmark check.",
+        "fileHash": {
+          "description": "Collection of file hashes.",
+          "items": {
+            "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1Hash"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1Hash": {
+      "description": "Container message for hash values.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1Hash",
+      "properties": {
+        "type": {
+          "description": "The type of hash that was performed.",
           "enum": [
-            "SEVERITY_UNSPECIFIED",
-            "MINIMAL",
-            "LOW",
-            "MEDIUM",
-            "HIGH",
-            "CRITICAL"
+            "NONE",
+            "SHA256",
+            "MD5"
           ],
           "enumDescriptions": [
-            "Unknown Impact",
-            "Minimal Impact",
-            "Low Impact",
-            "Medium Impact",
-            "High Impact",
-            "Critical Impact"
+            "No hash requested.",
+            "Use a sha256 hash.",
+            "Use a md5 hash."
           ],
           "type": "string"
+        },
+        "value": {
+          "description": "The hash value.",
+          "format": "byte",
+          "type": "string"
         }
       },
       "type": "object"
     },
-    "Command": {
-      "description": "Command describes a step performed as part of the build pipeline.",
-      "id": "Command",
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1InlineSecret": {
+      "description": "Pairs a set of secret environment variables mapped to encrypted values with the Cloud KMS key to use to decrypt the value.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1InlineSecret",
       "properties": {
-        "args": {
-          "description": "Command-line arguments used when executing this Command.",
-          "items": {
+        "envMap": {
+          "additionalProperties": {
+            "format": "byte",
             "type": "string"
           },
-          "type": "array"
+          "description": "Map of environment variable name to its encrypted value. Secret environment variables must be unique across all of a build's secrets, and must be used by at least one build step. Values can be at most 64 KB in size. There can be at most 100 secret values across all of a build's secrets.",
+          "type": "object"
+        },
+        "kmsKeyName": {
+          "description": "Resource name of Cloud KMS crypto key to decrypt the encrypted value. In format: projects/*/locations/*/keyRings/*/cryptoKeys/*",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1RepoSource": {
+      "description": "Location of the source in a Google Cloud Source Repository.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1RepoSource",
+      "properties": {
+        "branchName": {
+          "description": "Regex matching branches to build. The syntax of the regular expressions accepted is the syntax accepted by RE2 and described at https://github.com/google/re2/wiki/Syntax",
+          "type": "string"
+        },
+        "commitSha": {
+          "description": "Explicit commit SHA to build.",
+          "type": "string"
         },
         "dir": {
-          "description": "Working directory (relative to project source root) used when running this Command.",
+          "description": "Directory, relative to the source root, in which to run the build. This must be a relative path. If a step's `dir` is specified and is an absolute path, this value is ignored for that step's execution.",
           "type": "string"
         },
-        "env": {
-          "description": "Environment variables set before running this Command.",
+        "invertRegex": {
+          "description": "Only trigger a build if the revision regex does NOT match the revision regex.",
+          "type": "boolean"
+        },
+        "projectId": {
+          "description": "ID of the project that owns the Cloud Source Repository. If omitted, the project ID requesting the build is assumed.",
+          "type": "string"
+        },
+        "repoName": {
+          "description": "Name of the Cloud Source Repository.",
+          "type": "string"
+        },
+        "substitutions": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "description": "Substitutions to use in a triggered build. Should only be used with RunBuildTrigger",
+          "type": "object"
+        },
+        "tagName": {
+          "description": "Regex matching tags to build. The syntax of the regular expressions accepted is the syntax accepted by RE2 and described at https://github.com/google/re2/wiki/Syntax",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1Results": {
+      "description": "Artifacts created by the build pipeline.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1Results",
+      "properties": {
+        "artifactManifest": {
+          "description": "Path to the artifact manifest. Only populated when artifacts are uploaded.",
+          "type": "string"
+        },
+        "artifactTiming": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1TimeSpan",
+          "description": "Time to push all non-container artifacts."
+        },
+        "buildStepImages": {
+          "description": "List of build step digests, in the order corresponding to build step indices.",
           "items": {
             "type": "string"
           },
           "type": "array"
         },
-        "id": {
-          "description": "Optional unique identifier for this Command, used in wait_for to reference this Command as a dependency.",
+        "buildStepOutputs": {
+          "description": "List of build step outputs, produced by builder images, in the order corresponding to build step indices. [Cloud Builders](https://cloud.google.com/cloud-build/docs/cloud-builders) can produce this output by writing to `$BUILDER_OUTPUT/output`. Only the first 4KB of data is stored.",
+          "items": {
+            "format": "byte",
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "images": {
+          "description": "Container images that were built as a part of the build.",
+          "items": {
+            "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1BuiltImage"
+          },
+          "type": "array"
+        },
+        "numArtifacts": {
+          "description": "Number of artifacts uploaded. Only populated when artifacts are uploaded.",
+          "format": "int64",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1Secret": {
+      "description": "Pairs a set of secret environment variables containing encrypted values with the Cloud KMS key to use to decrypt the value. Note: Use `kmsKeyName` with `available_secrets` instead of using `kmsKeyName` with `secret`. For instructions see: https://cloud.google.com/cloud-build/docs/securing-builds/use-encrypted-credentials.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1Secret",
+      "properties": {
+        "kmsKeyName": {
+          "description": "Cloud KMS key name to use to decrypt these envs.",
+          "type": "string"
+        },
+        "secretEnv": {
+          "additionalProperties": {
+            "format": "byte",
+            "type": "string"
+          },
+          "description": "Map of environment variable name to its encrypted value. Secret environment variables must be unique across all of a build's secrets, and must be used by at least one build step. Values can be at most 64 KB in size. There can be at most 100 secret values across all of a build's secrets.",
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1SecretManagerSecret": {
+      "description": "Pairs a secret environment variable with a SecretVersion in Secret Manager.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1SecretManagerSecret",
+      "properties": {
+        "env": {
+          "description": "Environment variable name to associate with the secret. Secret environment variables must be unique across all of a build's secrets, and must be used by at least one build step.",
           "type": "string"
         },
-        "name": {
-          "description": "Name of the command, as presented on the command line, or if the command is packaged as a Docker container, as presented to `docker pull`.",
+        "versionName": {
+          "description": "Resource name of the SecretVersion. In format: projects/*/secrets/*/versions/*",
           "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1Secrets": {
+      "description": "Secrets and secret environment variables.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1Secrets",
+      "properties": {
+        "inline": {
+          "description": "Secrets encrypted with KMS key and the associated secret environment variable.",
+          "items": {
+            "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1InlineSecret"
+          },
+          "type": "array"
         },
-        "waitFor": {
-          "description": "The ID(s) of the Command(s) that this Command depends on.",
+        "secretManager": {
+          "description": "Secrets in Secret Manager and associated secret environment variable.",
           "items": {
-            "type": "string"
+            "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1SecretManagerSecret"
           },
           "type": "array"
         }
       },
       "type": "object"
     },
-    "Completeness": {
-      "description": "Indicates that the builder claims certain fields in this message to be complete.",
-      "id": "Completeness",
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1Source": {
+      "description": "Location of the source in a supported storage service.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1Source",
       "properties": {
-        "arguments": {
-          "description": "If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.",
-          "type": "boolean"
+        "repoSource": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1RepoSource",
+          "description": "If provided, get the source from this location in a Cloud Source Repository."
         },
-        "environment": {
-          "description": "If true, the builder claims that recipe.environment is claimed to be complete.",
-          "type": "boolean"
+        "storageSource": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1StorageSource",
+          "description": "If provided, get the source from this location in Google Cloud Storage."
         },
-        "materials": {
-          "description": "If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called \"hermetic\".",
-          "type": "boolean"
+        "storageSourceManifest": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1StorageSourceManifest",
+          "description": "If provided, get the source from this manifest in Google Cloud Storage. This feature is in Preview; see description [here](https://github.com/GoogleCloudPlatform/cloud-builders/tree/master/gcs-fetcher)."
         }
       },
       "type": "object"
     },
-    "ComplianceNote": {
-      "description": "ComplianceNote encapsulates all information about a specific compliance check.",
-      "id": "ComplianceNote",
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1SourceProvenance": {
+      "description": "Provenance of the source. Ways to find the original source, or verify that some source was used for this build.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1SourceProvenance",
       "properties": {
-        "cisBenchmark": {
-          "$ref": "CisBenchmark",
-          "description": "Right now we only have one compliance type, but we may add additional types in the future."
+        "fileHashes": {
+          "additionalProperties": {
+            "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1FileHashes"
+          },
+          "description": "Output only. Hash(es) of the build source, which can be used to verify that the original source integrity was maintained in the build. Note that `FileHashes` will only be populated if `BuildOptions` has requested a `SourceProvenanceHash`. The keys to this map are file paths used as build source and the values contain the hash values for those files. If the build source came in a single package such as a gzipped tarfile (`.tar.gz`), the `FileHash` will be for the single path to that file.",
+          "readOnly": true,
+          "type": "object"
         },
-        "description": {
-          "description": "A description about this compliance check.",
-          "type": "string"
+        "resolvedRepoSource": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1RepoSource",
+          "description": "A copy of the build's `source.repo_source`, if exists, with any revisions resolved."
         },
-        "rationale": {
-          "description": "A rationale for the existence of this compliance check.",
+        "resolvedStorageSource": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1StorageSource",
+          "description": "A copy of the build's `source.storage_source`, if exists, with any generations resolved."
+        },
+        "resolvedStorageSourceManifest": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1StorageSourceManifest",
+          "description": "A copy of the build's `source.storage_source_manifest`, if exists, with any revisions resolved. This feature is in Preview."
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1StorageSource": {
+      "description": "Location of the source in an archive file in Google Cloud Storage.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1StorageSource",
+      "properties": {
+        "bucket": {
+          "description": "Google Cloud Storage bucket containing the source (see [Bucket Name Requirements](https://cloud.google.com/storage/docs/bucket-naming#requirements)).",
           "type": "string"
         },
-        "remediation": {
-          "description": "A description of remediation steps if the compliance check fails.",
+        "generation": {
+          "description": "Google Cloud Storage generation for the object. If the generation is omitted, the latest generation will be used.",
+          "format": "int64",
           "type": "string"
         },
-        "scanInstructions": {
-          "description": "Serialized scan instructions with a predefined format.",
-          "format": "byte",
+        "object": {
+          "description": "Google Cloud Storage object containing the source. This object must be a zipped (`.zip`) or gzipped archive file (`.tar.gz`) containing source to build.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1StorageSourceManifest": {
+      "description": "Location of the source manifest in Google Cloud Storage. This feature is in Preview; see description [here](https://github.com/GoogleCloudPlatform/cloud-builders/tree/master/gcs-fetcher).",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1StorageSourceManifest",
+      "properties": {
+        "bucket": {
+          "description": "Google Cloud Storage bucket containing the source manifest (see [Bucket Name Requirements](https://cloud.google.com/storage/docs/bucket-naming#requirements)).",
           "type": "string"
         },
-        "title": {
-          "description": "The title that identifies this compliance check.",
+        "generation": {
+          "description": "Google Cloud Storage generation for the object. If the generation is omitted, the latest generation will be used.",
+          "format": "int64",
           "type": "string"
         },
-        "version": {
-          "description": "The OS and config versions the benchmark applies to.",
-          "items": {
-            "$ref": "ComplianceVersion"
-          },
-          "type": "array"
+        "object": {
+          "description": "Google Cloud Storage object containing the source manifest. This object must be a JSON file.",
+          "type": "string"
         }
       },
       "type": "object"
     },
-    "ComplianceOccurrence": {
-      "description": "An indication that the compliance checks in the associated ComplianceNote were not satisfied for particular resources or a specified reason.",
-      "id": "ComplianceOccurrence",
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1TimeSpan": {
+      "description": "Start and end times for a build execution phase.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1TimeSpan",
       "properties": {
-        "nonComplianceReason": {
-          "description": "The reason for non compliance of these files.",
+        "endTime": {
+          "description": "End of time span.",
+          "format": "google-datetime",
           "type": "string"
         },
-        "nonCompliantFiles": {
-          "description": "A list of files which are violating compliance checks.",
-          "items": {
-            "$ref": "NonCompliantFile"
-          },
-          "type": "array"
+        "startTime": {
+          "description": "Start of time span.",
+          "format": "google-datetime",
+          "type": "string"
         }
       },
       "type": "object"
     },
-    "ComplianceVersion": {
-      "description": "Describes the CIS benchmark version that is applicable to a given OS and os version.",
-      "id": "ComplianceVersion",
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1Volume": {
+      "description": "Volume describes a Docker container volume which is mounted into build steps in order to persist files across build step execution.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1Volume",
       "properties": {
-        "cpeUri": {
-          "description": "The CPE URI (https://cpe.mitre.org/specification/) this benchmark is applicable to.",
+        "name": {
+          "description": "Name of the volume to mount. Volume names must be unique per build step and must be valid names for Docker volumes. Each named volume must be used by at least two build steps.",
           "type": "string"
         },
-        "version": {
-          "description": "The version of the benchmark. This is set to the version of the OS-specific CIS document the benchmark is defined in.",
+        "path": {
+          "description": "Path at which to mount the volume. Paths must be absolute and cannot conflict with other volume paths on the same build step or with certain reserved volume paths.",
           "type": "string"
         }
       },
@@ -2396,7 +3258,7 @@
       "id": "GetPolicyOptions",
       "properties": {
         "requestedPolicyVersion": {
-          "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+          "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
           "format": "int32",
           "type": "integer"
         }
@@ -2626,22 +3488,28 @@
       "description": "Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload. Envelope.payloadType is always \"application/vnd.in-toto+json\".",
       "id": "InTotoStatement",
       "properties": {
+        "_type": {
+          "description": "Always \"https://in-toto.io/Statement/v0.1\".",
+          "type": "string"
+        },
         "predicateType": {
-          "description": "\"https://in-toto.io/Provenance/v0.1\" for InTotoProvenance.",
+          "description": "\"https://slsa.dev/provenance/v0.1\" for SlsaProvenance.",
           "type": "string"
         },
         "provenance": {
-          "$ref": "InTotoProvenance"
+          "$ref": "InTotoProvenance",
+          "description": "provenance is a predicate of type intotoprovenance"
+        },
+        "slsaProvenance": {
+          "$ref": "SlsaProvenance",
+          "description": "slsa_provenance is a predicate of type slsaProvenance"
         },
         "subject": {
+          "description": "subject is the subjects of the intoto statement",
           "items": {
             "$ref": "Subject"
           },
           "type": "array"
-        },
-        "type": {
-          "description": "Always \"https://in-toto.io/Statement/v0.1\".",
-          "type": "string"
         }
       },
       "type": "object"
@@ -2825,6 +3693,24 @@
       },
       "type": "object"
     },
+    "Material": {
+      "description": "Material is a material used in the generation of the provenance",
+      "id": "Material",
+      "properties": {
+        "digest": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "description": "digest is a map from a hash algorithm (e.g. sha256) to the value in the material",
+          "type": "object"
+        },
+        "uri": {
+          "description": "uri is the uri of the material",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
     "Metadata": {
       "description": "Other properties of the build.",
       "id": "Metadata",
@@ -3817,6 +4703,127 @@
       },
       "type": "object"
     },
+    "SlsaBuilder": {
+      "description": "SlsaBuilder encapsulates the identity of the builder of this provenance.",
+      "id": "SlsaBuilder",
+      "properties": {
+        "id": {
+          "description": "id is the id of the slsa provenance builder",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "SlsaCompleteness": {
+      "description": "Indicates that the builder claims certain fields in this message to be complete.",
+      "id": "SlsaCompleteness",
+      "properties": {
+        "arguments": {
+          "description": "If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.",
+          "type": "boolean"
+        },
+        "environment": {
+          "description": "If true, the builder claims that recipe.environment is claimed to be complete.",
+          "type": "boolean"
+        },
+        "materials": {
+          "description": "If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called \"hermetic\".",
+          "type": "boolean"
+        }
+      },
+      "type": "object"
+    },
+    "SlsaMetadata": {
+      "description": "Other properties of the build.",
+      "id": "SlsaMetadata",
+      "properties": {
+        "buildFinishedOn": {
+          "description": "The timestamp of when the build completed.",
+          "format": "google-datetime",
+          "type": "string"
+        },
+        "buildInvocationId": {
+          "description": "Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.",
+          "type": "string"
+        },
+        "buildStartedOn": {
+          "description": "The timestamp of when the build started.",
+          "format": "google-datetime",
+          "type": "string"
+        },
+        "completeness": {
+          "$ref": "SlsaCompleteness",
+          "description": "Indicates that the builder claims certain fields in this message to be complete."
+        },
+        "reproducible": {
+          "description": "If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.",
+          "type": "boolean"
+        }
+      },
+      "type": "object"
+    },
+    "SlsaProvenance": {
+      "description": "SlsaProvenance is the slsa provenance as defined by the slsa spec.",
+      "id": "SlsaProvenance",
+      "properties": {
+        "builder": {
+          "$ref": "SlsaBuilder",
+          "description": "builder is the builder of this provenance"
+        },
+        "materials": {
+          "description": "The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.",
+          "items": {
+            "$ref": "Material"
+          },
+          "type": "array"
+        },
+        "metadata": {
+          "$ref": "SlsaMetadata",
+          "description": "metadata is the metadata of the provenance"
+        },
+        "recipe": {
+          "$ref": "SlsaRecipe",
+          "description": "Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible)."
+        }
+      },
+      "type": "object"
+    },
+    "SlsaRecipe": {
+      "description": "Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe.",
+      "id": "SlsaRecipe",
+      "properties": {
+        "arguments": {
+          "additionalProperties": {
+            "description": "Properties of the object. Contains field @type with type URL.",
+            "type": "any"
+          },
+          "description": "Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were \"make\", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Depending on the recipe Type, the structure may be different.",
+          "type": "object"
+        },
+        "definedInMaterial": {
+          "description": "Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were \"make\", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.",
+          "format": "int64",
+          "type": "string"
+        },
+        "entryPoint": {
+          "description": "String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were \"make\", then this would reference the directory in which to run make as well as which target to use.",
+          "type": "string"
+        },
+        "environment": {
+          "additionalProperties": {
+            "description": "Properties of the object. Contains field @type with type URL.",
+            "type": "any"
+          },
+          "description": "Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Depending on the recipe Type, the structure may be different.",
+          "type": "object"
+        },
+        "type": {
+          "description": "URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
     "Source": {
       "description": "Source describes the location of the source used for the build.",
       "id": "Source",
@@ -3902,16 +4909,18 @@
       "type": "object"
     },
     "Subject": {
+      "description": "Subject refers to the subject of the intoto statement",
       "id": "Subject",
       "properties": {
         "digest": {
           "additionalProperties": {
             "type": "string"
           },
-          "description": "\"\": \"\"",
+          "description": "\"\": \"\" Algorithms can be e.g. sha256, sha512 See https://github.com/in-toto/attestation/blob/main/spec/field_types.md#DigestSet",
           "type": "object"
         },
         "name": {
+          "description": "name is the name of the Subject used here",
           "type": "string"
         }
       },
@@ -3945,23 +4954,6 @@
       },
       "type": "object"
     },
-    "TimeSpan": {
-      "description": "Start and end times for a build execution phase.",
-      "id": "TimeSpan",
-      "properties": {
-        "endTime": {
-          "description": "End of time span.",
-          "format": "google-datetime",
-          "type": "string"
-        },
-        "startTime": {
-          "description": "Start of time span.",
-          "format": "google-datetime",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
     "UpdateOperationRequest": {
       "description": "Request for updating an existing operation",
       "id": "UpdateOperationRequest",
@@ -4083,21 +5075,6 @@
       },
       "type": "object"
     },
-    "Volume": {
-      "description": "Volume describes a Docker container volume which is mounted into build steps in order to persist files across build step execution.",
-      "id": "Volume",
-      "properties": {
-        "name": {
-          "description": "Name of the volume to mount. Volume names must be unique per build step and must be valid names for Docker volumes. Each named volume must be used by at least two build steps.",
-          "type": "string"
-        },
-        "path": {
-          "description": "Path at which to mount the volume. Paths must be absolute and cannot conflict with other volume paths on the same build step or with certain reserved volume paths.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
     "VulnerabilityDetails": {
       "description": "Used by Occurrence to point to where the vulnerability exists and how to fix it.",
       "id": "VulnerabilityDetails",
diff --git a/googleapiclient/discovery_cache/documents/containeranalysis.v1beta1.json b/googleapiclient/discovery_cache/documents/containeranalysis.v1beta1.json
index 8e9fe772f07..0450b071af3 100644
--- a/googleapiclient/discovery_cache/documents/containeranalysis.v1beta1.json
+++ b/googleapiclient/discovery_cache/documents/containeranalysis.v1beta1.json
@@ -853,7 +853,7 @@
       }
     }
   },
-  "revision": "20211027",
+  "revision": "20211105",
   "rootUrl": "https://containeranalysis.googleapis.com/",
   "schemas": {
     "AliasContext": {
@@ -1166,9 +1166,717 @@
       },
       "type": "object"
     },
-    "BuildStep": {
+    "ByProducts": {
+      "description": "Defines an object for the byproducts field in in-toto links. The suggested fields are \"stderr\", \"stdout\", and \"return-value\".",
+      "id": "ByProducts",
+      "properties": {
+        "customValues": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
+    "CVSSv3": {
+      "description": "Common Vulnerability Scoring System version 3. For details, see https://www.first.org/cvss/specification-document",
+      "id": "CVSSv3",
+      "properties": {
+        "attackComplexity": {
+          "enum": [
+            "ATTACK_COMPLEXITY_UNSPECIFIED",
+            "ATTACK_COMPLEXITY_LOW",
+            "ATTACK_COMPLEXITY_HIGH"
+          ],
+          "enumDescriptions": [
+            "",
+            "",
+            ""
+          ],
+          "type": "string"
+        },
+        "attackVector": {
+          "description": "Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments.",
+          "enum": [
+            "ATTACK_VECTOR_UNSPECIFIED",
+            "ATTACK_VECTOR_NETWORK",
+            "ATTACK_VECTOR_ADJACENT",
+            "ATTACK_VECTOR_LOCAL",
+            "ATTACK_VECTOR_PHYSICAL"
+          ],
+          "enumDescriptions": [
+            "",
+            "",
+            "",
+            "",
+            ""
+          ],
+          "type": "string"
+        },
+        "availabilityImpact": {
+          "enum": [
+            "IMPACT_UNSPECIFIED",
+            "IMPACT_HIGH",
+            "IMPACT_LOW",
+            "IMPACT_NONE"
+          ],
+          "enumDescriptions": [
+            "",
+            "",
+            "",
+            ""
+          ],
+          "type": "string"
+        },
+        "baseScore": {
+          "description": "The base score is a function of the base metric scores.",
+          "format": "float",
+          "type": "number"
+        },
+        "confidentialityImpact": {
+          "enum": [
+            "IMPACT_UNSPECIFIED",
+            "IMPACT_HIGH",
+            "IMPACT_LOW",
+            "IMPACT_NONE"
+          ],
+          "enumDescriptions": [
+            "",
+            "",
+            "",
+            ""
+          ],
+          "type": "string"
+        },
+        "exploitabilityScore": {
+          "format": "float",
+          "type": "number"
+        },
+        "impactScore": {
+          "format": "float",
+          "type": "number"
+        },
+        "integrityImpact": {
+          "enum": [
+            "IMPACT_UNSPECIFIED",
+            "IMPACT_HIGH",
+            "IMPACT_LOW",
+            "IMPACT_NONE"
+          ],
+          "enumDescriptions": [
+            "",
+            "",
+            "",
+            ""
+          ],
+          "type": "string"
+        },
+        "privilegesRequired": {
+          "enum": [
+            "PRIVILEGES_REQUIRED_UNSPECIFIED",
+            "PRIVILEGES_REQUIRED_NONE",
+            "PRIVILEGES_REQUIRED_LOW",
+            "PRIVILEGES_REQUIRED_HIGH"
+          ],
+          "enumDescriptions": [
+            "",
+            "",
+            "",
+            ""
+          ],
+          "type": "string"
+        },
+        "scope": {
+          "enum": [
+            "SCOPE_UNSPECIFIED",
+            "SCOPE_UNCHANGED",
+            "SCOPE_CHANGED"
+          ],
+          "enumDescriptions": [
+            "",
+            "",
+            ""
+          ],
+          "type": "string"
+        },
+        "userInteraction": {
+          "enum": [
+            "USER_INTERACTION_UNSPECIFIED",
+            "USER_INTERACTION_NONE",
+            "USER_INTERACTION_REQUIRED"
+          ],
+          "enumDescriptions": [
+            "",
+            "",
+            ""
+          ],
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "CloudRepoSourceContext": {
+      "description": "A CloudRepoSourceContext denotes a particular revision in a Google Cloud Source Repo.",
+      "id": "CloudRepoSourceContext",
+      "properties": {
+        "aliasContext": {
+          "$ref": "AliasContext",
+          "description": "An alias, which may be a branch or tag."
+        },
+        "repoId": {
+          "$ref": "RepoId",
+          "description": "The ID of the repo."
+        },
+        "revisionId": {
+          "description": "A revision ID.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "Command": {
+      "description": "Command describes a step performed as part of the build pipeline.",
+      "id": "Command",
+      "properties": {
+        "args": {
+          "description": "Command-line arguments used when executing this command.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "dir": {
+          "description": "Working directory (relative to project source root) used when running this command.",
+          "type": "string"
+        },
+        "env": {
+          "description": "Environment variables set before running this command.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "id": {
+          "description": "Optional unique identifier for this command, used in wait_for to reference this command as a dependency.",
+          "type": "string"
+        },
+        "name": {
+          "description": "Required. Name of the command, as presented on the command line, or if the command is packaged as a Docker container, as presented to `docker pull`.",
+          "type": "string"
+        },
+        "waitFor": {
+          "description": "The ID(s) of the command(s) that this command depends on.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1ApprovalConfig": {
+      "description": "ApprovalConfig describes configuration for manual approval of a build.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1ApprovalConfig",
+      "properties": {
+        "approvalRequired": {
+          "description": "Whether or not approval is needed. If this is set on a build, it will become pending when created, and will need to be explicitly approved to start.",
+          "type": "boolean"
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1ApprovalResult": {
+      "description": "ApprovalResult describes the decision and associated metadata of a manual approval of a build.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1ApprovalResult",
+      "properties": {
+        "approvalTime": {
+          "description": "Output only. The time when the approval decision was made.",
+          "format": "google-datetime",
+          "readOnly": true,
+          "type": "string"
+        },
+        "approverAccount": {
+          "description": "Output only. Email of the user that called the ApproveBuild API to approve or reject a build at the time that the API was called.",
+          "readOnly": true,
+          "type": "string"
+        },
+        "comment": {
+          "description": "Optional. An optional comment for this manual approval result.",
+          "type": "string"
+        },
+        "decision": {
+          "description": "Required. The decision of this manual approval.",
+          "enum": [
+            "DECISION_UNSPECIFIED",
+            "APPROVED",
+            "REJECTED"
+          ],
+          "enumDescriptions": [
+            "Default enum type. This should not be used.",
+            "Build is approved.",
+            "Build is rejected."
+          ],
+          "type": "string"
+        },
+        "url": {
+          "description": "Optional. An optional URL tied to this manual approval result. This field is essentially the same as comment, except that it will be rendered by the UI differently. An example use case is a link to an external job that approved this Build.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1Artifacts": {
+      "description": "Artifacts produced by a build that should be uploaded upon successful completion of all build steps.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1Artifacts",
+      "properties": {
+        "images": {
+          "description": "A list of images to be pushed upon the successful completion of all build steps. The images will be pushed using the builder service account's credentials. The digests of the pushed images will be stored in the Build resource's results field. If any of the images fail to be pushed, the build is marked FAILURE.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "objects": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1ArtifactsArtifactObjects",
+          "description": "A list of objects to be uploaded to Cloud Storage upon successful completion of all build steps. Files in the workspace matching specified paths globs will be uploaded to the specified Cloud Storage location using the builder service account's credentials. The location and generation of the uploaded objects will be stored in the Build resource's results field. If any objects fail to be pushed, the build is marked FAILURE."
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1ArtifactsArtifactObjects": {
+      "description": "Files in the workspace to upload to Cloud Storage upon successful completion of all build steps.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1ArtifactsArtifactObjects",
+      "properties": {
+        "location": {
+          "description": "Cloud Storage bucket and optional object path, in the form \"gs://bucket/path/to/somewhere/\". (see [Bucket Name Requirements](https://cloud.google.com/storage/docs/bucket-naming#requirements)). Files in the workspace matching any path pattern will be uploaded to Cloud Storage with this location as a prefix.",
+          "type": "string"
+        },
+        "paths": {
+          "description": "Path globs used to match files in the build's workspace.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "timing": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1TimeSpan",
+          "description": "Output only. Stores timing information for pushing all artifact objects.",
+          "readOnly": true
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1Build": {
+      "description": "A build resource in the Cloud Build API. At a high level, a `Build` describes where to find source code, how to build it (for example, the builder image to run on the source), and where to store the built artifacts. Fields can include the following variables, which will be expanded when the build is created: - $PROJECT_ID: the project ID of the build. - $PROJECT_NUMBER: the project number of the build. - $LOCATION: the location/region of the build. - $BUILD_ID: the autogenerated ID of the build. - $REPO_NAME: the source repository name specified by RepoSource. - $BRANCH_NAME: the branch name specified by RepoSource. - $TAG_NAME: the tag name specified by RepoSource. - $REVISION_ID or $COMMIT_SHA: the commit SHA specified by RepoSource or resolved from the specified branch or tag. - $SHORT_SHA: first 7 characters of $REVISION_ID or $COMMIT_SHA.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1Build",
+      "properties": {
+        "approval": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1BuildApproval",
+          "description": "Output only. Describes this build's approval configuration, status, and result.",
+          "readOnly": true
+        },
+        "artifacts": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1Artifacts",
+          "description": "Artifacts produced by the build that should be uploaded upon successful completion of all build steps."
+        },
+        "availableSecrets": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1Secrets",
+          "description": "Secrets and secret environment variables."
+        },
+        "buildTriggerId": {
+          "description": "Output only. The ID of the `BuildTrigger` that triggered this build, if it was triggered automatically.",
+          "readOnly": true,
+          "type": "string"
+        },
+        "createTime": {
+          "description": "Output only. Time at which the request to create the build was received.",
+          "format": "google-datetime",
+          "readOnly": true,
+          "type": "string"
+        },
+        "failureInfo": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1BuildFailureInfo",
+          "description": "Output only. Contains information about the build when status=FAILURE.",
+          "readOnly": true
+        },
+        "finishTime": {
+          "description": "Output only. Time at which execution of the build was finished. The difference between finish_time and start_time is the duration of the build's execution.",
+          "format": "google-datetime",
+          "readOnly": true,
+          "type": "string"
+        },
+        "id": {
+          "description": "Output only. Unique identifier of the build.",
+          "readOnly": true,
+          "type": "string"
+        },
+        "images": {
+          "description": "A list of images to be pushed upon the successful completion of all build steps. The images are pushed using the builder service account's credentials. The digests of the pushed images will be stored in the `Build` resource's results field. If any of the images fail to be pushed, the build status is marked `FAILURE`.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "logUrl": {
+          "description": "Output only. URL to logs for this build in Google Cloud Console.",
+          "readOnly": true,
+          "type": "string"
+        },
+        "logsBucket": {
+          "description": "Google Cloud Storage bucket where logs should be written (see [Bucket Name Requirements](https://cloud.google.com/storage/docs/bucket-naming#requirements)). Logs file names will be of the format `${logs_bucket}/log-${build_id}.txt`.",
+          "type": "string"
+        },
+        "name": {
+          "description": "Output only. The 'Build' name with format: `projects/{project}/locations/{location}/builds/{build}`, where {build} is a unique identifier generated by the service.",
+          "readOnly": true,
+          "type": "string"
+        },
+        "options": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1BuildOptions",
+          "description": "Special options for this build."
+        },
+        "projectId": {
+          "description": "Output only. ID of the project.",
+          "readOnly": true,
+          "type": "string"
+        },
+        "queueTtl": {
+          "description": "TTL in queue for this build. If provided and the build is enqueued longer than this value, the build will expire and the build status will be `EXPIRED`. The TTL starts ticking from create_time.",
+          "format": "google-duration",
+          "type": "string"
+        },
+        "results": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1Results",
+          "description": "Output only. Results of the build.",
+          "readOnly": true
+        },
+        "secrets": {
+          "description": "Secrets to decrypt using Cloud Key Management Service. Note: Secret Manager is the recommended technique for managing sensitive data with Cloud Build. Use `available_secrets` to configure builds to access secrets from Secret Manager. For instructions, see: https://cloud.google.com/cloud-build/docs/securing-builds/use-secrets",
+          "items": {
+            "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1Secret"
+          },
+          "type": "array"
+        },
+        "serviceAccount": {
+          "description": "IAM service account whose credentials will be used at build runtime. Must be of the format `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`. ACCOUNT can be email address or uniqueId of the service account. ",
+          "type": "string"
+        },
+        "source": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1Source",
+          "description": "The location of the source files to build."
+        },
+        "sourceProvenance": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1SourceProvenance",
+          "description": "Output only. A permanent fixed identifier for source.",
+          "readOnly": true
+        },
+        "startTime": {
+          "description": "Output only. Time at which execution of the build was started.",
+          "format": "google-datetime",
+          "readOnly": true,
+          "type": "string"
+        },
+        "status": {
+          "description": "Output only. Status of the build.",
+          "enum": [
+            "STATUS_UNKNOWN",
+            "PENDING",
+            "QUEUED",
+            "WORKING",
+            "SUCCESS",
+            "FAILURE",
+            "INTERNAL_ERROR",
+            "TIMEOUT",
+            "CANCELLED",
+            "EXPIRED"
+          ],
+          "enumDescriptions": [
+            "Status of the build is unknown.",
+            "Build has been created and is pending execution and queuing. It has not been queued.",
+            "Build or step is queued; work has not yet begun.",
+            "Build or step is being executed.",
+            "Build or step finished successfully.",
+            "Build or step failed to complete successfully.",
+            "Build or step failed due to an internal cause.",
+            "Build or step took longer than was allowed.",
+            "Build or step was canceled by a user.",
+            "Build was enqueued for longer than the value of `queue_ttl`."
+          ],
+          "readOnly": true,
+          "type": "string"
+        },
+        "statusDetail": {
+          "description": "Output only. Customer-readable message about the current status.",
+          "readOnly": true,
+          "type": "string"
+        },
+        "steps": {
+          "description": "Required. The operations to be performed on the workspace.",
+          "items": {
+            "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1BuildStep"
+          },
+          "type": "array"
+        },
+        "substitutions": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "description": "Substitutions data for `Build` resource.",
+          "type": "object"
+        },
+        "tags": {
+          "description": "Tags for annotation of a `Build`. These are not docker tags.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "timeout": {
+          "description": "Amount of time that this build should be allowed to run, to second granularity. If this amount of time elapses, work on the build will cease and the build status will be `TIMEOUT`. `timeout` starts ticking from `startTime`. Default time is ten minutes.",
+          "format": "google-duration",
+          "type": "string"
+        },
+        "timing": {
+          "additionalProperties": {
+            "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1TimeSpan"
+          },
+          "description": "Output only. Stores timing information for phases of the build. Valid keys are: * BUILD: time to execute all build steps. * PUSH: time to push all specified images. * FETCHSOURCE: time to fetch source. * SETUPBUILD: time to set up build. If the build does not specify source or images, these keys will not be included.",
+          "readOnly": true,
+          "type": "object"
+        },
+        "warnings": {
+          "description": "Output only. Non-fatal problems encountered during the execution of the build.",
+          "items": {
+            "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1BuildWarning"
+          },
+          "readOnly": true,
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1BuildApproval": {
+      "description": "BuildApproval describes a build's approval configuration, state, and result.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1BuildApproval",
+      "properties": {
+        "config": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1ApprovalConfig",
+          "description": "Output only. Configuration for manual approval of this build.",
+          "readOnly": true
+        },
+        "result": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1ApprovalResult",
+          "description": "Output only. Result of manual approval for this Build.",
+          "readOnly": true
+        },
+        "state": {
+          "description": "Output only. The state of this build's approval.",
+          "enum": [
+            "STATE_UNSPECIFIED",
+            "PENDING",
+            "APPROVED",
+            "REJECTED",
+            "CANCELLED"
+          ],
+          "enumDescriptions": [
+            "Default enum type. This should not be used.",
+            "Build approval is pending.",
+            "Build approval has been approved.",
+            "Build approval has been rejected.",
+            "Build was cancelled while it was still pending approval."
+          ],
+          "readOnly": true,
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1BuildFailureInfo": {
+      "description": "A fatal problem encountered during the execution of the build.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1BuildFailureInfo",
+      "properties": {
+        "detail": {
+          "description": "Explains the failure issue in more detail using hard-coded text.",
+          "type": "string"
+        },
+        "type": {
+          "description": "The name of the failure.",
+          "enum": [
+            "FAILURE_TYPE_UNSPECIFIED",
+            "PUSH_FAILED",
+            "PUSH_IMAGE_NOT_FOUND",
+            "PUSH_NOT_AUTHORIZED",
+            "LOGGING_FAILURE",
+            "USER_BUILD_STEP",
+            "FETCH_SOURCE_FAILED"
+          ],
+          "enumDescriptions": [
+            "Type unspecified",
+            "Unable to push the image to the repository.",
+            "Final image not found.",
+            "Unauthorized push of the final image.",
+            "Backend logging failures. Should retry.",
+            "A build step has failed.",
+            "The source fetching has failed."
+          ],
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1BuildOptions": {
+      "description": "Optional arguments to enable specific features of builds.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1BuildOptions",
+      "properties": {
+        "diskSizeGb": {
+          "description": "Requested disk size for the VM that runs the build. Note that this is *NOT* \"disk free\"; some of the space will be used by the operating system and build utilities. Also note that this is the minimum disk size that will be allocated for the build -- the build may run with a larger disk than requested. At present, the maximum disk size is 1000GB; builds that request more than the maximum are rejected with an error.",
+          "format": "int64",
+          "type": "string"
+        },
+        "dynamicSubstitutions": {
+          "description": "Option to specify whether or not to apply bash style string operations to the substitutions. NOTE: this is always enabled for triggered builds and cannot be overridden in the build configuration file.",
+          "type": "boolean"
+        },
+        "env": {
+          "description": "A list of global environment variable definitions that will exist for all build steps in this build. If a variable is defined in both globally and in a build step, the variable will use the build step value. The elements are of the form \"KEY=VALUE\" for the environment variable \"KEY\" being given the value \"VALUE\".",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "logStreamingOption": {
+          "description": "Option to define build log streaming behavior to Google Cloud Storage.",
+          "enum": [
+            "STREAM_DEFAULT",
+            "STREAM_ON",
+            "STREAM_OFF"
+          ],
+          "enumDescriptions": [
+            "Service may automatically determine build log streaming behavior.",
+            "Build logs should be streamed to Google Cloud Storage.",
+            "Build logs should not be streamed to Google Cloud Storage; they will be written when the build is completed."
+          ],
+          "type": "string"
+        },
+        "logging": {
+          "description": "Option to specify the logging mode, which determines if and where build logs are stored.",
+          "enum": [
+            "LOGGING_UNSPECIFIED",
+            "LEGACY",
+            "GCS_ONLY",
+            "STACKDRIVER_ONLY",
+            "CLOUD_LOGGING_ONLY",
+            "NONE"
+          ],
+          "enumDescriptions": [
+            "The service determines the logging mode. The default is `LEGACY`. Do not rely on the default logging behavior as it may change in the future.",
+            "Build logs are stored in Cloud Logging and Cloud Storage.",
+            "Build logs are stored in Cloud Storage.",
+            "This option is the same as CLOUD_LOGGING_ONLY.",
+            "Build logs are stored in Cloud Logging. Selecting this option will not allow [logs streaming](https://cloud.google.com/sdk/gcloud/reference/builds/log).",
+            "Turn off all logging. No build logs will be captured."
+          ],
+          "type": "string"
+        },
+        "machineType": {
+          "description": "Compute Engine machine type on which to run the build.",
+          "enum": [
+            "UNSPECIFIED",
+            "N1_HIGHCPU_8",
+            "N1_HIGHCPU_32",
+            "E2_HIGHCPU_8",
+            "E2_HIGHCPU_32"
+          ],
+          "enumDescriptions": [
+            "Standard machine type.",
+            "Highcpu machine with 8 CPUs.",
+            "Highcpu machine with 32 CPUs.",
+            "Highcpu e2 machine with 8 CPUs.",
+            "Highcpu e2 machine with 32 CPUs."
+          ],
+          "type": "string"
+        },
+        "pool": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1BuildOptionsPoolOption",
+          "description": "Optional. Specification for execution on a `WorkerPool`. See [running builds in a private pool](https://cloud.google.com/build/docs/private-pools/run-builds-in-private-pool) for more information."
+        },
+        "requestedVerifyOption": {
+          "description": "Requested verifiability options.",
+          "enum": [
+            "NOT_VERIFIED",
+            "VERIFIED"
+          ],
+          "enumDescriptions": [
+            "Not a verifiable build. (default)",
+            "Verified build."
+          ],
+          "type": "string"
+        },
+        "secretEnv": {
+          "description": "A list of global environment variables, which are encrypted using a Cloud Key Management Service crypto key. These values must be specified in the build's `Secret`. These variables will be available to all build steps in this build.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "sourceProvenanceHash": {
+          "description": "Requested hash for SourceProvenance.",
+          "items": {
+            "enum": [
+              "NONE",
+              "SHA256",
+              "MD5"
+            ],
+            "enumDescriptions": [
+              "No hash requested.",
+              "Use a sha256 hash.",
+              "Use a md5 hash."
+            ],
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "substitutionOption": {
+          "description": "Option to specify behavior when there is an error in the substitution checks. NOTE: this is always set to ALLOW_LOOSE for triggered builds and cannot be overridden in the build configuration file.",
+          "enum": [
+            "MUST_MATCH",
+            "ALLOW_LOOSE"
+          ],
+          "enumDescriptions": [
+            "Fails the build if error in substitutions checks, like missing a substitution in the template or in the map.",
+            "Do not fail the build if error in substitutions checks."
+          ],
+          "type": "string"
+        },
+        "volumes": {
+          "description": "Global list of volumes to mount for ALL build steps Each volume is created as an empty volume prior to starting the build process. Upon completion of the build, volumes and their contents are discarded. Global volume names and paths cannot conflict with the volumes defined a build step. Using a global volume in a build with only one step is not valid as it is indicative of a build request with an incorrect configuration.",
+          "items": {
+            "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1Volume"
+          },
+          "type": "array"
+        },
+        "workerPool": {
+          "description": "This field deprecated; please use `pool.name` instead.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1BuildOptionsPoolOption": {
+      "description": "Details about how a build should be executed on a `WorkerPool`. See [running builds in a private pool](https://cloud.google.com/build/docs/private-pools/run-builds-in-private-pool) for more information.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1BuildOptionsPoolOption",
+      "properties": {
+        "name": {
+          "description": "The `WorkerPool` resource to execute the build on. You must have `cloudbuild.workerpools.use` on the project hosting the WorkerPool. Format projects/{project}/locations/{location}/workerPools/{workerPoolId}",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1BuildStep": {
       "description": "A step in the build pipeline.",
-      "id": "BuildStep",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1BuildStep",
       "properties": {
         "args": {
           "description": "A list of arguments that will be presented to the step when it is started. If the image used to run the step's container has an entrypoint, the `args` are used as arguments to that entrypoint. If the image does not define an entrypoint, the first element in args is used as the entrypoint, and the remainder will be used as arguments.",
@@ -1201,7 +1909,7 @@
           "type": "string"
         },
         "pullTiming": {
-          "$ref": "TimeSpan",
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1TimeSpan",
           "description": "Output only. Stores timing information for pulling this build step's builder image only.",
           "readOnly": true
         },
@@ -1251,232 +1959,386 @@
           "type": "string"
         },
         "timing": {
-          "$ref": "TimeSpan",
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1TimeSpan",
           "description": "Output only. Stores timing information for executing this build step.",
           "readOnly": true
         },
         "volumes": {
           "description": "List of volumes to mount into the build step. Each volume is created as an empty volume prior to execution of the build step. Upon completion of the build, volumes and their contents are discarded. Using a named volume in only one step is not valid as it is indicative of a build request with an incorrect configuration.",
           "items": {
-            "$ref": "Volume"
+            "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1Volume"
+          },
+          "type": "array"
+        },
+        "waitFor": {
+          "description": "The ID(s) of the step(s) that this build step depends on. This build step will not start until all the build steps in `wait_for` have completed successfully. If `wait_for` is empty, this build step will start when all previous build steps in the `Build.Steps` list have completed successfully.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1BuildWarning": {
+      "description": "A non-fatal problem encountered during the execution of the build.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1BuildWarning",
+      "properties": {
+        "priority": {
+          "description": "The priority for this warning.",
+          "enum": [
+            "PRIORITY_UNSPECIFIED",
+            "INFO",
+            "WARNING",
+            "ALERT"
+          ],
+          "enumDescriptions": [
+            "Should not be used.",
+            "e.g. deprecation warnings and alternative feature highlights.",
+            "e.g. automated detection of possible issues with the build.",
+            "e.g. alerts that a feature used in the build is pending removal"
+          ],
+          "type": "string"
+        },
+        "text": {
+          "description": "Explanation of the warning generated.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1BuiltImage": {
+      "description": "An image built by the pipeline.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1BuiltImage",
+      "properties": {
+        "digest": {
+          "description": "Docker Registry 2.0 digest.",
+          "type": "string"
+        },
+        "name": {
+          "description": "Name used to push the container image to Google Container Registry, as presented to `docker push`.",
+          "type": "string"
+        },
+        "pushTiming": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1TimeSpan",
+          "description": "Output only. Stores timing information for pushing the specified image.",
+          "readOnly": true
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1FileHashes": {
+      "description": "Container message for hashes of byte content of files, used in SourceProvenance messages to verify integrity of source input to the build.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1FileHashes",
+      "properties": {
+        "fileHash": {
+          "description": "Collection of file hashes.",
+          "items": {
+            "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1Hash"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1Hash": {
+      "description": "Container message for hash values.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1Hash",
+      "properties": {
+        "type": {
+          "description": "The type of hash that was performed.",
+          "enum": [
+            "NONE",
+            "SHA256",
+            "MD5"
+          ],
+          "enumDescriptions": [
+            "No hash requested.",
+            "Use a sha256 hash.",
+            "Use a md5 hash."
+          ],
+          "type": "string"
+        },
+        "value": {
+          "description": "The hash value.",
+          "format": "byte",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1InlineSecret": {
+      "description": "Pairs a set of secret environment variables mapped to encrypted values with the Cloud KMS key to use to decrypt the value.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1InlineSecret",
+      "properties": {
+        "envMap": {
+          "additionalProperties": {
+            "format": "byte",
+            "type": "string"
+          },
+          "description": "Map of environment variable name to its encrypted value. Secret environment variables must be unique across all of a build's secrets, and must be used by at least one build step. Values can be at most 64 KB in size. There can be at most 100 secret values across all of a build's secrets.",
+          "type": "object"
+        },
+        "kmsKeyName": {
+          "description": "Resource name of Cloud KMS crypto key to decrypt the encrypted value. In format: projects/*/locations/*/keyRings/*/cryptoKeys/*",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1RepoSource": {
+      "description": "Location of the source in a Google Cloud Source Repository.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1RepoSource",
+      "properties": {
+        "branchName": {
+          "description": "Regex matching branches to build. The syntax of the regular expressions accepted is the syntax accepted by RE2 and described at https://github.com/google/re2/wiki/Syntax",
+          "type": "string"
+        },
+        "commitSha": {
+          "description": "Explicit commit SHA to build.",
+          "type": "string"
+        },
+        "dir": {
+          "description": "Directory, relative to the source root, in which to run the build. This must be a relative path. If a step's `dir` is specified and is an absolute path, this value is ignored for that step's execution.",
+          "type": "string"
+        },
+        "invertRegex": {
+          "description": "Only trigger a build if the revision regex does NOT match the revision regex.",
+          "type": "boolean"
+        },
+        "projectId": {
+          "description": "ID of the project that owns the Cloud Source Repository. If omitted, the project ID requesting the build is assumed.",
+          "type": "string"
+        },
+        "repoName": {
+          "description": "Name of the Cloud Source Repository.",
+          "type": "string"
+        },
+        "substitutions": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "description": "Substitutions to use in a triggered build. Should only be used with RunBuildTrigger",
+          "type": "object"
+        },
+        "tagName": {
+          "description": "Regex matching tags to build. The syntax of the regular expressions accepted is the syntax accepted by RE2 and described at https://github.com/google/re2/wiki/Syntax",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1Results": {
+      "description": "Artifacts created by the build pipeline.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1Results",
+      "properties": {
+        "artifactManifest": {
+          "description": "Path to the artifact manifest. Only populated when artifacts are uploaded.",
+          "type": "string"
+        },
+        "artifactTiming": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1TimeSpan",
+          "description": "Time to push all non-container artifacts."
+        },
+        "buildStepImages": {
+          "description": "List of build step digests, in the order corresponding to build step indices.",
+          "items": {
+            "type": "string"
           },
           "type": "array"
         },
-        "waitFor": {
-          "description": "The ID(s) of the step(s) that this build step depends on. This build step will not start until all the build steps in `wait_for` have completed successfully. If `wait_for` is empty, this build step will start when all previous build steps in the `Build.Steps` list have completed successfully.",
+        "buildStepOutputs": {
+          "description": "List of build step outputs, produced by builder images, in the order corresponding to build step indices. [Cloud Builders](https://cloud.google.com/cloud-build/docs/cloud-builders) can produce this output by writing to `$BUILDER_OUTPUT/output`. Only the first 4KB of data is stored.",
           "items": {
+            "format": "byte",
             "type": "string"
           },
           "type": "array"
+        },
+        "images": {
+          "description": "Container images that were built as a part of the build.",
+          "items": {
+            "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1BuiltImage"
+          },
+          "type": "array"
+        },
+        "numArtifacts": {
+          "description": "Number of artifacts uploaded. Only populated when artifacts are uploaded.",
+          "format": "int64",
+          "type": "string"
         }
       },
       "type": "object"
     },
-    "ByProducts": {
-      "description": "Defines an object for the byproducts field in in-toto links. The suggested fields are \"stderr\", \"stdout\", and \"return-value\".",
-      "id": "ByProducts",
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1Secret": {
+      "description": "Pairs a set of secret environment variables containing encrypted values with the Cloud KMS key to use to decrypt the value. Note: Use `kmsKeyName` with `available_secrets` instead of using `kmsKeyName` with `secret`. For instructions see: https://cloud.google.com/cloud-build/docs/securing-builds/use-encrypted-credentials.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1Secret",
       "properties": {
-        "customValues": {
+        "kmsKeyName": {
+          "description": "Cloud KMS key name to use to decrypt these envs.",
+          "type": "string"
+        },
+        "secretEnv": {
           "additionalProperties": {
+            "format": "byte",
             "type": "string"
           },
+          "description": "Map of environment variable name to its encrypted value. Secret environment variables must be unique across all of a build's secrets, and must be used by at least one build step. Values can be at most 64 KB in size. There can be at most 100 secret values across all of a build's secrets.",
           "type": "object"
         }
       },
       "type": "object"
     },
-    "CVSSv3": {
-      "description": "Common Vulnerability Scoring System version 3. For details, see https://www.first.org/cvss/specification-document",
-      "id": "CVSSv3",
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1SecretManagerSecret": {
+      "description": "Pairs a secret environment variable with a SecretVersion in Secret Manager.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1SecretManagerSecret",
       "properties": {
-        "attackComplexity": {
-          "enum": [
-            "ATTACK_COMPLEXITY_UNSPECIFIED",
-            "ATTACK_COMPLEXITY_LOW",
-            "ATTACK_COMPLEXITY_HIGH"
-          ],
-          "enumDescriptions": [
-            "",
-            "",
-            ""
-          ],
-          "type": "string"
-        },
-        "attackVector": {
-          "description": "Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments.",
-          "enum": [
-            "ATTACK_VECTOR_UNSPECIFIED",
-            "ATTACK_VECTOR_NETWORK",
-            "ATTACK_VECTOR_ADJACENT",
-            "ATTACK_VECTOR_LOCAL",
-            "ATTACK_VECTOR_PHYSICAL"
-          ],
-          "enumDescriptions": [
-            "",
-            "",
-            "",
-            "",
-            ""
-          ],
+        "env": {
+          "description": "Environment variable name to associate with the secret. Secret environment variables must be unique across all of a build's secrets, and must be used by at least one build step.",
           "type": "string"
         },
-        "availabilityImpact": {
-          "enum": [
-            "IMPACT_UNSPECIFIED",
-            "IMPACT_HIGH",
-            "IMPACT_LOW",
-            "IMPACT_NONE"
-          ],
-          "enumDescriptions": [
-            "",
-            "",
-            "",
-            ""
-          ],
+        "versionName": {
+          "description": "Resource name of the SecretVersion. In format: projects/*/secrets/*/versions/*",
           "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1Secrets": {
+      "description": "Secrets and secret environment variables.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1Secrets",
+      "properties": {
+        "inline": {
+          "description": "Secrets encrypted with KMS key and the associated secret environment variable.",
+          "items": {
+            "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1InlineSecret"
+          },
+          "type": "array"
         },
-        "baseScore": {
-          "description": "The base score is a function of the base metric scores.",
-          "format": "float",
-          "type": "number"
+        "secretManager": {
+          "description": "Secrets in Secret Manager and associated secret environment variable.",
+          "items": {
+            "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1SecretManagerSecret"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1Source": {
+      "description": "Location of the source in a supported storage service.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1Source",
+      "properties": {
+        "repoSource": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1RepoSource",
+          "description": "If provided, get the source from this location in a Cloud Source Repository."
         },
-        "confidentialityImpact": {
-          "enum": [
-            "IMPACT_UNSPECIFIED",
-            "IMPACT_HIGH",
-            "IMPACT_LOW",
-            "IMPACT_NONE"
-          ],
-          "enumDescriptions": [
-            "",
-            "",
-            "",
-            ""
-          ],
-          "type": "string"
+        "storageSource": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1StorageSource",
+          "description": "If provided, get the source from this location in Google Cloud Storage."
         },
-        "exploitabilityScore": {
-          "format": "float",
-          "type": "number"
+        "storageSourceManifest": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1StorageSourceManifest",
+          "description": "If provided, get the source from this manifest in Google Cloud Storage. This feature is in Preview; see description [here](https://github.com/GoogleCloudPlatform/cloud-builders/tree/master/gcs-fetcher)."
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1SourceProvenance": {
+      "description": "Provenance of the source. Ways to find the original source, or verify that some source was used for this build.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1SourceProvenance",
+      "properties": {
+        "fileHashes": {
+          "additionalProperties": {
+            "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1FileHashes"
+          },
+          "description": "Output only. Hash(es) of the build source, which can be used to verify that the original source integrity was maintained in the build. Note that `FileHashes` will only be populated if `BuildOptions` has requested a `SourceProvenanceHash`. The keys to this map are file paths used as build source and the values contain the hash values for those files. If the build source came in a single package such as a gzipped tarfile (`.tar.gz`), the `FileHash` will be for the single path to that file.",
+          "readOnly": true,
+          "type": "object"
         },
-        "impactScore": {
-          "format": "float",
-          "type": "number"
+        "resolvedRepoSource": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1RepoSource",
+          "description": "A copy of the build's `source.repo_source`, if exists, with any revisions resolved."
         },
-        "integrityImpact": {
-          "enum": [
-            "IMPACT_UNSPECIFIED",
-            "IMPACT_HIGH",
-            "IMPACT_LOW",
-            "IMPACT_NONE"
-          ],
-          "enumDescriptions": [
-            "",
-            "",
-            "",
-            ""
-          ],
-          "type": "string"
+        "resolvedStorageSource": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1StorageSource",
+          "description": "A copy of the build's `source.storage_source`, if exists, with any generations resolved."
         },
-        "privilegesRequired": {
-          "enum": [
-            "PRIVILEGES_REQUIRED_UNSPECIFIED",
-            "PRIVILEGES_REQUIRED_NONE",
-            "PRIVILEGES_REQUIRED_LOW",
-            "PRIVILEGES_REQUIRED_HIGH"
-          ],
-          "enumDescriptions": [
-            "",
-            "",
-            "",
-            ""
-          ],
+        "resolvedStorageSourceManifest": {
+          "$ref": "ContaineranalysisGoogleDevtoolsCloudbuildV1StorageSourceManifest",
+          "description": "A copy of the build's `source.storage_source_manifest`, if exists, with any revisions resolved. This feature is in Preview."
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1StorageSource": {
+      "description": "Location of the source in an archive file in Google Cloud Storage.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1StorageSource",
+      "properties": {
+        "bucket": {
+          "description": "Google Cloud Storage bucket containing the source (see [Bucket Name Requirements](https://cloud.google.com/storage/docs/bucket-naming#requirements)).",
           "type": "string"
         },
-        "scope": {
-          "enum": [
-            "SCOPE_UNSPECIFIED",
-            "SCOPE_UNCHANGED",
-            "SCOPE_CHANGED"
-          ],
-          "enumDescriptions": [
-            "",
-            "",
-            ""
-          ],
+        "generation": {
+          "description": "Google Cloud Storage generation for the object. If the generation is omitted, the latest generation will be used.",
+          "format": "int64",
           "type": "string"
         },
-        "userInteraction": {
-          "enum": [
-            "USER_INTERACTION_UNSPECIFIED",
-            "USER_INTERACTION_NONE",
-            "USER_INTERACTION_REQUIRED"
-          ],
-          "enumDescriptions": [
-            "",
-            "",
-            ""
-          ],
+        "object": {
+          "description": "Google Cloud Storage object containing the source. This object must be a zipped (`.zip`) or gzipped archive file (`.tar.gz`) containing source to build.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "CloudRepoSourceContext": {
-      "description": "A CloudRepoSourceContext denotes a particular revision in a Google Cloud Source Repo.",
-      "id": "CloudRepoSourceContext",
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1StorageSourceManifest": {
+      "description": "Location of the source manifest in Google Cloud Storage. This feature is in Preview; see description [here](https://github.com/GoogleCloudPlatform/cloud-builders/tree/master/gcs-fetcher).",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1StorageSourceManifest",
       "properties": {
-        "aliasContext": {
-          "$ref": "AliasContext",
-          "description": "An alias, which may be a branch or tag."
+        "bucket": {
+          "description": "Google Cloud Storage bucket containing the source manifest (see [Bucket Name Requirements](https://cloud.google.com/storage/docs/bucket-naming#requirements)).",
+          "type": "string"
         },
-        "repoId": {
-          "$ref": "RepoId",
-          "description": "The ID of the repo."
+        "generation": {
+          "description": "Google Cloud Storage generation for the object. If the generation is omitted, the latest generation will be used.",
+          "format": "int64",
+          "type": "string"
         },
-        "revisionId": {
-          "description": "A revision ID.",
+        "object": {
+          "description": "Google Cloud Storage object containing the source manifest. This object must be a JSON file.",
           "type": "string"
         }
       },
       "type": "object"
     },
-    "Command": {
-      "description": "Command describes a step performed as part of the build pipeline.",
-      "id": "Command",
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1TimeSpan": {
+      "description": "Start and end times for a build execution phase.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1TimeSpan",
       "properties": {
-        "args": {
-          "description": "Command-line arguments used when executing this command.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "dir": {
-          "description": "Working directory (relative to project source root) used when running this command.",
+        "endTime": {
+          "description": "End of time span.",
+          "format": "google-datetime",
           "type": "string"
         },
-        "env": {
-          "description": "Environment variables set before running this command.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "id": {
-          "description": "Optional unique identifier for this command, used in wait_for to reference this command as a dependency.",
+        "startTime": {
+          "description": "Start of time span.",
+          "format": "google-datetime",
           "type": "string"
-        },
+        }
+      },
+      "type": "object"
+    },
+    "ContaineranalysisGoogleDevtoolsCloudbuildV1Volume": {
+      "description": "Volume describes a Docker container volume which is mounted into build steps in order to persist files across build step execution.",
+      "id": "ContaineranalysisGoogleDevtoolsCloudbuildV1Volume",
+      "properties": {
         "name": {
-          "description": "Required. Name of the command, as presented on the command line, or if the command is packaged as a Docker container, as presented to `docker pull`.",
+          "description": "Name of the volume to mount. Volume names must be unique per build step and must be valid names for Docker volumes. Each named volume must be used by at least two build steps.",
           "type": "string"
         },
-        "waitFor": {
-          "description": "The ID(s) of the command(s) that this command depends on.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
+        "path": {
+          "description": "Path at which to mount the volume. Paths must be absolute and cannot conflict with other volume paths on the same build step or with certain reserved volume paths.",
+          "type": "string"
         }
       },
       "type": "object"
@@ -2162,7 +3024,7 @@
       "id": "GetPolicyOptions",
       "properties": {
         "requestedPolicyVersion": {
-          "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+          "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
           "format": "int32",
           "type": "integer"
         }
@@ -3649,23 +4511,6 @@
       },
       "type": "object"
     },
-    "TimeSpan": {
-      "description": "Start and end times for a build execution phase.",
-      "id": "TimeSpan",
-      "properties": {
-        "endTime": {
-          "description": "End of time span.",
-          "format": "google-datetime",
-          "type": "string"
-        },
-        "startTime": {
-          "description": "Start of time span.",
-          "format": "google-datetime",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
     "Version": {
       "description": "Version contains structured information about the version of a package.",
       "id": "Version",
@@ -3706,21 +4551,6 @@
       },
       "type": "object"
     },
-    "Volume": {
-      "description": "Volume describes a Docker container volume which is mounted into build steps in order to persist files across build step execution.",
-      "id": "Volume",
-      "properties": {
-        "name": {
-          "description": "Name of the volume to mount. Volume names must be unique per build step and must be valid names for Docker volumes. Each named volume must be used by at least two build steps.",
-          "type": "string"
-        },
-        "path": {
-          "description": "Path at which to mount the volume. Paths must be absolute and cannot conflict with other volume paths on the same build step or with certain reserved volume paths.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
     "Vulnerability": {
       "description": "Vulnerability provides metadata about a security vulnerability in a Note.",
       "id": "Vulnerability",
diff --git a/googleapiclient/discovery_cache/documents/customsearch.v1.json b/googleapiclient/discovery_cache/documents/customsearch.v1.json
index 4fe90ef125e..70d7c64c8c7 100644
--- a/googleapiclient/discovery_cache/documents/customsearch.v1.json
+++ b/googleapiclient/discovery_cache/documents/customsearch.v1.json
@@ -674,7 +674,7 @@
       }
     }
   },
-  "revision": "20211105",
+  "revision": "20211111",
   "rootUrl": "https://customsearch.googleapis.com/",
   "schemas": {
     "Promotion": {
diff --git a/googleapiclient/discovery_cache/documents/datalabeling.v1beta1.json b/googleapiclient/discovery_cache/documents/datalabeling.v1beta1.json
index 75275063296..32bf5520477 100644
--- a/googleapiclient/discovery_cache/documents/datalabeling.v1beta1.json
+++ b/googleapiclient/discovery_cache/documents/datalabeling.v1beta1.json
@@ -1596,7 +1596,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211106",
   "rootUrl": "https://datalabeling.googleapis.com/",
   "schemas": {
     "GoogleCloudDatalabelingV1alpha1CreateInstructionMetadata": {
diff --git a/googleapiclient/discovery_cache/documents/datamigration.v1.json b/googleapiclient/discovery_cache/documents/datamigration.v1.json
index 7f47023ad0f..5ccd90f6577 100644
--- a/googleapiclient/discovery_cache/documents/datamigration.v1.json
+++ b/googleapiclient/discovery_cache/documents/datamigration.v1.json
@@ -1049,7 +1049,7 @@
       }
     }
   },
-  "revision": "20211025",
+  "revision": "20211103",
   "rootUrl": "https://datamigration.googleapis.com/",
   "schemas": {
     "AuditConfig": {
diff --git a/googleapiclient/discovery_cache/documents/datamigration.v1beta1.json b/googleapiclient/discovery_cache/documents/datamigration.v1beta1.json
index 5b677aed24a..21fdda01437 100644
--- a/googleapiclient/discovery_cache/documents/datamigration.v1beta1.json
+++ b/googleapiclient/discovery_cache/documents/datamigration.v1beta1.json
@@ -1049,7 +1049,7 @@
       }
     }
   },
-  "revision": "20211025",
+  "revision": "20211103",
   "rootUrl": "https://datamigration.googleapis.com/",
   "schemas": {
     "AuditConfig": {
diff --git a/googleapiclient/discovery_cache/documents/datapipelines.v1.json b/googleapiclient/discovery_cache/documents/datapipelines.v1.json
index 5bd931d6169..e8a0bc1cbe3 100644
--- a/googleapiclient/discovery_cache/documents/datapipelines.v1.json
+++ b/googleapiclient/discovery_cache/documents/datapipelines.v1.json
@@ -12,9 +12,9 @@
   "baseUrl": "https://datapipelines.googleapis.com/",
   "batchPath": "batch",
   "canonicalName": "Datapipelines",
-  "description": "",
+  "description": "Data Pipelines provides an interface for creating, updating, and managing recurring Data Analytics jobs.",
   "discoveryVersion": "v1",
-  "documentationLink": "https://developers.google.com/apis-explorer/#search/dataflow",
+  "documentationLink": "https://cloud.google.com/dataflow/docs/guides/data-pipelines",
   "fullyEncodeReservedExpansion": true,
   "icons": {
     "x16": "http://www.google.com/images/icons/product/search-16.gif",
@@ -329,7 +329,7 @@
       }
     }
   },
-  "revision": "20211022",
+  "revision": "20211029",
   "rootUrl": "https://datapipelines.googleapis.com/",
   "schemas": {
     "GoogleCloudDatapipelinesV1DataflowJobDetails": {
@@ -688,6 +688,13 @@
           "description": "The pipeline name. For example: `projects/PROJECT_ID/locations/LOCATION_ID/pipelines/PIPELINE_ID`. * `PROJECT_ID` can contain letters ([A-Za-z]), numbers ([0-9]), hyphens (-), colons (:), and periods (.). For more information, see [Identifying projects](https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects) * `LOCATION_ID` is the canonical ID for the pipeline's location. The list of available locations can be obtained by calling ListLocations. Note that the Data Pipelines service is not available in all regions. It depends on Cloud Scheduler, an App Engine application, so it's only available in [App Engine regions](https://cloud.google.com/about/locations#region). * `PIPELINE_ID` is the ID of the pipeline. Must be unique for the selected project and location.",
           "type": "string"
         },
+        "pipelineSources": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "description": "Immutable. The sources of the pipeline (for example, Dataplex). The keys and values are set by the corresponding sources during pipeline creation.",
+          "type": "object"
+        },
         "scheduleInfo": {
           "$ref": "GoogleCloudDatapipelinesV1ScheduleSpec",
           "description": "Internal scheduling information for a pipeline. If this information is provided, periodic jobs will be created per the schedule. If not, users are responsible for creating jobs externally."
diff --git a/googleapiclient/discovery_cache/documents/dataproc.v1.json b/googleapiclient/discovery_cache/documents/dataproc.v1.json
index d7bf049687d..1bcbcd7f8a1 100644
--- a/googleapiclient/discovery_cache/documents/dataproc.v1.json
+++ b/googleapiclient/discovery_cache/documents/dataproc.v1.json
@@ -2316,7 +2316,7 @@
       }
     }
   },
-  "revision": "20211105",
+  "revision": "20211111",
   "rootUrl": "https://dataproc.googleapis.com/",
   "schemas": {
     "AcceleratorConfig": {
diff --git a/googleapiclient/discovery_cache/documents/datastore.v1.json b/googleapiclient/discovery_cache/documents/datastore.v1.json
index 1f251b3b919..123da34e2cd 100644
--- a/googleapiclient/discovery_cache/documents/datastore.v1.json
+++ b/googleapiclient/discovery_cache/documents/datastore.v1.json
@@ -626,7 +626,7 @@
       }
     }
   },
-  "revision": "20211025",
+  "revision": "20211029",
   "rootUrl": "https://datastore.googleapis.com/",
   "schemas": {
     "AllocateIdsRequest": {
@@ -898,6 +898,53 @@
       },
       "type": "object"
     },
+    "GoogleDatastoreAdminV1DatastoreFirestoreMigrationMetadata": {
+      "description": "Metadata for Datastore to Firestore migration operations. The DatastoreFirestoreMigration operation is not started by the end-user via an explicit \"creation\" method. This is an intentional deviation from the LRO design pattern. This singleton resource can be accessed at: \"projects/{project_id}/datastore-firestore-migration\"",
+      "id": "GoogleDatastoreAdminV1DatastoreFirestoreMigrationMetadata",
+      "properties": {
+        "migrationState": {
+          "description": "The current state of migration from Cloud Datastore to Cloud Firestore in Datastore mode.",
+          "enum": [
+            "MIGRATION_STATE_UNSPECIFIED",
+            "RUNNING",
+            "PAUSED",
+            "COMPLETE"
+          ],
+          "enumDescriptions": [
+            "Unspecified.",
+            "The migration is running.",
+            "The migration is paused.",
+            "The migration is complete."
+          ],
+          "type": "string"
+        },
+        "migrationStep": {
+          "description": "The current step of migration from Cloud Datastore to Cloud Firestore in Datastore mode.",
+          "enum": [
+            "MIGRATION_STEP_UNSPECIFIED",
+            "PREPARE",
+            "START",
+            "APPLY_WRITES_SYNCHRONOUSLY",
+            "COPY_AND_VERIFY",
+            "REDIRECT_EVENTUALLY_CONSISTENT_READS",
+            "REDIRECT_STRONGLY_CONSISTENT_READS",
+            "REDIRECT_WRITES"
+          ],
+          "enumDescriptions": [
+            "Unspecified.",
+            "Pre-migration: the database is prepared for migration.",
+            "Start of migration.",
+            "Writes are applied synchronously to at least one replica.",
+            "Data is copied to Cloud Firestore and then verified to match the data in Cloud Datastore.",
+            "Eventually-consistent reads are redirected to Cloud Firestore.",
+            "Strongly-consistent reads are redirected to Cloud Firestore.",
+            "Writes are redirected to Cloud Firestore."
+          ],
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
     "GoogleDatastoreAdminV1EntityFilter": {
       "description": "Identifies a subset of entities in a project. This is specified as combinations of kinds and namespaces (either or both of which may be all, as described in the following examples). Example usage: Entire project: kinds=[], namespace_ids=[] Kinds Foo and Bar in all namespaces: kinds=['Foo', 'Bar'], namespace_ids=[] Kinds Foo and Bar only in the default namespace: kinds=['Foo', 'Bar'], namespace_ids=[''] Kinds Foo and Bar in both the default and Baz namespaces: kinds=['Foo', 'Bar'], namespace_ids=['', 'Baz'] The entire Baz namespace: kinds=[], namespace_ids=['Baz']",
       "id": "GoogleDatastoreAdminV1EntityFilter",
diff --git a/googleapiclient/discovery_cache/documents/datastore.v1beta1.json b/googleapiclient/discovery_cache/documents/datastore.v1beta1.json
index 203508ab682..32b180c6986 100644
--- a/googleapiclient/discovery_cache/documents/datastore.v1beta1.json
+++ b/googleapiclient/discovery_cache/documents/datastore.v1beta1.json
@@ -168,7 +168,7 @@
       }
     }
   },
-  "revision": "20211025",
+  "revision": "20211029",
   "rootUrl": "https://datastore.googleapis.com/",
   "schemas": {
     "GoogleDatastoreAdminV1CommonMetadata": {
@@ -237,6 +237,53 @@
       },
       "type": "object"
     },
+    "GoogleDatastoreAdminV1DatastoreFirestoreMigrationMetadata": {
+      "description": "Metadata for Datastore to Firestore migration operations. The DatastoreFirestoreMigration operation is not started by the end-user via an explicit \"creation\" method. This is an intentional deviation from the LRO design pattern. This singleton resource can be accessed at: \"projects/{project_id}/datastore-firestore-migration\"",
+      "id": "GoogleDatastoreAdminV1DatastoreFirestoreMigrationMetadata",
+      "properties": {
+        "migrationState": {
+          "description": "The current state of migration from Cloud Datastore to Cloud Firestore in Datastore mode.",
+          "enum": [
+            "MIGRATION_STATE_UNSPECIFIED",
+            "RUNNING",
+            "PAUSED",
+            "COMPLETE"
+          ],
+          "enumDescriptions": [
+            "Unspecified.",
+            "The migration is running.",
+            "The migration is paused.",
+            "The migration is complete."
+          ],
+          "type": "string"
+        },
+        "migrationStep": {
+          "description": "The current step of migration from Cloud Datastore to Cloud Firestore in Datastore mode.",
+          "enum": [
+            "MIGRATION_STEP_UNSPECIFIED",
+            "PREPARE",
+            "START",
+            "APPLY_WRITES_SYNCHRONOUSLY",
+            "COPY_AND_VERIFY",
+            "REDIRECT_EVENTUALLY_CONSISTENT_READS",
+            "REDIRECT_STRONGLY_CONSISTENT_READS",
+            "REDIRECT_WRITES"
+          ],
+          "enumDescriptions": [
+            "Unspecified.",
+            "Pre-migration: the database is prepared for migration.",
+            "Start of migration.",
+            "Writes are applied synchronously to at least one replica.",
+            "Data is copied to Cloud Firestore and then verified to match the data in Cloud Datastore.",
+            "Eventually-consistent reads are redirected to Cloud Firestore.",
+            "Strongly-consistent reads are redirected to Cloud Firestore.",
+            "Writes are redirected to Cloud Firestore."
+          ],
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
     "GoogleDatastoreAdminV1EntityFilter": {
       "description": "Identifies a subset of entities in a project. This is specified as combinations of kinds and namespaces (either or both of which may be all, as described in the following examples). Example usage: Entire project: kinds=[], namespace_ids=[] Kinds Foo and Bar in all namespaces: kinds=['Foo', 'Bar'], namespace_ids=[] Kinds Foo and Bar only in the default namespace: kinds=['Foo', 'Bar'], namespace_ids=[''] Kinds Foo and Bar in both the default and Baz namespaces: kinds=['Foo', 'Bar'], namespace_ids=['', 'Baz'] The entire Baz namespace: kinds=[], namespace_ids=['Baz']",
       "id": "GoogleDatastoreAdminV1EntityFilter",
diff --git a/googleapiclient/discovery_cache/documents/datastore.v1beta3.json b/googleapiclient/discovery_cache/documents/datastore.v1beta3.json
index 811734db878..4d390f20174 100644
--- a/googleapiclient/discovery_cache/documents/datastore.v1beta3.json
+++ b/googleapiclient/discovery_cache/documents/datastore.v1beta3.json
@@ -308,7 +308,7 @@
       }
     }
   },
-  "revision": "20211025",
+  "revision": "20211029",
   "rootUrl": "https://datastore.googleapis.com/",
   "schemas": {
     "AllocateIdsRequest": {
@@ -574,6 +574,53 @@
       },
       "type": "object"
     },
+    "GoogleDatastoreAdminV1DatastoreFirestoreMigrationMetadata": {
+      "description": "Metadata for Datastore to Firestore migration operations. The DatastoreFirestoreMigration operation is not started by the end-user via an explicit \"creation\" method. This is an intentional deviation from the LRO design pattern. This singleton resource can be accessed at: \"projects/{project_id}/datastore-firestore-migration\"",
+      "id": "GoogleDatastoreAdminV1DatastoreFirestoreMigrationMetadata",
+      "properties": {
+        "migrationState": {
+          "description": "The current state of migration from Cloud Datastore to Cloud Firestore in Datastore mode.",
+          "enum": [
+            "MIGRATION_STATE_UNSPECIFIED",
+            "RUNNING",
+            "PAUSED",
+            "COMPLETE"
+          ],
+          "enumDescriptions": [
+            "Unspecified.",
+            "The migration is running.",
+            "The migration is paused.",
+            "The migration is complete."
+          ],
+          "type": "string"
+        },
+        "migrationStep": {
+          "description": "The current step of migration from Cloud Datastore to Cloud Firestore in Datastore mode.",
+          "enum": [
+            "MIGRATION_STEP_UNSPECIFIED",
+            "PREPARE",
+            "START",
+            "APPLY_WRITES_SYNCHRONOUSLY",
+            "COPY_AND_VERIFY",
+            "REDIRECT_EVENTUALLY_CONSISTENT_READS",
+            "REDIRECT_STRONGLY_CONSISTENT_READS",
+            "REDIRECT_WRITES"
+          ],
+          "enumDescriptions": [
+            "Unspecified.",
+            "Pre-migration: the database is prepared for migration.",
+            "Start of migration.",
+            "Writes are applied synchronously to at least one replica.",
+            "Data is copied to Cloud Firestore and then verified to match the data in Cloud Datastore.",
+            "Eventually-consistent reads are redirected to Cloud Firestore.",
+            "Strongly-consistent reads are redirected to Cloud Firestore.",
+            "Writes are redirected to Cloud Firestore."
+          ],
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
     "GoogleDatastoreAdminV1EntityFilter": {
       "description": "Identifies a subset of entities in a project. This is specified as combinations of kinds and namespaces (either or both of which may be all, as described in the following examples). Example usage: Entire project: kinds=[], namespace_ids=[] Kinds Foo and Bar in all namespaces: kinds=['Foo', 'Bar'], namespace_ids=[] Kinds Foo and Bar only in the default namespace: kinds=['Foo', 'Bar'], namespace_ids=[''] Kinds Foo and Bar in both the default and Baz namespaces: kinds=['Foo', 'Bar'], namespace_ids=['', 'Baz'] The entire Baz namespace: kinds=[], namespace_ids=['Baz']",
       "id": "GoogleDatastoreAdminV1EntityFilter",
diff --git a/googleapiclient/discovery_cache/documents/datastream.v1.json b/googleapiclient/discovery_cache/documents/datastream.v1.json
new file mode 100644
index 00000000000..fe6564be675
--- /dev/null
+++ b/googleapiclient/discovery_cache/documents/datastream.v1.json
@@ -0,0 +1,628 @@
+{
+  "auth": {
+    "oauth2": {
+      "scopes": {
+        "https://www.googleapis.com/auth/cloud-platform": {
+          "description": "See, edit, configure, and delete your Google Cloud data and see the email address for your Google Account."
+        }
+      }
+    }
+  },
+  "basePath": "",
+  "baseUrl": "https://datastream.googleapis.com/",
+  "batchPath": "batch",
+  "canonicalName": "Datastream",
+  "description": "",
+  "discoveryVersion": "v1",
+  "documentationLink": "https://cloud.google.com/datastream/",
+  "fullyEncodeReservedExpansion": true,
+  "icons": {
+    "x16": "http://www.google.com/images/icons/product/search-16.gif",
+    "x32": "http://www.google.com/images/icons/product/search-32.gif"
+  },
+  "id": "datastream:v1",
+  "kind": "discovery#restDescription",
+  "mtlsRootUrl": "https://datastream.mtls.googleapis.com/",
+  "name": "datastream",
+  "ownerDomain": "google.com",
+  "ownerName": "Google",
+  "parameters": {
+    "$.xgafv": {
+      "description": "V1 error format.",
+      "enum": [
+        "1",
+        "2"
+      ],
+      "enumDescriptions": [
+        "v1 error format",
+        "v2 error format"
+      ],
+      "location": "query",
+      "type": "string"
+    },
+    "access_token": {
+      "description": "OAuth access token.",
+      "location": "query",
+      "type": "string"
+    },
+    "alt": {
+      "default": "json",
+      "description": "Data format for response.",
+      "enum": [
+        "json",
+        "media",
+        "proto"
+      ],
+      "enumDescriptions": [
+        "Responses with Content-Type of application/json",
+        "Media download with context-dependent Content-Type",
+        "Responses with Content-Type of application/x-protobuf"
+      ],
+      "location": "query",
+      "type": "string"
+    },
+    "callback": {
+      "description": "JSONP",
+      "location": "query",
+      "type": "string"
+    },
+    "fields": {
+      "description": "Selector specifying which fields to include in a partial response.",
+      "location": "query",
+      "type": "string"
+    },
+    "key": {
+      "description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.",
+      "location": "query",
+      "type": "string"
+    },
+    "oauth_token": {
+      "description": "OAuth 2.0 token for the current user.",
+      "location": "query",
+      "type": "string"
+    },
+    "prettyPrint": {
+      "default": "true",
+      "description": "Returns response with indentations and line breaks.",
+      "location": "query",
+      "type": "boolean"
+    },
+    "quotaUser": {
+      "description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.",
+      "location": "query",
+      "type": "string"
+    },
+    "uploadType": {
+      "description": "Legacy upload protocol for media (e.g. \"media\", \"multipart\").",
+      "location": "query",
+      "type": "string"
+    },
+    "upload_protocol": {
+      "description": "Upload protocol for media (e.g. \"raw\", \"multipart\").",
+      "location": "query",
+      "type": "string"
+    }
+  },
+  "protocol": "rest",
+  "resources": {
+    "projects": {
+      "resources": {
+        "locations": {
+          "methods": {
+            "get": {
+              "description": "Gets information about a location.",
+              "flatPath": "v1/projects/{projectsId}/locations/{locationsId}",
+              "httpMethod": "GET",
+              "id": "datastream.projects.locations.get",
+              "parameterOrder": [
+                "name"
+              ],
+              "parameters": {
+                "name": {
+                  "description": "Resource name for the location.",
+                  "location": "path",
+                  "pattern": "^projects/[^/]+/locations/[^/]+$",
+                  "required": true,
+                  "type": "string"
+                }
+              },
+              "path": "v1/{+name}",
+              "response": {
+                "$ref": "Location"
+              },
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ]
+            },
+            "list": {
+              "description": "Lists information about the supported locations for this service.",
+              "flatPath": "v1/projects/{projectsId}/locations",
+              "httpMethod": "GET",
+              "id": "datastream.projects.locations.list",
+              "parameterOrder": [
+                "name"
+              ],
+              "parameters": {
+                "filter": {
+                  "description": "A filter to narrow down results to a preferred subset. The filtering language accepts strings like \"displayName=tokyo\", and is documented in more detail in [AIP-160](https://google.aip.dev/160).",
+                  "location": "query",
+                  "type": "string"
+                },
+                "name": {
+                  "description": "The resource that owns the locations collection, if applicable.",
+                  "location": "path",
+                  "pattern": "^projects/[^/]+$",
+                  "required": true,
+                  "type": "string"
+                },
+                "pageSize": {
+                  "description": "The maximum number of results to return. If not set, the service selects a default.",
+                  "format": "int32",
+                  "location": "query",
+                  "type": "integer"
+                },
+                "pageToken": {
+                  "description": "A page token received from the `next_page_token` field in the response. Send that page token to receive the subsequent page.",
+                  "location": "query",
+                  "type": "string"
+                }
+              },
+              "path": "v1/{+name}/locations",
+              "response": {
+                "$ref": "ListLocationsResponse"
+              },
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ]
+            }
+          },
+          "resources": {
+            "operations": {
+              "methods": {
+                "cancel": {
+                  "description": "Starts asynchronous cancellation on a long-running operation. The server makes a best effort to cancel the operation, but success is not guaranteed. If the server doesn't support this method, it returns `google.rpc.Code.UNIMPLEMENTED`. Clients can use Operations.GetOperation or other methods to check whether the cancellation succeeded or whether the operation completed despite cancellation. On successful cancellation, the operation is not deleted; instead, it becomes an operation with an Operation.error value with a google.rpc.Status.code of 1, corresponding to `Code.CANCELLED`.",
+                  "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/operations/{operationsId}:cancel",
+                  "httpMethod": "POST",
+                  "id": "datastream.projects.locations.operations.cancel",
+                  "parameterOrder": [
+                    "name"
+                  ],
+                  "parameters": {
+                    "name": {
+                      "description": "The name of the operation resource to be cancelled.",
+                      "location": "path",
+                      "pattern": "^projects/[^/]+/locations/[^/]+/operations/[^/]+$",
+                      "required": true,
+                      "type": "string"
+                    }
+                  },
+                  "path": "v1/{+name}:cancel",
+                  "request": {
+                    "$ref": "CancelOperationRequest"
+                  },
+                  "response": {
+                    "$ref": "Empty"
+                  },
+                  "scopes": [
+                    "https://www.googleapis.com/auth/cloud-platform"
+                  ]
+                },
+                "delete": {
+                  "description": "Deletes a long-running operation. This method indicates that the client is no longer interested in the operation result. It does not cancel the operation. If the server doesn't support this method, it returns `google.rpc.Code.UNIMPLEMENTED`.",
+                  "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/operations/{operationsId}",
+                  "httpMethod": "DELETE",
+                  "id": "datastream.projects.locations.operations.delete",
+                  "parameterOrder": [
+                    "name"
+                  ],
+                  "parameters": {
+                    "name": {
+                      "description": "The name of the operation resource to be deleted.",
+                      "location": "path",
+                      "pattern": "^projects/[^/]+/locations/[^/]+/operations/[^/]+$",
+                      "required": true,
+                      "type": "string"
+                    }
+                  },
+                  "path": "v1/{+name}",
+                  "response": {
+                    "$ref": "Empty"
+                  },
+                  "scopes": [
+                    "https://www.googleapis.com/auth/cloud-platform"
+                  ]
+                },
+                "get": {
+                  "description": "Gets the latest state of a long-running operation. Clients can use this method to poll the operation result at intervals as recommended by the API service.",
+                  "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/operations/{operationsId}",
+                  "httpMethod": "GET",
+                  "id": "datastream.projects.locations.operations.get",
+                  "parameterOrder": [
+                    "name"
+                  ],
+                  "parameters": {
+                    "name": {
+                      "description": "The name of the operation resource.",
+                      "location": "path",
+                      "pattern": "^projects/[^/]+/locations/[^/]+/operations/[^/]+$",
+                      "required": true,
+                      "type": "string"
+                    }
+                  },
+                  "path": "v1/{+name}",
+                  "response": {
+                    "$ref": "Operation"
+                  },
+                  "scopes": [
+                    "https://www.googleapis.com/auth/cloud-platform"
+                  ]
+                },
+                "list": {
+                  "description": "Lists operations that match the specified filter in the request. If the server doesn't support this method, it returns `UNIMPLEMENTED`. NOTE: the `name` binding allows API services to override the binding to use different resource name schemes, such as `users/*/operations`. To override the binding, API services can add a binding such as `\"/v1/{name=users/*}/operations\"` to their service configuration. For backwards compatibility, the default name includes the operations collection id, however overriding users must ensure the name binding is the parent resource, without the operations collection id.",
+                  "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/operations",
+                  "httpMethod": "GET",
+                  "id": "datastream.projects.locations.operations.list",
+                  "parameterOrder": [
+                    "name"
+                  ],
+                  "parameters": {
+                    "filter": {
+                      "description": "The standard list filter.",
+                      "location": "query",
+                      "type": "string"
+                    },
+                    "name": {
+                      "description": "The name of the operation's parent resource.",
+                      "location": "path",
+                      "pattern": "^projects/[^/]+/locations/[^/]+$",
+                      "required": true,
+                      "type": "string"
+                    },
+                    "pageSize": {
+                      "description": "The standard list page size.",
+                      "format": "int32",
+                      "location": "query",
+                      "type": "integer"
+                    },
+                    "pageToken": {
+                      "description": "The standard list page token.",
+                      "location": "query",
+                      "type": "string"
+                    }
+                  },
+                  "path": "v1/{+name}/operations",
+                  "response": {
+                    "$ref": "ListOperationsResponse"
+                  },
+                  "scopes": [
+                    "https://www.googleapis.com/auth/cloud-platform"
+                  ]
+                }
+              }
+            }
+          }
+        }
+      }
+    }
+  },
+  "revision": "20211026",
+  "rootUrl": "https://datastream.googleapis.com/",
+  "schemas": {
+    "CancelOperationRequest": {
+      "description": "The request message for Operations.CancelOperation.",
+      "id": "CancelOperationRequest",
+      "properties": {},
+      "type": "object"
+    },
+    "Empty": {
+      "description": "A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for `Empty` is empty JSON object `{}`.",
+      "id": "Empty",
+      "properties": {},
+      "type": "object"
+    },
+    "Error": {
+      "description": "Represent a user-facing Error.",
+      "id": "Error",
+      "properties": {
+        "details": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "description": "Additional information about the error.",
+          "type": "object"
+        },
+        "errorTime": {
+          "description": "The time when the error occurred.",
+          "format": "google-datetime",
+          "type": "string"
+        },
+        "errorUuid": {
+          "description": "A unique identifier for this specific error, allowing it to be traced throughout the system in logs and API responses.",
+          "type": "string"
+        },
+        "message": {
+          "description": "A message containing more information about the error that occurred.",
+          "type": "string"
+        },
+        "reason": {
+          "description": "A title that explains the reason for the error.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ListLocationsResponse": {
+      "description": "The response message for Locations.ListLocations.",
+      "id": "ListLocationsResponse",
+      "properties": {
+        "locations": {
+          "description": "A list of locations that matches the specified filter in the request.",
+          "items": {
+            "$ref": "Location"
+          },
+          "type": "array"
+        },
+        "nextPageToken": {
+          "description": "The standard List next-page token.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ListOperationsResponse": {
+      "description": "The response message for Operations.ListOperations.",
+      "id": "ListOperationsResponse",
+      "properties": {
+        "nextPageToken": {
+          "description": "The standard List next-page token.",
+          "type": "string"
+        },
+        "operations": {
+          "description": "A list of operations that matches the specified filter in the request.",
+          "items": {
+            "$ref": "Operation"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "Location": {
+      "description": "A resource that represents Google Cloud Platform location.",
+      "id": "Location",
+      "properties": {
+        "displayName": {
+          "description": "The friendly name for this location, typically a nearby city name. For example, \"Tokyo\".",
+          "type": "string"
+        },
+        "labels": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "description": "Cross-service attributes for the location. For example {\"cloud.googleapis.com/region\": \"us-east1\"}",
+          "type": "object"
+        },
+        "locationId": {
+          "description": "The canonical id for this location. For example: `\"us-east1\"`.",
+          "type": "string"
+        },
+        "metadata": {
+          "additionalProperties": {
+            "description": "Properties of the object. Contains field @type with type URL.",
+            "type": "any"
+          },
+          "description": "Service-specific metadata. For example the available capacity at the given location.",
+          "type": "object"
+        },
+        "name": {
+          "description": "Resource name for the location, which may vary between implementations. For example: `\"projects/example-project/locations/us-east1\"`",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "Operation": {
+      "description": "This resource represents a long-running operation that is the result of a network API call.",
+      "id": "Operation",
+      "properties": {
+        "done": {
+          "description": "If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.",
+          "type": "boolean"
+        },
+        "error": {
+          "$ref": "Status",
+          "description": "The error result of the operation in case of failure or cancellation."
+        },
+        "metadata": {
+          "additionalProperties": {
+            "description": "Properties of the object. Contains field @type with type URL.",
+            "type": "any"
+          },
+          "description": "Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.",
+          "type": "object"
+        },
+        "name": {
+          "description": "The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.",
+          "type": "string"
+        },
+        "response": {
+          "additionalProperties": {
+            "description": "Properties of the object. Contains field @type with type URL.",
+            "type": "any"
+          },
+          "description": "The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.",
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
+    "OperationMetadata": {
+      "description": "Represents the metadata of the long-running operation.",
+      "id": "OperationMetadata",
+      "properties": {
+        "apiVersion": {
+          "description": "Output only. API version used to start the operation.",
+          "readOnly": true,
+          "type": "string"
+        },
+        "createTime": {
+          "description": "Output only. The time the operation was created.",
+          "format": "google-datetime",
+          "readOnly": true,
+          "type": "string"
+        },
+        "endTime": {
+          "description": "Output only. The time the operation finished running.",
+          "format": "google-datetime",
+          "readOnly": true,
+          "type": "string"
+        },
+        "requestedCancellation": {
+          "description": "Output only. Identifies whether the user has requested cancellation of the operation. Operations that have successfully been cancelled have Operation.error value with a google.rpc.Status.code of 1, corresponding to `Code.CANCELLED`.",
+          "readOnly": true,
+          "type": "boolean"
+        },
+        "statusMessage": {
+          "description": "Output only. Human-readable status of the operation, if any.",
+          "readOnly": true,
+          "type": "string"
+        },
+        "target": {
+          "description": "Output only. Server-defined resource path for the target of the operation.",
+          "readOnly": true,
+          "type": "string"
+        },
+        "validationResult": {
+          "$ref": "ValidationResult",
+          "description": "Output only. Results of executed validations if there are any.",
+          "readOnly": true
+        },
+        "verb": {
+          "description": "Output only. Name of the verb executed by the operation.",
+          "readOnly": true,
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "Status": {
+      "description": "The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors).",
+      "id": "Status",
+      "properties": {
+        "code": {
+          "description": "The status code, which should be an enum value of google.rpc.Code.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "details": {
+          "description": "A list of messages that carry the error details. There is a common set of message types for APIs to use.",
+          "items": {
+            "additionalProperties": {
+              "description": "Properties of the object. Contains field @type with type URL.",
+              "type": "any"
+            },
+            "type": "object"
+          },
+          "type": "array"
+        },
+        "message": {
+          "description": "A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "Validation": {
+      "description": "A validation to perform on a stream.",
+      "id": "Validation",
+      "properties": {
+        "code": {
+          "description": "A custom code identifying this validation.",
+          "type": "string"
+        },
+        "description": {
+          "description": "A short description of the validation.",
+          "type": "string"
+        },
+        "message": {
+          "description": "Messages reflecting the validation results.",
+          "items": {
+            "$ref": "ValidationMessage"
+          },
+          "type": "array"
+        },
+        "state": {
+          "description": "Validation execution status.",
+          "enum": [
+            "STATE_UNSPECIFIED",
+            "NOT_EXECUTED",
+            "FAILED",
+            "PASSED"
+          ],
+          "enumDescriptions": [
+            "Unspecified state.",
+            "Validation did not execute.",
+            "Validation failed.",
+            "Validation passed."
+          ],
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ValidationMessage": {
+      "description": "Represent user-facing validation result message.",
+      "id": "ValidationMessage",
+      "properties": {
+        "code": {
+          "description": "A custom code identifying this specific message.",
+          "type": "string"
+        },
+        "level": {
+          "description": "Message severity level (warning or error).",
+          "enum": [
+            "LEVEL_UNSPECIFIED",
+            "WARNING",
+            "ERROR"
+          ],
+          "enumDescriptions": [
+            "Unspecified level.",
+            "Potentially cause issues with the Stream.",
+            "Definitely cause issues with the Stream."
+          ],
+          "type": "string"
+        },
+        "message": {
+          "description": "The result of the validation.",
+          "type": "string"
+        },
+        "metadata": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "description": "Additional metadata related to the result.",
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
+    "ValidationResult": {
+      "description": "Contains the current validation results.",
+      "id": "ValidationResult",
+      "properties": {
+        "validations": {
+          "description": "A list of validations (includes both executed as well as not executed validations).",
+          "items": {
+            "$ref": "Validation"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    }
+  },
+  "servicePath": "",
+  "title": "Datastream API",
+  "version": "v1",
+  "version_module": true
+}
\ No newline at end of file
diff --git a/googleapiclient/discovery_cache/documents/deploymentmanager.alpha.json b/googleapiclient/discovery_cache/documents/deploymentmanager.alpha.json
index 5e5c643889a..2aebbfaf5a5 100644
--- a/googleapiclient/discovery_cache/documents/deploymentmanager.alpha.json
+++ b/googleapiclient/discovery_cache/documents/deploymentmanager.alpha.json
@@ -1588,7 +1588,7 @@
       }
     }
   },
-  "revision": "20211028",
+  "revision": "20211111",
   "rootUrl": "https://deploymentmanager.googleapis.com/",
   "schemas": {
     "AsyncOptions": {
diff --git a/googleapiclient/discovery_cache/documents/deploymentmanager.v2.json b/googleapiclient/discovery_cache/documents/deploymentmanager.v2.json
index 53d9fe711ca..96a663c09df 100644
--- a/googleapiclient/discovery_cache/documents/deploymentmanager.v2.json
+++ b/googleapiclient/discovery_cache/documents/deploymentmanager.v2.json
@@ -988,7 +988,7 @@
       }
     }
   },
-  "revision": "20211028",
+  "revision": "20211111",
   "rootUrl": "https://deploymentmanager.googleapis.com/",
   "schemas": {
     "AuditConfig": {
diff --git a/googleapiclient/discovery_cache/documents/deploymentmanager.v2beta.json b/googleapiclient/discovery_cache/documents/deploymentmanager.v2beta.json
index c005bdae4b1..cc12014dca9 100644
--- a/googleapiclient/discovery_cache/documents/deploymentmanager.v2beta.json
+++ b/googleapiclient/discovery_cache/documents/deploymentmanager.v2beta.json
@@ -1552,7 +1552,7 @@
       }
     }
   },
-  "revision": "20211028",
+  "revision": "20211111",
   "rootUrl": "https://deploymentmanager.googleapis.com/",
   "schemas": {
     "AsyncOptions": {
diff --git a/googleapiclient/discovery_cache/documents/dialogflow.v2.json b/googleapiclient/discovery_cache/documents/dialogflow.v2.json
index 31f1afa3019..23437e8ad7e 100644
--- a/googleapiclient/discovery_cache/documents/dialogflow.v2.json
+++ b/googleapiclient/discovery_cache/documents/dialogflow.v2.json
@@ -6983,7 +6983,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211105",
   "rootUrl": "https://dialogflow.googleapis.com/",
   "schemas": {
     "GoogleCloudDialogflowCxV3AudioInput": {
@@ -10678,7 +10678,7 @@
       "id": "GoogleCloudDialogflowV2AutomatedAgentConfig",
       "properties": {
         "agent": {
-          "description": "Required. ID of the Dialogflow agent environment to use. This project needs to either be the same project as the conversation or you need to grant `service-@gcp-sa-dialogflow.iam.gserviceaccount.com` the `Dialogflow API Service Agent` role in this project. Format: `projects//locations//agent/environments/`. If environment is not specified, the default `draft` environment is used. Refer to [DetectIntentRequest](/dialogflow/docs/reference/rpc/google.cloud.dialogflow.v2#google.cloud.dialogflow.v2.DetectIntentRequest) for more details.",
+          "description": "Required. ID of the Dialogflow agent environment to use. This project needs to either be the same project as the conversation or you need to grant `service-@gcp-sa-dialogflow.iam.gserviceaccount.com` the `Dialogflow API Service Agent` role in this project. - For ES agents, use format: `projects//locations//agent/environments/`. If environment is not specified, the default `draft` environment is used. Refer to [DetectIntentRequest](/dialogflow/docs/reference/rpc/google.cloud.dialogflow.v2#google.cloud.dialogflow.v2.DetectIntentRequest) for more details. - For CX agents, use format `projects//locations//agents//environments/`. If environment is not specified, the default `draft` environment is used.",
           "type": "string"
         }
       },
@@ -11057,7 +11057,7 @@
           "description": "Configuration for connecting to a live agent. Currently, this feature is not general available, please contact Google to get access."
         },
         "languageCode": {
-          "description": "Language which represents the conversationProfile. If unspecified, the default language code en-us applies. Users need to create a ConversationProfile for each language they want to support.",
+          "description": "Language code for the conversation profile. If not specified, the language is en-US. Language at ConversationProfile should be set for all non en-US languages. This should be a [BCP-47](https://www.rfc-editor.org/rfc/bcp/bcp47.txt) language tag. Example: \"en-US\".",
           "type": "string"
         },
         "loggingConfig": {
@@ -11076,10 +11076,18 @@
           "$ref": "GoogleCloudDialogflowV2NotificationConfig",
           "description": "Configuration for publishing conversation lifecycle events."
         },
+        "securitySettings": {
+          "description": "Name of the CX SecuritySettings reference for the agent. Format: `projects//locations//securitySettings/`.",
+          "type": "string"
+        },
         "sttConfig": {
           "$ref": "GoogleCloudDialogflowV2SpeechToTextConfig",
           "description": "Settings for speech transcription."
         },
+        "timeZone": {
+          "description": "The time zone of this conversational profile from the [time zone database](https://www.iana.org/time-zones), e.g., America/New_York, Europe/Paris. Defaults to America/New_York.",
+          "type": "string"
+        },
         "updateTime": {
           "description": "Output only. Update time of the conversation profile.",
           "format": "google-datetime",
@@ -11681,7 +11689,7 @@
       "id": "GoogleCloudDialogflowV2HumanAgentAssistantConfigSuggestionQueryConfig",
       "properties": {
         "confidenceThreshold": {
-          "description": "Confidence threshold of query result. Agent Assist gives each suggestion a score in the range [0.0, 1.0], based on the relevance between the suggestion and the current conversation context. A score of 0.0 has no relevance, while a score of 1.0 has high relevance. Only suggestions with a score greater than or equal to the value of this field are included in the results. For a baseline model (the default), the recommended value is in the range [0.05, 0.1]. For a custom model, there is no recommended value. Tune this value by starting from a very low value and slowly increasing until you have desired results. If this field is not set, it defaults to 0.0, which means that all suggestions are returned. Supported features: ARTICLE_SUGGESTION.",
+          "description": "Confidence threshold of query result. Agent Assist gives each suggestion a score in the range [0.0, 1.0], based on the relevance between the suggestion and the current conversation context. A score of 0.0 has no relevance, while a score of 1.0 has high relevance. Only suggestions with a score greater than or equal to the value of this field are included in the results. For a baseline model (the default), the recommended value is in the range [0.05, 0.1]. For a custom model, there is no recommended value. Tune this value by starting from a very low value and slowly increasing until you have desired results. If this field is not set, it defaults to 0.0, which means that all suggestions are returned. Supported features: ARTICLE_SUGGESTION, FAQ, SMART_REPLY, SMART_COMPOSE.",
           "format": "float",
           "type": "number"
         },
@@ -13249,9 +13257,9 @@
             "JSON"
           ],
           "enumDescriptions": [
-            "If it is unspeified, PROTO will be used.",
-            "Pubsub message will be serialized proto.",
-            "Pubsub message will be json."
+            "If it is unspecified, PROTO will be used.",
+            "Pub/Sub message will be serialized proto.",
+            "Pub/Sub message will be json."
           ],
           "type": "string"
         },
diff --git a/googleapiclient/discovery_cache/documents/dialogflow.v2beta1.json b/googleapiclient/discovery_cache/documents/dialogflow.v2beta1.json
index 3a513a33a3a..fc0e233533a 100644
--- a/googleapiclient/discovery_cache/documents/dialogflow.v2beta1.json
+++ b/googleapiclient/discovery_cache/documents/dialogflow.v2beta1.json
@@ -7315,7 +7315,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211105",
   "rootUrl": "https://dialogflow.googleapis.com/",
   "schemas": {
     "GoogleCloudDialogflowCxV3AudioInput": {
diff --git a/googleapiclient/discovery_cache/documents/dialogflow.v3.json b/googleapiclient/discovery_cache/documents/dialogflow.v3.json
index 564239e5894..3e7774e43f4 100644
--- a/googleapiclient/discovery_cache/documents/dialogflow.v3.json
+++ b/googleapiclient/discovery_cache/documents/dialogflow.v3.json
@@ -3820,7 +3820,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211105",
   "rootUrl": "https://dialogflow.googleapis.com/",
   "schemas": {
     "GoogleCloudDialogflowCxV3AdvancedSettings": {
diff --git a/googleapiclient/discovery_cache/documents/dialogflow.v3beta1.json b/googleapiclient/discovery_cache/documents/dialogflow.v3beta1.json
index 374d172f1ec..a719b5dbd71 100644
--- a/googleapiclient/discovery_cache/documents/dialogflow.v3beta1.json
+++ b/googleapiclient/discovery_cache/documents/dialogflow.v3beta1.json
@@ -3820,7 +3820,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211105",
   "rootUrl": "https://dialogflow.googleapis.com/",
   "schemas": {
     "GoogleCloudDialogflowCxV3AudioInput": {
diff --git a/googleapiclient/discovery_cache/documents/digitalassetlinks.v1.json b/googleapiclient/discovery_cache/documents/digitalassetlinks.v1.json
index 16abed24f37..026d949eb20 100644
--- a/googleapiclient/discovery_cache/documents/digitalassetlinks.v1.json
+++ b/googleapiclient/discovery_cache/documents/digitalassetlinks.v1.json
@@ -184,7 +184,7 @@
       }
     }
   },
-  "revision": "20211026",
+  "revision": "20211109",
   "rootUrl": "https://digitalassetlinks.googleapis.com/",
   "schemas": {
     "AndroidAppAsset": {
diff --git a/googleapiclient/discovery_cache/documents/displayvideo.v1.json b/googleapiclient/discovery_cache/documents/displayvideo.v1.json
index 9201ff599fe..e01ad94d471 100644
--- a/googleapiclient/discovery_cache/documents/displayvideo.v1.json
+++ b/googleapiclient/discovery_cache/documents/displayvideo.v1.json
@@ -7597,7 +7597,7 @@
       }
     }
   },
-  "revision": "20211104",
+  "revision": "20211111",
   "rootUrl": "https://displayvideo.googleapis.com/",
   "schemas": {
     "ActivateManualTriggerRequest": {
diff --git a/googleapiclient/discovery_cache/documents/dlp.v2.json b/googleapiclient/discovery_cache/documents/dlp.v2.json
index e89829836bd..2554d5fb5a8 100644
--- a/googleapiclient/discovery_cache/documents/dlp.v2.json
+++ b/googleapiclient/discovery_cache/documents/dlp.v2.json
@@ -3412,7 +3412,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211105",
   "rootUrl": "https://dlp.googleapis.com/",
   "schemas": {
     "GooglePrivacyDlpV2Action": {
diff --git a/googleapiclient/discovery_cache/documents/docs.v1.json b/googleapiclient/discovery_cache/documents/docs.v1.json
index 02b02602367..0a4975ef8be 100644
--- a/googleapiclient/discovery_cache/documents/docs.v1.json
+++ b/googleapiclient/discovery_cache/documents/docs.v1.json
@@ -216,7 +216,7 @@
       }
     }
   },
-  "revision": "20211105",
+  "revision": "20211111",
   "rootUrl": "https://docs.googleapis.com/",
   "schemas": {
     "AutoText": {
diff --git a/googleapiclient/discovery_cache/documents/documentai.v1.json b/googleapiclient/discovery_cache/documents/documentai.v1.json
index f09b63dbc6b..b237392b3ff 100644
--- a/googleapiclient/discovery_cache/documents/documentai.v1.json
+++ b/googleapiclient/discovery_cache/documents/documentai.v1.json
@@ -1029,7 +1029,7 @@
       }
     }
   },
-  "revision": "20211102",
+  "revision": "20211105",
   "rootUrl": "https://documentai.googleapis.com/",
   "schemas": {
     "GoogleCloudDocumentaiUiv1beta3BatchDeleteDocumentsMetadata": {
@@ -1054,6 +1054,44 @@
         "commonMetadata": {
           "$ref": "GoogleCloudDocumentaiUiv1beta3CommonOperationMetadata",
           "description": "The basic metadata of the long running operation."
+        },
+        "destDatasetType": {
+          "description": "The destination dataset split type.",
+          "enum": [
+            "DATASET_SPLIT_TYPE_UNSPECIFIED",
+            "DATASET_SPLIT_TRAIN",
+            "DATASET_SPLIT_TEST",
+            "DATASET_SPLIT_UNASSIGNED"
+          ],
+          "enumDescriptions": [
+            "Default value if the enum is not set. go/protodosdonts#do-include-an-unspecified-value-in-an-enum",
+            "Identifies the train documents.",
+            "Identifies the test documents.",
+            "Identifies the unassigned documents."
+          ],
+          "type": "string"
+        },
+        "individualBatchMoveStatuses": {
+          "description": "The list of response details of each document.",
+          "items": {
+            "$ref": "GoogleCloudDocumentaiUiv1beta3BatchMoveDocumentsMetadataIndividualBatchMoveStatus"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "GoogleCloudDocumentaiUiv1beta3BatchMoveDocumentsMetadataIndividualBatchMoveStatus": {
+      "description": "The status of each individual document in the batch move process.",
+      "id": "GoogleCloudDocumentaiUiv1beta3BatchMoveDocumentsMetadataIndividualBatchMoveStatus",
+      "properties": {
+        "documentId": {
+          "$ref": "GoogleCloudDocumentaiUiv1beta3DocumentId",
+          "description": "The document id of the document."
+        },
+        "status": {
+          "$ref": "GoogleRpcStatus",
+          "description": "The status of moving the document."
         }
       },
       "type": "object"
@@ -1187,6 +1225,35 @@
       "properties": {},
       "type": "object"
     },
+    "GoogleCloudDocumentaiUiv1beta3DocumentId": {
+      "description": "Document Identifier.",
+      "id": "GoogleCloudDocumentaiUiv1beta3DocumentId",
+      "properties": {
+        "gcsManagedDocId": {
+          "$ref": "GoogleCloudDocumentaiUiv1beta3DocumentIdGCSManagedDocumentId"
+        },
+        "revisionReference": {
+          "$ref": "GoogleCloudDocumentaiUiv1beta3RevisionReference",
+          "description": "Points to a specific revision of the document if set."
+        }
+      },
+      "type": "object"
+    },
+    "GoogleCloudDocumentaiUiv1beta3DocumentIdGCSManagedDocumentId": {
+      "description": "Identifies a document uniquely within the scope of a dataset in the GCS-based option.",
+      "id": "GoogleCloudDocumentaiUiv1beta3DocumentIdGCSManagedDocumentId",
+      "properties": {
+        "cwDocId": {
+          "description": "Optional. Id of the document (indexed) managed by Content Warehouse.",
+          "type": "string"
+        },
+        "gcsUri": {
+          "description": "Required. The Cloud Storage uri where the actual document is stored.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
     "GoogleCloudDocumentaiUiv1beta3EnableProcessorMetadata": {
       "description": "The long running operation metadata for enable processor method.",
       "id": "GoogleCloudDocumentaiUiv1beta3EnableProcessorMetadata",
@@ -1255,6 +1322,32 @@
         "commonMetadata": {
           "$ref": "GoogleCloudDocumentaiUiv1beta3CommonOperationMetadata",
           "description": "The basic metadata of the long running operation."
+        },
+        "individualImportStatuses": {
+          "description": "The list of response details of each document.",
+          "items": {
+            "$ref": "GoogleCloudDocumentaiUiv1beta3ImportDocumentsMetadataIndividualImportStatus"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "GoogleCloudDocumentaiUiv1beta3ImportDocumentsMetadataIndividualImportStatus": {
+      "description": "The status of each individual document in the import process.",
+      "id": "GoogleCloudDocumentaiUiv1beta3ImportDocumentsMetadataIndividualImportStatus",
+      "properties": {
+        "inputGcsSource": {
+          "description": "The source Cloud Storage URI of the document.",
+          "type": "string"
+        },
+        "outputGcsDestination": {
+          "description": "The output_gcs_destination of the processed document if it was successful, otherwise empty.",
+          "type": "string"
+        },
+        "status": {
+          "$ref": "GoogleRpcStatus",
+          "description": "The status of the importing of the document."
         }
       },
       "type": "object"
@@ -1265,6 +1358,35 @@
       "properties": {},
       "type": "object"
     },
+    "GoogleCloudDocumentaiUiv1beta3RevisionReference": {
+      "description": "The revision reference specifies which revision on the document to read.",
+      "id": "GoogleCloudDocumentaiUiv1beta3RevisionReference",
+      "properties": {
+        "latestProcessorVersion": {
+          "description": "Read the revision generated by the processor version, returns error if it does not exist.",
+          "type": "string"
+        },
+        "revisionCase": {
+          "description": "Read the revision by the predefined case.",
+          "enum": [
+            "REVISION_CASE_UNSPECIFIED",
+            "LATEST_HUMAN_REVIEW",
+            "LATEST_TIMESTAMP"
+          ],
+          "enumDescriptions": [
+            "Unspecified case, fallback to read the first (OCR) revision.",
+            "The latest revision made by a human.",
+            "The latest revision based on timestamp."
+          ],
+          "type": "string"
+        },
+        "revisionId": {
+          "description": "Read the revision given by the id, returns error if it does not exist.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
     "GoogleCloudDocumentaiUiv1beta3SetDefaultProcessorVersionMetadata": {
       "description": "The long running operation metadata for set default processor version method.",
       "id": "GoogleCloudDocumentaiUiv1beta3SetDefaultProcessorVersionMetadata",
@@ -2660,77 +2782,6 @@
       "properties": {},
       "type": "object"
     },
-    "GoogleCloudDocumentaiV1EvaluationMetrics": {
-      "description": "Evaluation metrics, either in aggregate or about a specific entity.",
-      "id": "GoogleCloudDocumentaiV1EvaluationMetrics",
-      "properties": {
-        "f1Score": {
-          "description": "The calculated f1 score.",
-          "format": "float",
-          "type": "number"
-        },
-        "falseNegativesCount": {
-          "description": "The amount of false negatives.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "falsePositivesCount": {
-          "description": "The amount of false positives.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "groundTruthOccurrencesCount": {
-          "description": "The amount of occurrences in ground truth documents.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "precision": {
-          "description": "The calculated precision.",
-          "format": "float",
-          "type": "number"
-        },
-        "predictedOccurrencesCount": {
-          "description": "The amount of occurrences in predicted documents.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "recall": {
-          "description": "The calculated recall.",
-          "format": "float",
-          "type": "number"
-        },
-        "totalDocumentsCount": {
-          "description": "The amount of documents that had an occurrence of this label.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "truePositivesCount": {
-          "description": "The amount of true positives.",
-          "format": "int32",
-          "type": "integer"
-        }
-      },
-      "type": "object"
-    },
-    "GoogleCloudDocumentaiV1EvaluationReference": {
-      "description": "Gives a short summary of an evaluation, and links to the evaluation itself.",
-      "id": "GoogleCloudDocumentaiV1EvaluationReference",
-      "properties": {
-        "aggregateMetrics": {
-          "$ref": "GoogleCloudDocumentaiV1EvaluationMetrics",
-          "description": "An aggregate of the statistics for the evaluation."
-        },
-        "evaluation": {
-          "description": "The resource name of the evaluation.",
-          "type": "string"
-        },
-        "operation": {
-          "description": "The resource name of the Long Running Operation for the evaluation.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
     "GoogleCloudDocumentaiV1FetchProcessorTypesResponse": {
       "description": "Response message for fetch processor types.",
       "id": "GoogleCloudDocumentaiV1FetchProcessorTypesResponse",
@@ -3046,18 +3097,10 @@
           "description": "The display name of the processor version.",
           "type": "string"
         },
-        "latestEvaluation": {
-          "$ref": "GoogleCloudDocumentaiV1EvaluationReference",
-          "description": "The most recently invoked evaluation for the processor version."
-        },
         "name": {
           "description": "The resource name of the processor version. Format: projects/{project}/locations/{location}/processors/{processor}/processorVersions/{processor_version}",
           "type": "string"
         },
-        "schema": {
-          "$ref": "GoogleCloudDocumentaiV1Schema",
-          "description": "The schema of the processor version. Describes the output."
-        },
         "state": {
           "description": "The state of the processor version.",
           "enum": [
@@ -3150,93 +3193,6 @@
       },
       "type": "object"
     },
-    "GoogleCloudDocumentaiV1Schema": {
-      "description": "The schema defines the output of the processed document by a processor.",
-      "id": "GoogleCloudDocumentaiV1Schema",
-      "properties": {
-        "description": {
-          "description": "Description of the schema.",
-          "type": "string"
-        },
-        "displayName": {
-          "description": "Display name to show to users.",
-          "type": "string"
-        },
-        "entityTypes": {
-          "description": "Entity types of the schema.",
-          "items": {
-            "$ref": "GoogleCloudDocumentaiV1SchemaEntityType"
-          },
-          "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "GoogleCloudDocumentaiV1SchemaEntityType": {
-      "description": "EntityType is the wrapper of a label of the corresponding model with detailed attributes and limitations for entity-based processors. Multiple types can also compose a dependency tree to represent nested types.",
-      "id": "GoogleCloudDocumentaiV1SchemaEntityType",
-      "properties": {
-        "baseType": {
-          "description": "Type of the entity. It must be one of the following: `document` - the entity represents a classification of a logical document. `object` - if the entity has properties it is likely an object (or or a document.) `datetime` - the entity is a date or time value. `money` - the entity represents a money value amount. `number` - the entity is a number - integer or floating point. `string` - the entity is a string value. `boolean` - the entity is a boolean value. `address` - the entity is a location address. `duration` - the entity is a duration.",
-          "type": "string"
-        },
-        "description": {
-          "description": "Description of the entity type.",
-          "type": "string"
-        },
-        "enumValues": {
-          "description": "If specified, lists all the possible values for this entity.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "occurrenceType": {
-          "description": "Occurrence type limits the number of times an entity type appears in the document.",
-          "enum": [
-            "OCCURRENCE_TYPE_UNSPECIFIED",
-            "OPTIONAL_ONCE",
-            "OPTIONAL_MULTIPLE",
-            "REQUIRED_ONCE",
-            "REQUIRED_MULTIPLE"
-          ],
-          "enumDescriptions": [
-            "Unspecified occurrence type.",
-            "The entity type will appear zero times or once.",
-            "The entity type will appear zero or multiple times.",
-            "The entity type will only appear exactly once.",
-            "The entity type will appear once or more times."
-          ],
-          "type": "string"
-        },
-        "properties": {
-          "description": "Describing the nested structure of an entity. An EntityType may consist of several other EntityTypes. For example, in a document there can be an EntityType 'ID', which consists of EntityType 'name' and 'address', with corresponding attributes, such as TEXT for both types and ONCE for occurrence types.",
-          "items": {
-            "$ref": "GoogleCloudDocumentaiV1SchemaEntityType"
-          },
-          "type": "array"
-        },
-        "source": {
-          "description": "Source of this entity type.",
-          "enum": [
-            "SOURCE_UNSPECIFIED",
-            "PREDEFINED",
-            "USER_INPUT"
-          ],
-          "enumDescriptions": [
-            "Unspecified source.",
-            "The entity type is in the predefined schema of a pretrained version of a processor.",
-            "The entity type is added by the users either: - during an uptraining of an existing processor, or - during the process of creating a customized processor."
-          ],
-          "type": "string"
-        },
-        "type": {
-          "description": "Name of the type. It must satisfy the following constraints: 1. Must be unique within the set of same level types (with case-insensitive match). 2. Maximum 50 characters. 3. Must start with a letter. 4. Allowed characters: ASCII letters [a-zA-Z], ASCII digits [0-9], or one of the following punctuation characters: * underscore '_' (recommended) * hyphen '-' (allowed, not recommended) * colon ':' (allowed, not recommended) NOTE: Whitespace characters are not allowed. 5. Cannot end with a punctuation character. 6. Cannot contain the following restricted strings: \"google\", \"DocumentAI\" (case-insensitive match). 7. A slash character '/' is reserved as a separator in flattened representations of nested entity types (e.g., \"line_item/amount\") in which case each part (e.g., \"line_item\", \"amount\") must comply with the rules defined above. We recommend using the snake case (\"snake_case\") in entity type names.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
     "GoogleCloudDocumentaiV1SetDefaultProcessorVersionMetadata": {
       "description": "The long running operation metadata for set default processor version method.",
       "id": "GoogleCloudDocumentaiV1SetDefaultProcessorVersionMetadata",
diff --git a/googleapiclient/discovery_cache/documents/documentai.v1beta2.json b/googleapiclient/discovery_cache/documents/documentai.v1beta2.json
index adeba1c6c22..12f0a44b9d7 100644
--- a/googleapiclient/discovery_cache/documents/documentai.v1beta2.json
+++ b/googleapiclient/discovery_cache/documents/documentai.v1beta2.json
@@ -292,7 +292,7 @@
       }
     }
   },
-  "revision": "20211102",
+  "revision": "20211105",
   "rootUrl": "https://documentai.googleapis.com/",
   "schemas": {
     "GoogleCloudDocumentaiUiv1beta3BatchDeleteDocumentsMetadata": {
@@ -317,6 +317,44 @@
         "commonMetadata": {
           "$ref": "GoogleCloudDocumentaiUiv1beta3CommonOperationMetadata",
           "description": "The basic metadata of the long running operation."
+        },
+        "destDatasetType": {
+          "description": "The destination dataset split type.",
+          "enum": [
+            "DATASET_SPLIT_TYPE_UNSPECIFIED",
+            "DATASET_SPLIT_TRAIN",
+            "DATASET_SPLIT_TEST",
+            "DATASET_SPLIT_UNASSIGNED"
+          ],
+          "enumDescriptions": [
+            "Default value if the enum is not set. go/protodosdonts#do-include-an-unspecified-value-in-an-enum",
+            "Identifies the train documents.",
+            "Identifies the test documents.",
+            "Identifies the unassigned documents."
+          ],
+          "type": "string"
+        },
+        "individualBatchMoveStatuses": {
+          "description": "The list of response details of each document.",
+          "items": {
+            "$ref": "GoogleCloudDocumentaiUiv1beta3BatchMoveDocumentsMetadataIndividualBatchMoveStatus"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "GoogleCloudDocumentaiUiv1beta3BatchMoveDocumentsMetadataIndividualBatchMoveStatus": {
+      "description": "The status of each individual document in the batch move process.",
+      "id": "GoogleCloudDocumentaiUiv1beta3BatchMoveDocumentsMetadataIndividualBatchMoveStatus",
+      "properties": {
+        "documentId": {
+          "$ref": "GoogleCloudDocumentaiUiv1beta3DocumentId",
+          "description": "The document id of the document."
+        },
+        "status": {
+          "$ref": "GoogleRpcStatus",
+          "description": "The status of moving the document."
         }
       },
       "type": "object"
@@ -450,6 +488,35 @@
       "properties": {},
       "type": "object"
     },
+    "GoogleCloudDocumentaiUiv1beta3DocumentId": {
+      "description": "Document Identifier.",
+      "id": "GoogleCloudDocumentaiUiv1beta3DocumentId",
+      "properties": {
+        "gcsManagedDocId": {
+          "$ref": "GoogleCloudDocumentaiUiv1beta3DocumentIdGCSManagedDocumentId"
+        },
+        "revisionReference": {
+          "$ref": "GoogleCloudDocumentaiUiv1beta3RevisionReference",
+          "description": "Points to a specific revision of the document if set."
+        }
+      },
+      "type": "object"
+    },
+    "GoogleCloudDocumentaiUiv1beta3DocumentIdGCSManagedDocumentId": {
+      "description": "Identifies a document uniquely within the scope of a dataset in the GCS-based option.",
+      "id": "GoogleCloudDocumentaiUiv1beta3DocumentIdGCSManagedDocumentId",
+      "properties": {
+        "cwDocId": {
+          "description": "Optional. Id of the document (indexed) managed by Content Warehouse.",
+          "type": "string"
+        },
+        "gcsUri": {
+          "description": "Required. The Cloud Storage uri where the actual document is stored.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
     "GoogleCloudDocumentaiUiv1beta3EnableProcessorMetadata": {
       "description": "The long running operation metadata for enable processor method.",
       "id": "GoogleCloudDocumentaiUiv1beta3EnableProcessorMetadata",
@@ -518,6 +585,32 @@
         "commonMetadata": {
           "$ref": "GoogleCloudDocumentaiUiv1beta3CommonOperationMetadata",
           "description": "The basic metadata of the long running operation."
+        },
+        "individualImportStatuses": {
+          "description": "The list of response details of each document.",
+          "items": {
+            "$ref": "GoogleCloudDocumentaiUiv1beta3ImportDocumentsMetadataIndividualImportStatus"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "GoogleCloudDocumentaiUiv1beta3ImportDocumentsMetadataIndividualImportStatus": {
+      "description": "The status of each individual document in the import process.",
+      "id": "GoogleCloudDocumentaiUiv1beta3ImportDocumentsMetadataIndividualImportStatus",
+      "properties": {
+        "inputGcsSource": {
+          "description": "The source Cloud Storage URI of the document.",
+          "type": "string"
+        },
+        "outputGcsDestination": {
+          "description": "The output_gcs_destination of the processed document if it was successful, otherwise empty.",
+          "type": "string"
+        },
+        "status": {
+          "$ref": "GoogleRpcStatus",
+          "description": "The status of the importing of the document."
         }
       },
       "type": "object"
@@ -528,6 +621,35 @@
       "properties": {},
       "type": "object"
     },
+    "GoogleCloudDocumentaiUiv1beta3RevisionReference": {
+      "description": "The revision reference specifies which revision on the document to read.",
+      "id": "GoogleCloudDocumentaiUiv1beta3RevisionReference",
+      "properties": {
+        "latestProcessorVersion": {
+          "description": "Read the revision generated by the processor version, returns error if it does not exist.",
+          "type": "string"
+        },
+        "revisionCase": {
+          "description": "Read the revision by the predefined case.",
+          "enum": [
+            "REVISION_CASE_UNSPECIFIED",
+            "LATEST_HUMAN_REVIEW",
+            "LATEST_TIMESTAMP"
+          ],
+          "enumDescriptions": [
+            "Unspecified case, fallback to read the first (OCR) revision.",
+            "The latest revision made by a human.",
+            "The latest revision based on timestamp."
+          ],
+          "type": "string"
+        },
+        "revisionId": {
+          "description": "Read the revision given by the id, returns error if it does not exist.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
     "GoogleCloudDocumentaiUiv1beta3SetDefaultProcessorVersionMetadata": {
       "description": "The long running operation metadata for set default processor version method.",
       "id": "GoogleCloudDocumentaiUiv1beta3SetDefaultProcessorVersionMetadata",
diff --git a/googleapiclient/discovery_cache/documents/documentai.v1beta3.json b/googleapiclient/discovery_cache/documents/documentai.v1beta3.json
index cb56b9e458b..159109a920a 100644
--- a/googleapiclient/discovery_cache/documents/documentai.v1beta3.json
+++ b/googleapiclient/discovery_cache/documents/documentai.v1beta3.json
@@ -796,7 +796,7 @@
       }
     }
   },
-  "revision": "20211102",
+  "revision": "20211105",
   "rootUrl": "https://documentai.googleapis.com/",
   "schemas": {
     "GoogleCloudDocumentaiUiv1beta3BatchDeleteDocumentsMetadata": {
@@ -821,6 +821,44 @@
         "commonMetadata": {
           "$ref": "GoogleCloudDocumentaiUiv1beta3CommonOperationMetadata",
           "description": "The basic metadata of the long running operation."
+        },
+        "destDatasetType": {
+          "description": "The destination dataset split type.",
+          "enum": [
+            "DATASET_SPLIT_TYPE_UNSPECIFIED",
+            "DATASET_SPLIT_TRAIN",
+            "DATASET_SPLIT_TEST",
+            "DATASET_SPLIT_UNASSIGNED"
+          ],
+          "enumDescriptions": [
+            "Default value if the enum is not set. go/protodosdonts#do-include-an-unspecified-value-in-an-enum",
+            "Identifies the train documents.",
+            "Identifies the test documents.",
+            "Identifies the unassigned documents."
+          ],
+          "type": "string"
+        },
+        "individualBatchMoveStatuses": {
+          "description": "The list of response details of each document.",
+          "items": {
+            "$ref": "GoogleCloudDocumentaiUiv1beta3BatchMoveDocumentsMetadataIndividualBatchMoveStatus"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "GoogleCloudDocumentaiUiv1beta3BatchMoveDocumentsMetadataIndividualBatchMoveStatus": {
+      "description": "The status of each individual document in the batch move process.",
+      "id": "GoogleCloudDocumentaiUiv1beta3BatchMoveDocumentsMetadataIndividualBatchMoveStatus",
+      "properties": {
+        "documentId": {
+          "$ref": "GoogleCloudDocumentaiUiv1beta3DocumentId",
+          "description": "The document id of the document."
+        },
+        "status": {
+          "$ref": "GoogleRpcStatus",
+          "description": "The status of moving the document."
         }
       },
       "type": "object"
@@ -954,6 +992,35 @@
       "properties": {},
       "type": "object"
     },
+    "GoogleCloudDocumentaiUiv1beta3DocumentId": {
+      "description": "Document Identifier.",
+      "id": "GoogleCloudDocumentaiUiv1beta3DocumentId",
+      "properties": {
+        "gcsManagedDocId": {
+          "$ref": "GoogleCloudDocumentaiUiv1beta3DocumentIdGCSManagedDocumentId"
+        },
+        "revisionReference": {
+          "$ref": "GoogleCloudDocumentaiUiv1beta3RevisionReference",
+          "description": "Points to a specific revision of the document if set."
+        }
+      },
+      "type": "object"
+    },
+    "GoogleCloudDocumentaiUiv1beta3DocumentIdGCSManagedDocumentId": {
+      "description": "Identifies a document uniquely within the scope of a dataset in the GCS-based option.",
+      "id": "GoogleCloudDocumentaiUiv1beta3DocumentIdGCSManagedDocumentId",
+      "properties": {
+        "cwDocId": {
+          "description": "Optional. Id of the document (indexed) managed by Content Warehouse.",
+          "type": "string"
+        },
+        "gcsUri": {
+          "description": "Required. The Cloud Storage uri where the actual document is stored.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
     "GoogleCloudDocumentaiUiv1beta3EnableProcessorMetadata": {
       "description": "The long running operation metadata for enable processor method.",
       "id": "GoogleCloudDocumentaiUiv1beta3EnableProcessorMetadata",
@@ -1022,6 +1089,32 @@
         "commonMetadata": {
           "$ref": "GoogleCloudDocumentaiUiv1beta3CommonOperationMetadata",
           "description": "The basic metadata of the long running operation."
+        },
+        "individualImportStatuses": {
+          "description": "The list of response details of each document.",
+          "items": {
+            "$ref": "GoogleCloudDocumentaiUiv1beta3ImportDocumentsMetadataIndividualImportStatus"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "GoogleCloudDocumentaiUiv1beta3ImportDocumentsMetadataIndividualImportStatus": {
+      "description": "The status of each individual document in the import process.",
+      "id": "GoogleCloudDocumentaiUiv1beta3ImportDocumentsMetadataIndividualImportStatus",
+      "properties": {
+        "inputGcsSource": {
+          "description": "The source Cloud Storage URI of the document.",
+          "type": "string"
+        },
+        "outputGcsDestination": {
+          "description": "The output_gcs_destination of the processed document if it was successful, otherwise empty.",
+          "type": "string"
+        },
+        "status": {
+          "$ref": "GoogleRpcStatus",
+          "description": "The status of the importing of the document."
         }
       },
       "type": "object"
@@ -1032,6 +1125,35 @@
       "properties": {},
       "type": "object"
     },
+    "GoogleCloudDocumentaiUiv1beta3RevisionReference": {
+      "description": "The revision reference specifies which revision on the document to read.",
+      "id": "GoogleCloudDocumentaiUiv1beta3RevisionReference",
+      "properties": {
+        "latestProcessorVersion": {
+          "description": "Read the revision generated by the processor version, returns error if it does not exist.",
+          "type": "string"
+        },
+        "revisionCase": {
+          "description": "Read the revision by the predefined case.",
+          "enum": [
+            "REVISION_CASE_UNSPECIFIED",
+            "LATEST_HUMAN_REVIEW",
+            "LATEST_TIMESTAMP"
+          ],
+          "enumDescriptions": [
+            "Unspecified case, fallback to read the first (OCR) revision.",
+            "The latest revision made by a human.",
+            "The latest revision based on timestamp."
+          ],
+          "type": "string"
+        },
+        "revisionId": {
+          "description": "Read the revision given by the id, returns error if it does not exist.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
     "GoogleCloudDocumentaiUiv1beta3SetDefaultProcessorVersionMetadata": {
       "description": "The long running operation metadata for set default processor version method.",
       "id": "GoogleCloudDocumentaiUiv1beta3SetDefaultProcessorVersionMetadata",
@@ -5094,77 +5216,6 @@
       "properties": {},
       "type": "object"
     },
-    "GoogleCloudDocumentaiV1beta3EvaluationMetrics": {
-      "description": "Evaluation metrics, either in aggregate or about a specific entity.",
-      "id": "GoogleCloudDocumentaiV1beta3EvaluationMetrics",
-      "properties": {
-        "f1Score": {
-          "description": "The calculated f1 score.",
-          "format": "float",
-          "type": "number"
-        },
-        "falseNegativesCount": {
-          "description": "The amount of false negatives.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "falsePositivesCount": {
-          "description": "The amount of false positives.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "groundTruthOccurrencesCount": {
-          "description": "The amount of occurrences in ground truth documents.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "precision": {
-          "description": "The calculated precision.",
-          "format": "float",
-          "type": "number"
-        },
-        "predictedOccurrencesCount": {
-          "description": "The amount of occurrences in predicted documents.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "recall": {
-          "description": "The calculated recall.",
-          "format": "float",
-          "type": "number"
-        },
-        "totalDocumentsCount": {
-          "description": "The amount of documents that had an occurrence of this label.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "truePositivesCount": {
-          "description": "The amount of true positives.",
-          "format": "int32",
-          "type": "integer"
-        }
-      },
-      "type": "object"
-    },
-    "GoogleCloudDocumentaiV1beta3EvaluationReference": {
-      "description": "Gives a short summary of an evaluation, and links to the evaluation itself.",
-      "id": "GoogleCloudDocumentaiV1beta3EvaluationReference",
-      "properties": {
-        "aggregateMetrics": {
-          "$ref": "GoogleCloudDocumentaiV1beta3EvaluationMetrics",
-          "description": "An aggregate of the statistics for the evaluation."
-        },
-        "evaluation": {
-          "description": "The resource name of the evaluation.",
-          "type": "string"
-        },
-        "operation": {
-          "description": "The resource name of the Long Running Operation for the evaluation.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
     "GoogleCloudDocumentaiV1beta3FetchProcessorTypesResponse": {
       "description": "Response message for fetch processor types.",
       "id": "GoogleCloudDocumentaiV1beta3FetchProcessorTypesResponse",
@@ -5488,18 +5539,10 @@
           "description": "The display name of the processor version.",
           "type": "string"
         },
-        "latestEvaluation": {
-          "$ref": "GoogleCloudDocumentaiV1beta3EvaluationReference",
-          "description": "The most recently invoked evaluation for the processor version."
-        },
         "name": {
           "description": "The resource name of the processor version. Format: projects/{project}/locations/{location}/processors/{processor}/processorVersions/{processor_version}",
           "type": "string"
         },
-        "schema": {
-          "$ref": "GoogleCloudDocumentaiV1beta3Schema",
-          "description": "The schema of the processor version. Describes the output."
-        },
         "state": {
           "description": "The state of the processor version.",
           "enum": [
@@ -5630,93 +5673,6 @@
       },
       "type": "object"
     },
-    "GoogleCloudDocumentaiV1beta3Schema": {
-      "description": "The schema defines the output of the processed document by a processor.",
-      "id": "GoogleCloudDocumentaiV1beta3Schema",
-      "properties": {
-        "description": {
-          "description": "Description of the schema.",
-          "type": "string"
-        },
-        "displayName": {
-          "description": "Display name to show to users.",
-          "type": "string"
-        },
-        "entityTypes": {
-          "description": "Entity types of the schema.",
-          "items": {
-            "$ref": "GoogleCloudDocumentaiV1beta3SchemaEntityType"
-          },
-          "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "GoogleCloudDocumentaiV1beta3SchemaEntityType": {
-      "description": "EntityType is the wrapper of a label of the corresponding model with detailed attributes and limitations for entity-based processors. Multiple types can also compose a dependency tree to represent nested types.",
-      "id": "GoogleCloudDocumentaiV1beta3SchemaEntityType",
-      "properties": {
-        "baseType": {
-          "description": "Type of the entity. It must be one of the following: `document` - the entity represents a classification of a logical document. `object` - if the entity has properties it is likely an object (or or a document.) `datetime` - the entity is a date or time value. `money` - the entity represents a money value amount. `number` - the entity is a number - integer or floating point. `string` - the entity is a string value. `boolean` - the entity is a boolean value. `address` - the entity is a location address. `duration` - the entity is a duration.",
-          "type": "string"
-        },
-        "description": {
-          "description": "Description of the entity type.",
-          "type": "string"
-        },
-        "enumValues": {
-          "description": "If specified, lists all the possible values for this entity.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "occurrenceType": {
-          "description": "Occurrence type limits the number of times an entity type appears in the document.",
-          "enum": [
-            "OCCURRENCE_TYPE_UNSPECIFIED",
-            "OPTIONAL_ONCE",
-            "OPTIONAL_MULTIPLE",
-            "REQUIRED_ONCE",
-            "REQUIRED_MULTIPLE"
-          ],
-          "enumDescriptions": [
-            "Unspecified occurrence type.",
-            "The entity type will appear zero times or once.",
-            "The entity type will appear zero or multiple times.",
-            "The entity type will only appear exactly once.",
-            "The entity type will appear once or more times."
-          ],
-          "type": "string"
-        },
-        "properties": {
-          "description": "Describing the nested structure of an entity. An EntityType may consist of several other EntityTypes. For example, in a document there can be an EntityType 'ID', which consists of EntityType 'name' and 'address', with corresponding attributes, such as TEXT for both types and ONCE for occurrence types.",
-          "items": {
-            "$ref": "GoogleCloudDocumentaiV1beta3SchemaEntityType"
-          },
-          "type": "array"
-        },
-        "source": {
-          "description": "Source of this entity type.",
-          "enum": [
-            "SOURCE_UNSPECIFIED",
-            "PREDEFINED",
-            "USER_INPUT"
-          ],
-          "enumDescriptions": [
-            "Unspecified source.",
-            "The entity type is in the predefined schema of a pretrained version of a processor.",
-            "The entity type is added by the users either: - during an uptraining of an existing processor, or - during the process of creating a customized processor."
-          ],
-          "type": "string"
-        },
-        "type": {
-          "description": "Name of the type. It must satisfy the following constraints: 1. Must be unique within the set of same level types (with case-insensitive match). 2. Maximum 50 characters. 3. Must start with a letter. 4. Allowed characters: ASCII letters [a-zA-Z], ASCII digits [0-9], or one of the following punctuation characters: * underscore '_' (recommended) * hyphen '-' (allowed, not recommended) * colon ':' (allowed, not recommended) NOTE: Whitespace characters are not allowed. 5. Cannot end with a punctuation character. 6. Cannot contain the following restricted strings: \"google\", \"DocumentAI\" (case-insensitive match). 7. A slash character '/' is reserved as a separator in flattened representations of nested entity types (e.g., \"line_item/amount\") in which case each part (e.g., \"line_item\", \"amount\") must comply with the rules defined above. We recommend using the snake case (\"snake_case\") in entity type names.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
     "GoogleCloudDocumentaiV1beta3SetDefaultProcessorVersionMetadata": {
       "description": "The long running operation metadata for set default processor version method.",
       "id": "GoogleCloudDocumentaiV1beta3SetDefaultProcessorVersionMetadata",
diff --git a/googleapiclient/discovery_cache/documents/domains.v1.json b/googleapiclient/discovery_cache/documents/domains.v1.json
index b725ae644a9..c1b9ab49e81 100644
--- a/googleapiclient/discovery_cache/documents/domains.v1.json
+++ b/googleapiclient/discovery_cache/documents/domains.v1.json
@@ -334,7 +334,7 @@
                   ]
                 },
                 "delete": {
-                  "description": "Deletes a `Registration` resource. For `Registration` resources using usage billing, this method works if: * `state` is `EXPORTED` with `expire_time` in the past * `state` is `REGISTRATION_FAILED` * `state` is `TRANSFER_FAILED` This method works on any `Registration` resource using subscription billing, provided that the resource was created at least 1 day in the past. When an active domain is successfully deleted, you can continue to use the domain in [Google Domains](https://domains.google/) until it expires. The calling user becomes the domain's sole owner in Google Domains, and permissions for the domain are subsequently managed there. The domain will not renew automatically unless the new owner sets up billing in Google Domains.",
+                  "description": "Deletes a `Registration` resource. This method works on any `Registration` resource using [Subscription or Commitment billing](/domains/pricing#billing-models), provided that the resource was created at least 1 day in the past. For `Registration` resources using [Monthly billing](/domains/pricing#billing-models), this method works if: * `state` is `EXPORTED` with `expire_time` in the past * `state` is `REGISTRATION_FAILED` * `state` is `TRANSFER_FAILED` When an active registration is successfully deleted, you can continue to use the domain in [Google Domains](https://domains.google/) until it expires. The calling user becomes the domain's sole owner in Google Domains, and permissions for the domain are subsequently managed there. The domain does not renew automatically unless the new owner sets up billing in Google Domains.",
                   "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/registrations/{registrationsId}",
                   "httpMethod": "DELETE",
                   "id": "domains.projects.locations.registrations.delete",
@@ -359,7 +359,7 @@
                   ]
                 },
                 "export": {
-                  "description": "Exports a `Registration` resource, such that it is no longer managed by Cloud Domains. When an active domain is successfully exported, you can continue to use the domain in [Google Domains](https://domains.google/) until it expires. The calling user becomes the domain's sole owner in Google Domains, and permissions for the domain are subsequently managed there. The domain will not renew automatically unless the new owner sets up billing in Google Domains.",
+                  "description": "Exports a `Registration` resource, such that it is no longer managed by Cloud Domains. When an active domain is successfully exported, you can continue to use the domain in [Google Domains](https://domains.google/) until it expires. The calling user becomes the domain's sole owner in Google Domains, and permissions for the domain are subsequently managed there. The domain does not renew automatically unless the new owner sets up billing in Google Domains.",
                   "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/registrations/{registrationsId}:export",
                   "httpMethod": "POST",
                   "id": "domains.projects.locations.registrations.export",
@@ -421,7 +421,7 @@
                   ],
                   "parameters": {
                     "options.requestedPolicyVersion": {
-                      "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+                      "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
                       "format": "int32",
                       "location": "query",
                       "type": "integer"
@@ -500,7 +500,7 @@
                       "type": "string"
                     },
                     "updateMask": {
-                      "description": "Required. The field mask describing which fields to update as a comma-separated list. For example, if only the labels are being updated, the `update_mask` would be `\"labels\"`.",
+                      "description": "Required. The field mask describing which fields to update as a comma-separated list. For example, if only the labels are being updated, the `update_mask` is `\"labels\"`.",
                       "format": "google-fieldmask",
                       "location": "query",
                       "type": "string"
@@ -629,7 +629,7 @@
                   ]
                 },
                 "retrieveTransferParameters": {
-                  "description": "Gets parameters needed to transfer a domain name from another registrar to Cloud Domains. For domains managed by Google Domains, transferring to Cloud Domains is not yet supported. Use the returned values to call `TransferDomain`.",
+                  "description": "Gets parameters needed to transfer a domain name from another registrar to Cloud Domains. For domains managed by Google Domains, transferring to Cloud Domains is not supported. Use the returned values to call `TransferDomain`.",
                   "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/registrations:retrieveTransferParameters",
                   "httpMethod": "GET",
                   "id": "domains.projects.locations.registrations.retrieveTransferParameters",
@@ -745,7 +745,7 @@
                   ]
                 },
                 "transfer": {
-                  "description": "Transfers a domain name from another registrar to Cloud Domains. For domains managed by Google Domains, transferring to Cloud Domains is not yet supported. Before calling this method, go to the domain's current registrar to unlock the domain for transfer and retrieve the domain's transfer authorization code. Then call `RetrieveTransferParameters` to confirm that the domain is unlocked and to get values needed to build a call to this method. A successful call creates a `Registration` resource in state `TRANSFER_PENDING`. It can take several days to complete the transfer process. The registrant can often speed up this process by approving the transfer through the current registrar, either by clicking a link in an email from the registrar or by visiting the registrar's website. A few minutes after transfer approval, the resource transitions to state `ACTIVE`, indicating that the transfer was successful. If the transfer is rejected or the request expires without being approved, the resource can end up in state `TRANSFER_FAILED`. If transfer fails, you can safely delete the resource and retry the transfer.",
+                  "description": "Transfers a domain name from another registrar to Cloud Domains. For domains managed by Google Domains, transferring to Cloud Domains is not supported. Before calling this method, go to the domain's current registrar to unlock the domain for transfer and retrieve the domain's transfer authorization code. Then call `RetrieveTransferParameters` to confirm that the domain is unlocked and to get values needed to build a call to this method. A successful call creates a `Registration` resource in state `TRANSFER_PENDING`. It can take several days to complete the transfer process. The registrant can often speed up this process by approving the transfer through the current registrar, either by clicking a link in an email from the registrar or by visiting the registrar's website. A few minutes after transfer approval, the resource transitions to state `ACTIVE`, indicating that the transfer was successful. If the transfer is rejected or the request expires without being approved, the resource can end up in state `TRANSFER_FAILED`. If transfer fails, you can safely delete the resource and retry the transfer.",
                   "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/registrations:transfer",
                   "httpMethod": "POST",
                   "id": "domains.projects.locations.registrations.transfer",
@@ -779,7 +779,7 @@
       }
     }
   },
-  "revision": "20211019",
+  "revision": "20211108",
   "rootUrl": "https://domains.googleapis.com/",
   "schemas": {
     "AuditConfig": {
@@ -887,7 +887,7 @@
           "description": "Fields of the `ContactSettings` to update."
         },
         "updateMask": {
-          "description": "Required. The field mask describing which fields to update as a comma-separated list. For example, if only the registrant contact is being updated, the `update_mask` would be `\"registrant_contact\"`.",
+          "description": "Required. The field mask describing which fields to update as a comma-separated list. For example, if only the registrant contact is being updated, the `update_mask` is `\"registrant_contact\"`.",
           "format": "google-fieldmask",
           "type": "string"
         },
@@ -907,7 +907,7 @@
           "description": "Fields of the `DnsSettings` to update."
         },
         "updateMask": {
-          "description": "Required. The field mask describing which fields to update as a comma-separated list. For example, if only the name servers are being updated for an existing Custom DNS configuration, the `update_mask` would be `\"custom_dns.name_servers\"`. When changing the DNS provider from one type to another, pass the new provider's field name as part of the field mask. For example, when changing from a Google Domains DNS configuration to a Custom DNS configuration, the `update_mask` would be `\"custom_dns\"`. //",
+          "description": "Required. The field mask describing which fields to update as a comma-separated list. For example, if only the name servers are being updated for an existing Custom DNS configuration, the `update_mask` is `\"custom_dns.name_servers\"`. When changing the DNS provider from one type to another, pass the new provider's field name as part of the field mask. For example, when changing from a Google Domains DNS configuration to a Custom DNS configuration, the `update_mask` is `\"custom_dns\"`. //",
           "format": "google-fieldmask",
           "type": "string"
         },
@@ -927,7 +927,7 @@
           "description": "Fields of the `ManagementSettings` to update."
         },
         "updateMask": {
-          "description": "Required. The field mask describing which fields to update as a comma-separated list. For example, if only the transfer lock is being updated, the `update_mask` would be `\"transfer_lock_state\"`.",
+          "description": "Required. The field mask describing which fields to update as a comma-separated list. For example, if only the transfer lock is being updated, the `update_mask` is `\"transfer_lock_state\"`.",
           "format": "google-fieldmask",
           "type": "string"
         }
@@ -983,7 +983,7 @@
         },
         "registrantContact": {
           "$ref": "Contact",
-          "description": "Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant will receive an email confirmation that they must complete within 15 days to avoid domain suspension.*"
+          "description": "Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant receives an email confirmation that they must complete within 15 days to avoid domain suspension.*"
         },
         "technicalContact": {
           "$ref": "Contact",
@@ -1545,7 +1545,7 @@
           "description": "Required. The complete `Registration` resource to be created."
         },
         "validateOnly": {
-          "description": "When true, only validation will be performed, without actually registering the domain. Follows: https://cloud.google.com/apis/design/design_patterns#request_validation",
+          "description": "When true, only validation is performed, without actually registering the domain. Follows: https://cloud.google.com/apis/design/design_patterns#request_validation",
           "type": "boolean"
         },
         "yearlyPrice": {
@@ -1686,7 +1686,7 @@
         },
         "pendingContactSettings": {
           "$ref": "ContactSettings",
-          "description": "Output only. Pending contact settings for the `Registration`. Updates to the `contact_settings` field that change its `registrant_contact` or `privacy` fields require email confirmation by the `registrant_contact` before taking effect. This field is set only if there are pending updates to the `contact_settings` that have not yet been confirmed. To confirm the changes, the `registrant_contact` must follow the instructions in the email they receive.",
+          "description": "Output only. Pending contact settings for the `Registration`. Updates to the `contact_settings` field that change its `registrant_contact` or `privacy` fields require email confirmation by the `registrant_contact` before taking effect. This field is set only if there are pending updates to the `contact_settings` that have not been confirmed. To confirm the changes, the `registrant_contact` must follow the instructions in the email they receive.",
           "readOnly": true
         },
         "state": {
@@ -1705,11 +1705,11 @@
             "The state is undefined.",
             "The domain is being registered.",
             "The domain registration failed. You can delete resources in this state to allow registration to be retried.",
-            "Domain transfer from another registrar to Cloud Domains is in progress. The domain's current registrar may require action to complete the transfer. Check emails from the domain's current registrar to the domain's current registrant for instructions.",
-            "The attempt to transfer the domain from another registrar to Cloud Domains failed. You can delete resources in this state to allow transfer to be retried.",
+            "The domain is being transferred from another registrar to Cloud Domains.",
+            "The attempt to transfer the domain from another registrar to Cloud Domains failed. You can delete resources in this state and retry the transfer.",
             "The domain is registered and operational. The domain renews automatically as long as it remains in this state.",
             "The domain is suspended and inoperative. For more details, see the `issues` field.",
-            "The domain is no longer managed with Cloud Domains. It may have been transferred to another registrar or exported for management in [Google Domains](https://domains.google/). You can no longer update it with this API, and information shown about it may be stale. Domains in this state will not be automatically renewed by Cloud Domains."
+            "The domain is no longer managed with Cloud Domains. It may have been transferred to another registrar or exported for management in [Google Domains](https://domains.google/). You can no longer update it with this API, and information shown about it may be stale. Domains in this state are not automatically renewed by Cloud Domains."
           ],
           "readOnly": true,
           "type": "string"
@@ -1875,7 +1875,7 @@
         },
         "registration": {
           "$ref": "Registration",
-          "description": "Required. The complete `Registration` resource to be created. You can leave `registration.dns_settings` unset to import the domain's current DNS configuration from its current registrar. Use this option only if you are sure that the domain's current DNS service will not cease upon transfer, as is often the case for DNS services provided for free by the registrar."
+          "description": "Required. The complete `Registration` resource to be created. You can leave `registration.dns_settings` unset to import the domain's current DNS configuration from its current registrar. Use this option only if you are sure that the domain's current DNS service does not cease upon transfer, as is often the case for DNS services provided for free by the registrar."
         },
         "validateOnly": {
           "description": "Validate the request without actually transferring the domain.",
diff --git a/googleapiclient/discovery_cache/documents/domains.v1alpha2.json b/googleapiclient/discovery_cache/documents/domains.v1alpha2.json
index 14a4f094a20..7df8393e8f2 100644
--- a/googleapiclient/discovery_cache/documents/domains.v1alpha2.json
+++ b/googleapiclient/discovery_cache/documents/domains.v1alpha2.json
@@ -334,7 +334,7 @@
                   ]
                 },
                 "delete": {
-                  "description": "Deletes a `Registration` resource. For `Registration` resources using usage billing, this method works if: * `state` is `EXPORTED` with `expire_time` in the past * `state` is `REGISTRATION_FAILED` * `state` is `TRANSFER_FAILED` This method works on any `Registration` resource using subscription billing, provided that the resource was created at least 1 day in the past. When an active domain is successfully deleted, you can continue to use the domain in [Google Domains](https://domains.google/) until it expires. The calling user becomes the domain's sole owner in Google Domains, and permissions for the domain are subsequently managed there. The domain will not renew automatically unless the new owner sets up billing in Google Domains.",
+                  "description": "Deletes a `Registration` resource. This method works on any `Registration` resource using [Subscription or Commitment billing](/domains/pricing#billing-models), provided that the resource was created at least 1 day in the past. For `Registration` resources using [Monthly billing](/domains/pricing#billing-models), this method works if: * `state` is `EXPORTED` with `expire_time` in the past * `state` is `REGISTRATION_FAILED` * `state` is `TRANSFER_FAILED` When an active registration is successfully deleted, you can continue to use the domain in [Google Domains](https://domains.google/) until it expires. The calling user becomes the domain's sole owner in Google Domains, and permissions for the domain are subsequently managed there. The domain does not renew automatically unless the new owner sets up billing in Google Domains.",
                   "flatPath": "v1alpha2/projects/{projectsId}/locations/{locationsId}/registrations/{registrationsId}",
                   "httpMethod": "DELETE",
                   "id": "domains.projects.locations.registrations.delete",
@@ -359,7 +359,7 @@
                   ]
                 },
                 "export": {
-                  "description": "Exports a `Registration` resource, such that it is no longer managed by Cloud Domains. When an active domain is successfully exported, you can continue to use the domain in [Google Domains](https://domains.google/) until it expires. The calling user becomes the domain's sole owner in Google Domains, and permissions for the domain are subsequently managed there. The domain will not renew automatically unless the new owner sets up billing in Google Domains.",
+                  "description": "Exports a `Registration` resource, such that it is no longer managed by Cloud Domains. When an active domain is successfully exported, you can continue to use the domain in [Google Domains](https://domains.google/) until it expires. The calling user becomes the domain's sole owner in Google Domains, and permissions for the domain are subsequently managed there. The domain does not renew automatically unless the new owner sets up billing in Google Domains.",
                   "flatPath": "v1alpha2/projects/{projectsId}/locations/{locationsId}/registrations/{registrationsId}:export",
                   "httpMethod": "POST",
                   "id": "domains.projects.locations.registrations.export",
@@ -421,7 +421,7 @@
                   ],
                   "parameters": {
                     "options.requestedPolicyVersion": {
-                      "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+                      "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
                       "format": "int32",
                       "location": "query",
                       "type": "integer"
@@ -500,7 +500,7 @@
                       "type": "string"
                     },
                     "updateMask": {
-                      "description": "Required. The field mask describing which fields to update as a comma-separated list. For example, if only the labels are being updated, the `update_mask` would be `\"labels\"`.",
+                      "description": "Required. The field mask describing which fields to update as a comma-separated list. For example, if only the labels are being updated, the `update_mask` is `\"labels\"`.",
                       "format": "google-fieldmask",
                       "location": "query",
                       "type": "string"
@@ -629,7 +629,7 @@
                   ]
                 },
                 "retrieveTransferParameters": {
-                  "description": "Gets parameters needed to transfer a domain name from another registrar to Cloud Domains. For domains managed by Google Domains, transferring to Cloud Domains is not yet supported. Use the returned values to call `TransferDomain`.",
+                  "description": "Gets parameters needed to transfer a domain name from another registrar to Cloud Domains. For domains managed by Google Domains, transferring to Cloud Domains is not supported. Use the returned values to call `TransferDomain`.",
                   "flatPath": "v1alpha2/projects/{projectsId}/locations/{locationsId}/registrations:retrieveTransferParameters",
                   "httpMethod": "GET",
                   "id": "domains.projects.locations.registrations.retrieveTransferParameters",
@@ -745,7 +745,7 @@
                   ]
                 },
                 "transfer": {
-                  "description": "Transfers a domain name from another registrar to Cloud Domains. For domains managed by Google Domains, transferring to Cloud Domains is not yet supported. Before calling this method, go to the domain's current registrar to unlock the domain for transfer and retrieve the domain's transfer authorization code. Then call `RetrieveTransferParameters` to confirm that the domain is unlocked and to get values needed to build a call to this method. A successful call creates a `Registration` resource in state `TRANSFER_PENDING`. It can take several days to complete the transfer process. The registrant can often speed up this process by approving the transfer through the current registrar, either by clicking a link in an email from the registrar or by visiting the registrar's website. A few minutes after transfer approval, the resource transitions to state `ACTIVE`, indicating that the transfer was successful. If the transfer is rejected or the request expires without being approved, the resource can end up in state `TRANSFER_FAILED`. If transfer fails, you can safely delete the resource and retry the transfer.",
+                  "description": "Transfers a domain name from another registrar to Cloud Domains. For domains managed by Google Domains, transferring to Cloud Domains is not supported. Before calling this method, go to the domain's current registrar to unlock the domain for transfer and retrieve the domain's transfer authorization code. Then call `RetrieveTransferParameters` to confirm that the domain is unlocked and to get values needed to build a call to this method. A successful call creates a `Registration` resource in state `TRANSFER_PENDING`. It can take several days to complete the transfer process. The registrant can often speed up this process by approving the transfer through the current registrar, either by clicking a link in an email from the registrar or by visiting the registrar's website. A few minutes after transfer approval, the resource transitions to state `ACTIVE`, indicating that the transfer was successful. If the transfer is rejected or the request expires without being approved, the resource can end up in state `TRANSFER_FAILED`. If transfer fails, you can safely delete the resource and retry the transfer.",
                   "flatPath": "v1alpha2/projects/{projectsId}/locations/{locationsId}/registrations:transfer",
                   "httpMethod": "POST",
                   "id": "domains.projects.locations.registrations.transfer",
@@ -779,7 +779,7 @@
       }
     }
   },
-  "revision": "20211019",
+  "revision": "20211108",
   "rootUrl": "https://domains.googleapis.com/",
   "schemas": {
     "AuditConfig": {
@@ -887,7 +887,7 @@
           "description": "Fields of the `ContactSettings` to update."
         },
         "updateMask": {
-          "description": "Required. The field mask describing which fields to update as a comma-separated list. For example, if only the registrant contact is being updated, the `update_mask` would be `\"registrant_contact\"`.",
+          "description": "Required. The field mask describing which fields to update as a comma-separated list. For example, if only the registrant contact is being updated, the `update_mask` is `\"registrant_contact\"`.",
           "format": "google-fieldmask",
           "type": "string"
         },
@@ -907,7 +907,7 @@
           "description": "Fields of the `DnsSettings` to update."
         },
         "updateMask": {
-          "description": "Required. The field mask describing which fields to update as a comma-separated list. For example, if only the name servers are being updated for an existing Custom DNS configuration, the `update_mask` would be `\"custom_dns.name_servers\"`. When changing the DNS provider from one type to another, pass the new provider's field name as part of the field mask. For example, when changing from a Google Domains DNS configuration to a Custom DNS configuration, the `update_mask` would be `\"custom_dns\"`. //",
+          "description": "Required. The field mask describing which fields to update as a comma-separated list. For example, if only the name servers are being updated for an existing Custom DNS configuration, the `update_mask` is `\"custom_dns.name_servers\"`. When changing the DNS provider from one type to another, pass the new provider's field name as part of the field mask. For example, when changing from a Google Domains DNS configuration to a Custom DNS configuration, the `update_mask` is `\"custom_dns\"`. //",
           "format": "google-fieldmask",
           "type": "string"
         },
@@ -927,7 +927,7 @@
           "description": "Fields of the `ManagementSettings` to update."
         },
         "updateMask": {
-          "description": "Required. The field mask describing which fields to update as a comma-separated list. For example, if only the transfer lock is being updated, the `update_mask` would be `\"transfer_lock_state\"`.",
+          "description": "Required. The field mask describing which fields to update as a comma-separated list. For example, if only the transfer lock is being updated, the `update_mask` is `\"transfer_lock_state\"`.",
           "format": "google-fieldmask",
           "type": "string"
         }
@@ -983,7 +983,7 @@
         },
         "registrantContact": {
           "$ref": "Contact",
-          "description": "Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant will receive an email confirmation that they must complete within 15 days to avoid domain suspension.*"
+          "description": "Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant receives an email confirmation that they must complete within 15 days to avoid domain suspension.*"
         },
         "technicalContact": {
           "$ref": "Contact",
@@ -1545,7 +1545,7 @@
           "description": "Required. The complete `Registration` resource to be created."
         },
         "validateOnly": {
-          "description": "When true, only validation will be performed, without actually registering the domain. Follows: https://cloud.google.com/apis/design/design_patterns#request_validation",
+          "description": "When true, only validation is performed, without actually registering the domain. Follows: https://cloud.google.com/apis/design/design_patterns#request_validation",
           "type": "boolean"
         },
         "yearlyPrice": {
@@ -1686,7 +1686,7 @@
         },
         "pendingContactSettings": {
           "$ref": "ContactSettings",
-          "description": "Output only. Pending contact settings for the `Registration`. Updates to the `contact_settings` field that change its `registrant_contact` or `privacy` fields require email confirmation by the `registrant_contact` before taking effect. This field is set only if there are pending updates to the `contact_settings` that have not yet been confirmed. To confirm the changes, the `registrant_contact` must follow the instructions in the email they receive.",
+          "description": "Output only. Pending contact settings for the `Registration`. Updates to the `contact_settings` field that change its `registrant_contact` or `privacy` fields require email confirmation by the `registrant_contact` before taking effect. This field is set only if there are pending updates to the `contact_settings` that have not been confirmed. To confirm the changes, the `registrant_contact` must follow the instructions in the email they receive.",
           "readOnly": true
         },
         "state": {
@@ -1705,11 +1705,11 @@
             "The state is undefined.",
             "The domain is being registered.",
             "The domain registration failed. You can delete resources in this state to allow registration to be retried.",
-            "Domain transfer from another registrar to Cloud Domains is in progress. The domain's current registrar may require action to complete the transfer. Check emails from the domain's current registrar to the domain's current registrant for instructions.",
-            "The attempt to transfer the domain from another registrar to Cloud Domains failed. You can delete resources in this state to allow transfer to be retried.",
+            "The domain is being transferred from another registrar to Cloud Domains.",
+            "The attempt to transfer the domain from another registrar to Cloud Domains failed. You can delete resources in this state and retry the transfer.",
             "The domain is registered and operational. The domain renews automatically as long as it remains in this state.",
             "The domain is suspended and inoperative. For more details, see the `issues` field.",
-            "The domain is no longer managed with Cloud Domains. It may have been transferred to another registrar or exported for management in [Google Domains](https://domains.google/). You can no longer update it with this API, and information shown about it may be stale. Domains in this state will not be automatically renewed by Cloud Domains."
+            "The domain is no longer managed with Cloud Domains. It may have been transferred to another registrar or exported for management in [Google Domains](https://domains.google/). You can no longer update it with this API, and information shown about it may be stale. Domains in this state are not automatically renewed by Cloud Domains."
           ],
           "readOnly": true,
           "type": "string"
@@ -1875,7 +1875,7 @@
         },
         "registration": {
           "$ref": "Registration",
-          "description": "Required. The complete `Registration` resource to be created. You can leave `registration.dns_settings` unset to import the domain's current DNS configuration from its current registrar. Use this option only if you are sure that the domain's current DNS service will not cease upon transfer, as is often the case for DNS services provided for free by the registrar."
+          "description": "Required. The complete `Registration` resource to be created. You can leave `registration.dns_settings` unset to import the domain's current DNS configuration from its current registrar. Use this option only if you are sure that the domain's current DNS service does not cease upon transfer, as is often the case for DNS services provided for free by the registrar."
         },
         "validateOnly": {
           "description": "Validate the request without actually transferring the domain.",
diff --git a/googleapiclient/discovery_cache/documents/domains.v1beta1.json b/googleapiclient/discovery_cache/documents/domains.v1beta1.json
index 6a7233ae26f..58bc6e98a82 100644
--- a/googleapiclient/discovery_cache/documents/domains.v1beta1.json
+++ b/googleapiclient/discovery_cache/documents/domains.v1beta1.json
@@ -334,7 +334,7 @@
                   ]
                 },
                 "delete": {
-                  "description": "Deletes a `Registration` resource. For `Registration` resources using usage billing, this method works if: * `state` is `EXPORTED` with `expire_time` in the past * `state` is `REGISTRATION_FAILED` * `state` is `TRANSFER_FAILED` This method works on any `Registration` resource using subscription billing, provided that the resource was created at least 1 day in the past. When an active domain is successfully deleted, you can continue to use the domain in [Google Domains](https://domains.google/) until it expires. The calling user becomes the domain's sole owner in Google Domains, and permissions for the domain are subsequently managed there. The domain will not renew automatically unless the new owner sets up billing in Google Domains.",
+                  "description": "Deletes a `Registration` resource. This method works on any `Registration` resource using [Subscription or Commitment billing](/domains/pricing#billing-models), provided that the resource was created at least 1 day in the past. For `Registration` resources using [Monthly billing](/domains/pricing#billing-models), this method works if: * `state` is `EXPORTED` with `expire_time` in the past * `state` is `REGISTRATION_FAILED` * `state` is `TRANSFER_FAILED` When an active registration is successfully deleted, you can continue to use the domain in [Google Domains](https://domains.google/) until it expires. The calling user becomes the domain's sole owner in Google Domains, and permissions for the domain are subsequently managed there. The domain does not renew automatically unless the new owner sets up billing in Google Domains.",
                   "flatPath": "v1beta1/projects/{projectsId}/locations/{locationsId}/registrations/{registrationsId}",
                   "httpMethod": "DELETE",
                   "id": "domains.projects.locations.registrations.delete",
@@ -359,7 +359,7 @@
                   ]
                 },
                 "export": {
-                  "description": "Exports a `Registration` resource, such that it is no longer managed by Cloud Domains. When an active domain is successfully exported, you can continue to use the domain in [Google Domains](https://domains.google/) until it expires. The calling user becomes the domain's sole owner in Google Domains, and permissions for the domain are subsequently managed there. The domain will not renew automatically unless the new owner sets up billing in Google Domains.",
+                  "description": "Exports a `Registration` resource, such that it is no longer managed by Cloud Domains. When an active domain is successfully exported, you can continue to use the domain in [Google Domains](https://domains.google/) until it expires. The calling user becomes the domain's sole owner in Google Domains, and permissions for the domain are subsequently managed there. The domain does not renew automatically unless the new owner sets up billing in Google Domains.",
                   "flatPath": "v1beta1/projects/{projectsId}/locations/{locationsId}/registrations/{registrationsId}:export",
                   "httpMethod": "POST",
                   "id": "domains.projects.locations.registrations.export",
@@ -421,7 +421,7 @@
                   ],
                   "parameters": {
                     "options.requestedPolicyVersion": {
-                      "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+                      "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
                       "format": "int32",
                       "location": "query",
                       "type": "integer"
@@ -500,7 +500,7 @@
                       "type": "string"
                     },
                     "updateMask": {
-                      "description": "Required. The field mask describing which fields to update as a comma-separated list. For example, if only the labels are being updated, the `update_mask` would be `\"labels\"`.",
+                      "description": "Required. The field mask describing which fields to update as a comma-separated list. For example, if only the labels are being updated, the `update_mask` is `\"labels\"`.",
                       "format": "google-fieldmask",
                       "location": "query",
                       "type": "string"
@@ -629,7 +629,7 @@
                   ]
                 },
                 "retrieveTransferParameters": {
-                  "description": "Gets parameters needed to transfer a domain name from another registrar to Cloud Domains. For domains managed by Google Domains, transferring to Cloud Domains is not yet supported. Use the returned values to call `TransferDomain`.",
+                  "description": "Gets parameters needed to transfer a domain name from another registrar to Cloud Domains. For domains managed by Google Domains, transferring to Cloud Domains is not supported. Use the returned values to call `TransferDomain`.",
                   "flatPath": "v1beta1/projects/{projectsId}/locations/{locationsId}/registrations:retrieveTransferParameters",
                   "httpMethod": "GET",
                   "id": "domains.projects.locations.registrations.retrieveTransferParameters",
@@ -745,7 +745,7 @@
                   ]
                 },
                 "transfer": {
-                  "description": "Transfers a domain name from another registrar to Cloud Domains. For domains managed by Google Domains, transferring to Cloud Domains is not yet supported. Before calling this method, go to the domain's current registrar to unlock the domain for transfer and retrieve the domain's transfer authorization code. Then call `RetrieveTransferParameters` to confirm that the domain is unlocked and to get values needed to build a call to this method. A successful call creates a `Registration` resource in state `TRANSFER_PENDING`. It can take several days to complete the transfer process. The registrant can often speed up this process by approving the transfer through the current registrar, either by clicking a link in an email from the registrar or by visiting the registrar's website. A few minutes after transfer approval, the resource transitions to state `ACTIVE`, indicating that the transfer was successful. If the transfer is rejected or the request expires without being approved, the resource can end up in state `TRANSFER_FAILED`. If transfer fails, you can safely delete the resource and retry the transfer.",
+                  "description": "Transfers a domain name from another registrar to Cloud Domains. For domains managed by Google Domains, transferring to Cloud Domains is not supported. Before calling this method, go to the domain's current registrar to unlock the domain for transfer and retrieve the domain's transfer authorization code. Then call `RetrieveTransferParameters` to confirm that the domain is unlocked and to get values needed to build a call to this method. A successful call creates a `Registration` resource in state `TRANSFER_PENDING`. It can take several days to complete the transfer process. The registrant can often speed up this process by approving the transfer through the current registrar, either by clicking a link in an email from the registrar or by visiting the registrar's website. A few minutes after transfer approval, the resource transitions to state `ACTIVE`, indicating that the transfer was successful. If the transfer is rejected or the request expires without being approved, the resource can end up in state `TRANSFER_FAILED`. If transfer fails, you can safely delete the resource and retry the transfer.",
                   "flatPath": "v1beta1/projects/{projectsId}/locations/{locationsId}/registrations:transfer",
                   "httpMethod": "POST",
                   "id": "domains.projects.locations.registrations.transfer",
@@ -779,7 +779,7 @@
       }
     }
   },
-  "revision": "20211019",
+  "revision": "20211108",
   "rootUrl": "https://domains.googleapis.com/",
   "schemas": {
     "AuditConfig": {
@@ -887,7 +887,7 @@
           "description": "Fields of the `ContactSettings` to update."
         },
         "updateMask": {
-          "description": "Required. The field mask describing which fields to update as a comma-separated list. For example, if only the registrant contact is being updated, the `update_mask` would be `\"registrant_contact\"`.",
+          "description": "Required. The field mask describing which fields to update as a comma-separated list. For example, if only the registrant contact is being updated, the `update_mask` is `\"registrant_contact\"`.",
           "format": "google-fieldmask",
           "type": "string"
         },
@@ -907,7 +907,7 @@
           "description": "Fields of the `DnsSettings` to update."
         },
         "updateMask": {
-          "description": "Required. The field mask describing which fields to update as a comma-separated list. For example, if only the name servers are being updated for an existing Custom DNS configuration, the `update_mask` would be `\"custom_dns.name_servers\"`. When changing the DNS provider from one type to another, pass the new provider's field name as part of the field mask. For example, when changing from a Google Domains DNS configuration to a Custom DNS configuration, the `update_mask` would be `\"custom_dns\"`. //",
+          "description": "Required. The field mask describing which fields to update as a comma-separated list. For example, if only the name servers are being updated for an existing Custom DNS configuration, the `update_mask` is `\"custom_dns.name_servers\"`. When changing the DNS provider from one type to another, pass the new provider's field name as part of the field mask. For example, when changing from a Google Domains DNS configuration to a Custom DNS configuration, the `update_mask` is `\"custom_dns\"`. //",
           "format": "google-fieldmask",
           "type": "string"
         },
@@ -927,7 +927,7 @@
           "description": "Fields of the `ManagementSettings` to update."
         },
         "updateMask": {
-          "description": "Required. The field mask describing which fields to update as a comma-separated list. For example, if only the transfer lock is being updated, the `update_mask` would be `\"transfer_lock_state\"`.",
+          "description": "Required. The field mask describing which fields to update as a comma-separated list. For example, if only the transfer lock is being updated, the `update_mask` is `\"transfer_lock_state\"`.",
           "format": "google-fieldmask",
           "type": "string"
         }
@@ -983,7 +983,7 @@
         },
         "registrantContact": {
           "$ref": "Contact",
-          "description": "Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant will receive an email confirmation that they must complete within 15 days to avoid domain suspension.*"
+          "description": "Required. The registrant contact for the `Registration`. *Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.* *Warning: For new `Registration`s, the registrant receives an email confirmation that they must complete within 15 days to avoid domain suspension.*"
         },
         "technicalContact": {
           "$ref": "Contact",
@@ -1545,7 +1545,7 @@
           "description": "Required. The complete `Registration` resource to be created."
         },
         "validateOnly": {
-          "description": "When true, only validation will be performed, without actually registering the domain. Follows: https://cloud.google.com/apis/design/design_patterns#request_validation",
+          "description": "When true, only validation is performed, without actually registering the domain. Follows: https://cloud.google.com/apis/design/design_patterns#request_validation",
           "type": "boolean"
         },
         "yearlyPrice": {
@@ -1686,7 +1686,7 @@
         },
         "pendingContactSettings": {
           "$ref": "ContactSettings",
-          "description": "Output only. Pending contact settings for the `Registration`. Updates to the `contact_settings` field that change its `registrant_contact` or `privacy` fields require email confirmation by the `registrant_contact` before taking effect. This field is set only if there are pending updates to the `contact_settings` that have not yet been confirmed. To confirm the changes, the `registrant_contact` must follow the instructions in the email they receive.",
+          "description": "Output only. Pending contact settings for the `Registration`. Updates to the `contact_settings` field that change its `registrant_contact` or `privacy` fields require email confirmation by the `registrant_contact` before taking effect. This field is set only if there are pending updates to the `contact_settings` that have not been confirmed. To confirm the changes, the `registrant_contact` must follow the instructions in the email they receive.",
           "readOnly": true
         },
         "state": {
@@ -1705,11 +1705,11 @@
             "The state is undefined.",
             "The domain is being registered.",
             "The domain registration failed. You can delete resources in this state to allow registration to be retried.",
-            "Domain transfer from another registrar to Cloud Domains is in progress. The domain's current registrar may require action to complete the transfer. Check emails from the domain's current registrar to the domain's current registrant for instructions.",
-            "The attempt to transfer the domain from another registrar to Cloud Domains failed. You can delete resources in this state to allow transfer to be retried.",
+            "The domain is being transferred from another registrar to Cloud Domains.",
+            "The attempt to transfer the domain from another registrar to Cloud Domains failed. You can delete resources in this state and retry the transfer.",
             "The domain is registered and operational. The domain renews automatically as long as it remains in this state.",
             "The domain is suspended and inoperative. For more details, see the `issues` field.",
-            "The domain is no longer managed with Cloud Domains. It may have been transferred to another registrar or exported for management in [Google Domains](https://domains.google/). You can no longer update it with this API, and information shown about it may be stale. Domains in this state will not be automatically renewed by Cloud Domains."
+            "The domain is no longer managed with Cloud Domains. It may have been transferred to another registrar or exported for management in [Google Domains](https://domains.google/). You can no longer update it with this API, and information shown about it may be stale. Domains in this state are not automatically renewed by Cloud Domains."
           ],
           "readOnly": true,
           "type": "string"
@@ -1875,7 +1875,7 @@
         },
         "registration": {
           "$ref": "Registration",
-          "description": "Required. The complete `Registration` resource to be created. You can leave `registration.dns_settings` unset to import the domain's current DNS configuration from its current registrar. Use this option only if you are sure that the domain's current DNS service will not cease upon transfer, as is often the case for DNS services provided for free by the registrar."
+          "description": "Required. The complete `Registration` resource to be created. You can leave `registration.dns_settings` unset to import the domain's current DNS configuration from its current registrar. Use this option only if you are sure that the domain's current DNS service does not cease upon transfer, as is often the case for DNS services provided for free by the registrar."
         },
         "validateOnly": {
           "description": "Validate the request without actually transferring the domain.",
diff --git a/googleapiclient/discovery_cache/documents/domainsrdap.v1.json b/googleapiclient/discovery_cache/documents/domainsrdap.v1.json
index af3372afa88..9bb621cc4a9 100644
--- a/googleapiclient/discovery_cache/documents/domainsrdap.v1.json
+++ b/googleapiclient/discovery_cache/documents/domainsrdap.v1.json
@@ -289,7 +289,7 @@
       }
     }
   },
-  "revision": "20211105",
+  "revision": "20211115",
   "rootUrl": "https://domainsrdap.googleapis.com/",
   "schemas": {
     "HttpBody": {
diff --git a/googleapiclient/discovery_cache/documents/doubleclickbidmanager.v1.1.json b/googleapiclient/discovery_cache/documents/doubleclickbidmanager.v1.1.json
index 1a686340126..eb66d873f8e 100644
--- a/googleapiclient/discovery_cache/documents/doubleclickbidmanager.v1.1.json
+++ b/googleapiclient/discovery_cache/documents/doubleclickbidmanager.v1.1.json
@@ -280,7 +280,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211109",
   "rootUrl": "https://doubleclickbidmanager.googleapis.com/",
   "schemas": {
     "ChannelGrouping": {
@@ -627,7 +627,8 @@
             "FILTER_VERIFICATION_VIDEO_RESIZED",
             "FILTER_VERIFICATION_AUDIBILITY_START",
             "FILTER_VERIFICATION_AUDIBILITY_COMPLETE",
-            "FILTER_MEDIA_TYPE"
+            "FILTER_MEDIA_TYPE",
+            "FILTER_AUDIO_FEED_TYPE_NAME"
           ],
           "enumDescriptions": [
             "",
@@ -920,6 +921,7 @@
             "",
             "",
             "",
+            "",
             ""
           ],
           "type": "string"
@@ -1295,7 +1297,8 @@
               "FILTER_VERIFICATION_VIDEO_RESIZED",
               "FILTER_VERIFICATION_AUDIBILITY_START",
               "FILTER_VERIFICATION_AUDIBILITY_COMPLETE",
-              "FILTER_MEDIA_TYPE"
+              "FILTER_MEDIA_TYPE",
+              "FILTER_AUDIO_FEED_TYPE_NAME"
             ],
             "enumDescriptions": [
               "",
@@ -1588,6 +1591,7 @@
               "",
               "",
               "",
+              "",
               ""
             ],
             "type": "string"
@@ -2973,7 +2977,8 @@
             "FILTER_VERIFICATION_VIDEO_RESIZED",
             "FILTER_VERIFICATION_AUDIBILITY_START",
             "FILTER_VERIFICATION_AUDIBILITY_COMPLETE",
-            "FILTER_MEDIA_TYPE"
+            "FILTER_MEDIA_TYPE",
+            "FILTER_AUDIO_FEED_TYPE_NAME"
           ],
           "enumDescriptions": [
             "",
@@ -3266,6 +3271,7 @@
             "",
             "",
             "",
+            "",
             ""
           ],
           "type": "string"
diff --git a/googleapiclient/discovery_cache/documents/drive.v2.json b/googleapiclient/discovery_cache/documents/drive.v2.json
index 7a8cc147ce1..70e3448b8a0 100644
--- a/googleapiclient/discovery_cache/documents/drive.v2.json
+++ b/googleapiclient/discovery_cache/documents/drive.v2.json
@@ -38,7 +38,7 @@
   "description": "Manages files in Drive including uploading, downloading, searching, detecting changes, and updating sharing permissions.",
   "discoveryVersion": "v1",
   "documentationLink": "https://developers.google.com/drive/",
-  "etag": "\"uWj2hSb4GVjzdDlAnRd2gbM1ZQ8/xSrM5OnwKKjkk4b5S8HK9PftKeE\"",
+  "etag": "\"uWj2hSb4GVjzdDlAnRd2gbM1ZQ8/pn3tMSB3LS6NRa0yw4Nrtvl7Ntw\"",
   "icons": {
     "x16": "https://ssl.gstatic.com/docs/doclist/images/drive_icon_16.png",
     "x32": "https://ssl.gstatic.com/docs/doclist/images/drive_icon_32.png"
@@ -3527,7 +3527,7 @@
       }
     }
   },
-  "revision": "20211031",
+  "revision": "20211107",
   "rootUrl": "https://www.googleapis.com/",
   "schemas": {
     "About": {
@@ -4636,6 +4636,10 @@
         "capabilities": {
           "description": "Capabilities the current user has on this file. Each capability corresponds to a fine-grained action that a user may take.",
           "properties": {
+            "canAcceptOwnership": {
+              "description": "Whether the current user is the pending owner of the file. Not populated for shared drive files.",
+              "type": "boolean"
+            },
             "canAddChildren": {
               "description": "Whether the current user can add children to this folder. This is always false when the item is not a folder.",
               "type": "boolean"
@@ -5462,6 +5466,10 @@
           "description": "The name for this permission.",
           "type": "string"
         },
+        "pendingOwner": {
+          "description": "Whether the account associated with this permission is a pending owner. Only populated for user type permissions for files that are not in a shared drive.",
+          "type": "boolean"
+        },
         "permissionDetails": {
           "description": "Details of whether the permissions on this shared drive item are inherited or directly on this item. This is an output-only field which is present only for shared drive items.",
           "items": {
diff --git a/googleapiclient/discovery_cache/documents/drive.v3.json b/googleapiclient/discovery_cache/documents/drive.v3.json
index c3f4ce7c8dc..9ff9970e438 100644
--- a/googleapiclient/discovery_cache/documents/drive.v3.json
+++ b/googleapiclient/discovery_cache/documents/drive.v3.json
@@ -35,7 +35,7 @@
   "description": "Manages files in Drive including uploading, downloading, searching, detecting changes, and updating sharing permissions.",
   "discoveryVersion": "v1",
   "documentationLink": "https://developers.google.com/drive/",
-  "etag": "\"uWj2hSb4GVjzdDlAnRd2gbM1ZQ8/TU31L27HR38iA79HobOlG0UENLk\"",
+  "etag": "\"uWj2hSb4GVjzdDlAnRd2gbM1ZQ8/3L2-ftVV1NI_CCCp6E1Po43Fp3U\"",
   "icons": {
     "x16": "https://ssl.gstatic.com/docs/doclist/images/drive_icon_16.png",
     "x32": "https://ssl.gstatic.com/docs/doclist/images/drive_icon_32.png"
@@ -2191,7 +2191,7 @@
       }
     }
   },
-  "revision": "20211031",
+  "revision": "20211107",
   "rootUrl": "https://www.googleapis.com/",
   "schemas": {
     "About": {
@@ -2794,6 +2794,10 @@
         "capabilities": {
           "description": "Capabilities the current user has on this file. Each capability corresponds to a fine-grained action that a user may take.",
           "properties": {
+            "canAcceptOwnership": {
+              "description": "Whether the current user is the pending owner of the file. Not populated for shared drive files.",
+              "type": "boolean"
+            },
             "canAddChildren": {
               "description": "Whether the current user can add children to this folder. This is always false when the item is not a folder.",
               "type": "boolean"
@@ -3468,6 +3472,10 @@
           "description": "Identifies what kind of resource this is. Value: the fixed string \"drive#permission\".",
           "type": "string"
         },
+        "pendingOwner": {
+          "description": "Whether the account associated with this permission is a pending owner. Only populated for user type permissions for files that are not in a shared drive.",
+          "type": "boolean"
+        },
         "permissionDetails": {
           "description": "Details of whether the permissions on this shared drive item are inherited or directly on this item. This is an output-only field which is present only for shared drive items.",
           "items": {
diff --git a/googleapiclient/discovery_cache/documents/driveactivity.v2.json b/googleapiclient/discovery_cache/documents/driveactivity.v2.json
index 6c2438203d1..a4be566cbe2 100644
--- a/googleapiclient/discovery_cache/documents/driveactivity.v2.json
+++ b/googleapiclient/discovery_cache/documents/driveactivity.v2.json
@@ -132,7 +132,7 @@
       }
     }
   },
-  "revision": "20211102",
+  "revision": "20211110",
   "rootUrl": "https://driveactivity.googleapis.com/",
   "schemas": {
     "Action": {
diff --git a/googleapiclient/discovery_cache/documents/essentialcontacts.v1.json b/googleapiclient/discovery_cache/documents/essentialcontacts.v1.json
index 3b38070dcba..7ca1ce5ed45 100644
--- a/googleapiclient/discovery_cache/documents/essentialcontacts.v1.json
+++ b/googleapiclient/discovery_cache/documents/essentialcontacts.v1.json
@@ -850,7 +850,7 @@
       }
     }
   },
-  "revision": "20211105",
+  "revision": "20211112",
   "rootUrl": "https://essentialcontacts.googleapis.com/",
   "schemas": {
     "GoogleCloudEssentialcontactsV1ComputeContactsResponse": {
diff --git a/googleapiclient/discovery_cache/documents/eventarc.v1.json b/googleapiclient/discovery_cache/documents/eventarc.v1.json
index 1110cbed674..8fcd80d3322 100644
--- a/googleapiclient/discovery_cache/documents/eventarc.v1.json
+++ b/googleapiclient/discovery_cache/documents/eventarc.v1.json
@@ -189,7 +189,7 @@
                   ],
                   "parameters": {
                     "options.requestedPolicyVersion": {
-                      "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+                      "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
                       "format": "int32",
                       "location": "query",
                       "type": "integer"
@@ -506,7 +506,7 @@
                   ],
                   "parameters": {
                     "options.requestedPolicyVersion": {
-                      "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+                      "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
                       "format": "int32",
                       "location": "query",
                       "type": "integer"
@@ -675,7 +675,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211105",
   "rootUrl": "https://eventarc.googleapis.com/",
   "schemas": {
     "AuditConfig": {
diff --git a/googleapiclient/discovery_cache/documents/eventarc.v1beta1.json b/googleapiclient/discovery_cache/documents/eventarc.v1beta1.json
index 334a70b8cab..c72adcd4c17 100644
--- a/googleapiclient/discovery_cache/documents/eventarc.v1beta1.json
+++ b/googleapiclient/discovery_cache/documents/eventarc.v1beta1.json
@@ -415,7 +415,7 @@
                   ],
                   "parameters": {
                     "options.requestedPolicyVersion": {
-                      "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+                      "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
                       "format": "int32",
                       "location": "query",
                       "type": "integer"
@@ -584,7 +584,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211105",
   "rootUrl": "https://eventarc.googleapis.com/",
   "schemas": {
     "AuditConfig": {
diff --git a/googleapiclient/discovery_cache/documents/factchecktools.v1alpha1.json b/googleapiclient/discovery_cache/documents/factchecktools.v1alpha1.json
index 237a62200dc..b0faca1d953 100644
--- a/googleapiclient/discovery_cache/documents/factchecktools.v1alpha1.json
+++ b/googleapiclient/discovery_cache/documents/factchecktools.v1alpha1.json
@@ -304,7 +304,7 @@
       }
     }
   },
-  "revision": "20211105",
+  "revision": "20211112",
   "rootUrl": "https://factchecktools.googleapis.com/",
   "schemas": {
     "GoogleFactcheckingFactchecktoolsV1alpha1Claim": {
diff --git a/googleapiclient/discovery_cache/documents/fcmdata.v1beta1.json b/googleapiclient/discovery_cache/documents/fcmdata.v1beta1.json
index c5147a6ec5c..3ea783a21a4 100644
--- a/googleapiclient/discovery_cache/documents/fcmdata.v1beta1.json
+++ b/googleapiclient/discovery_cache/documents/fcmdata.v1beta1.json
@@ -154,7 +154,7 @@
       }
     }
   },
-  "revision": "20211105",
+  "revision": "20211112",
   "rootUrl": "https://fcmdata.googleapis.com/",
   "schemas": {
     "GoogleFirebaseFcmDataV1beta1AndroidDeliveryData": {
diff --git a/googleapiclient/discovery_cache/documents/file.v1.json b/googleapiclient/discovery_cache/documents/file.v1.json
index 6d2c5801d41..2814d6844ff 100644
--- a/googleapiclient/discovery_cache/documents/file.v1.json
+++ b/googleapiclient/discovery_cache/documents/file.v1.json
@@ -393,6 +393,11 @@
                     "name"
                   ],
                   "parameters": {
+                    "force": {
+                      "description": "If set to true, all snapshots of the instance will also be deleted. (Otherwise, the request will only work if the instance has no snapshots.)",
+                      "location": "query",
+                      "type": "boolean"
+                    },
                     "name": {
                       "description": "Required. The instance resource name, in the format `projects/{project_id}/locations/{location}/instances/{instance_id}`",
                       "location": "path",
@@ -542,6 +547,175 @@
                     "https://www.googleapis.com/auth/cloud-platform"
                   ]
                 }
+              },
+              "resources": {
+                "snapshots": {
+                  "methods": {
+                    "create": {
+                      "description": "Creates a snapshot.",
+                      "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/instances/{instancesId}/snapshots",
+                      "httpMethod": "POST",
+                      "id": "file.projects.locations.instances.snapshots.create",
+                      "parameterOrder": [
+                        "parent"
+                      ],
+                      "parameters": {
+                        "parent": {
+                          "description": "Required. The Filestore Instance to create the snapshots of, in the format `projects/{project_id}/locations/{location}/instances/{instance_id}`",
+                          "location": "path",
+                          "pattern": "^projects/[^/]+/locations/[^/]+/instances/[^/]+$",
+                          "required": true,
+                          "type": "string"
+                        },
+                        "snapshotId": {
+                          "description": "Required. The ID to use for the snapshot. The ID must be unique within the specified instance. This value must start with a lowercase letter followed by up to 62 lowercase letters, numbers, or hyphens, and cannot end with a hyphen.",
+                          "location": "query",
+                          "type": "string"
+                        }
+                      },
+                      "path": "v1/{+parent}/snapshots",
+                      "request": {
+                        "$ref": "Snapshot"
+                      },
+                      "response": {
+                        "$ref": "Operation"
+                      },
+                      "scopes": [
+                        "https://www.googleapis.com/auth/cloud-platform"
+                      ]
+                    },
+                    "delete": {
+                      "description": "Deletes a snapshot.",
+                      "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/instances/{instancesId}/snapshots/{snapshotsId}",
+                      "httpMethod": "DELETE",
+                      "id": "file.projects.locations.instances.snapshots.delete",
+                      "parameterOrder": [
+                        "name"
+                      ],
+                      "parameters": {
+                        "name": {
+                          "description": "Required. The snapshot resource name, in the format `projects/{project_id}/locations/{location}/instances/{instance_id}/snapshots/{snapshot_id}`",
+                          "location": "path",
+                          "pattern": "^projects/[^/]+/locations/[^/]+/instances/[^/]+/snapshots/[^/]+$",
+                          "required": true,
+                          "type": "string"
+                        }
+                      },
+                      "path": "v1/{+name}",
+                      "response": {
+                        "$ref": "Operation"
+                      },
+                      "scopes": [
+                        "https://www.googleapis.com/auth/cloud-platform"
+                      ]
+                    },
+                    "get": {
+                      "description": "Gets the details of a specific snapshot.",
+                      "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/instances/{instancesId}/snapshots/{snapshotsId}",
+                      "httpMethod": "GET",
+                      "id": "file.projects.locations.instances.snapshots.get",
+                      "parameterOrder": [
+                        "name"
+                      ],
+                      "parameters": {
+                        "name": {
+                          "description": "Required. The snapshot resource name, in the format `projects/{project_id}/locations/{location}/instances/{instance_id}/snapshots/{snapshot_id}`",
+                          "location": "path",
+                          "pattern": "^projects/[^/]+/locations/[^/]+/instances/[^/]+/snapshots/[^/]+$",
+                          "required": true,
+                          "type": "string"
+                        }
+                      },
+                      "path": "v1/{+name}",
+                      "response": {
+                        "$ref": "Snapshot"
+                      },
+                      "scopes": [
+                        "https://www.googleapis.com/auth/cloud-platform"
+                      ]
+                    },
+                    "list": {
+                      "description": "Lists all snapshots in a project for either a specified location or for all locations.",
+                      "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/instances/{instancesId}/snapshots",
+                      "httpMethod": "GET",
+                      "id": "file.projects.locations.instances.snapshots.list",
+                      "parameterOrder": [
+                        "parent"
+                      ],
+                      "parameters": {
+                        "filter": {
+                          "description": "List filter.",
+                          "location": "query",
+                          "type": "string"
+                        },
+                        "orderBy": {
+                          "description": "Sort results. Supported values are \"name\", \"name desc\" or \"\" (unsorted).",
+                          "location": "query",
+                          "type": "string"
+                        },
+                        "pageSize": {
+                          "description": "The maximum number of items to return.",
+                          "format": "int32",
+                          "location": "query",
+                          "type": "integer"
+                        },
+                        "pageToken": {
+                          "description": "The next_page_token value to use if there are additional results to retrieve for this list request.",
+                          "location": "query",
+                          "type": "string"
+                        },
+                        "parent": {
+                          "description": "Required. The instance for which to retrieve snapshot information, in the format `projects/{project_id}/locations/{location}/instances/{instance_id}`.",
+                          "location": "path",
+                          "pattern": "^projects/[^/]+/locations/[^/]+/instances/[^/]+$",
+                          "required": true,
+                          "type": "string"
+                        }
+                      },
+                      "path": "v1/{+parent}/snapshots",
+                      "response": {
+                        "$ref": "ListSnapshotsResponse"
+                      },
+                      "scopes": [
+                        "https://www.googleapis.com/auth/cloud-platform"
+                      ]
+                    },
+                    "patch": {
+                      "description": "Updates the settings of a specific snapshot.",
+                      "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/instances/{instancesId}/snapshots/{snapshotsId}",
+                      "httpMethod": "PATCH",
+                      "id": "file.projects.locations.instances.snapshots.patch",
+                      "parameterOrder": [
+                        "name"
+                      ],
+                      "parameters": {
+                        "name": {
+                          "description": "Output only. The resource name of the snapshot, in the format `projects/{project_id}/locations/{location_id}/instances/{instance_id}/snapshots/{snapshot_id}`.",
+                          "location": "path",
+                          "pattern": "^projects/[^/]+/locations/[^/]+/instances/[^/]+/snapshots/[^/]+$",
+                          "required": true,
+                          "type": "string"
+                        },
+                        "updateMask": {
+                          "description": "Required. Mask of fields to update. At least one path must be supplied in this field.",
+                          "format": "google-fieldmask",
+                          "location": "query",
+                          "type": "string"
+                        }
+                      },
+                      "path": "v1/{+name}",
+                      "request": {
+                        "$ref": "Snapshot"
+                      },
+                      "response": {
+                        "$ref": "Operation"
+                      },
+                      "scopes": [
+                        "https://www.googleapis.com/auth/cloud-platform"
+                      ]
+                    }
+                  }
+                }
               }
             },
             "operations": {
@@ -672,7 +846,7 @@
       }
     }
   },
-  "revision": "20211025",
+  "revision": "20211105",
   "rootUrl": "https://file.googleapis.com/",
   "schemas": {
     "Backup": {
@@ -734,7 +908,8 @@
             "PREMIUM",
             "BASIC_HDD",
             "BASIC_SSD",
-            "HIGH_SCALE_SSD"
+            "HIGH_SCALE_SSD",
+            "ENTERPRISE"
           ],
           "enumDescriptions": [
             "Not set.",
@@ -742,7 +917,8 @@
             "PREMIUM tier.",
             "BASIC instances offer a maximum capacity of 63.9 TB. BASIC_HDD is an alias for STANDARD Tier, offering economical performance backed by HDD.",
             "BASIC instances offer a maximum capacity of 63.9 TB. BASIC_SSD is an alias for PREMIUM Tier, and offers improved performance backed by SSD.",
-            "HIGH_SCALE instances offer expanded capacity and performance scaling capabilities."
+            "HIGH_SCALE instances offer expanded capacity and performance scaling capabilities.",
+            "ENTERPRISE instances offer the features and availability needed for mission-critical workloads."
           ],
           "readOnly": true,
           "type": "string"
@@ -1144,6 +1320,10 @@
           },
           "type": "array"
         },
+        "kmsKeyName": {
+          "description": "KMS key name used for data encryption.",
+          "type": "string"
+        },
         "labels": {
           "additionalProperties": {
             "type": "string"
@@ -1177,7 +1357,8 @@
             "REPAIRING",
             "DELETING",
             "ERROR",
-            "RESTORING"
+            "RESTORING",
+            "SUSPENDED"
           ],
           "enumDescriptions": [
             "State not set.",
@@ -1186,7 +1367,8 @@
             "Work is being done on the instance. You can get further details from the `statusMessage` field of the `Instance` resource.",
             "The instance is shutting down.",
             "The instance is experiencing an issue and might be unusable. You can get further details from the `statusMessage` field of the `Instance` resource.",
-            "The instance is restoring a backup to an existing file share and may be unusable during this time."
+            "The instance is restoring a backup to an existing file share and may be unusable during this time.",
+            "The instance is suspended. You can get further details from the `suspension_reasons` field of the `Instance` resource."
           ],
           "readOnly": true,
           "type": "string"
@@ -1196,6 +1378,22 @@
           "readOnly": true,
           "type": "string"
         },
+        "suspensionReasons": {
+          "description": "Output only. field indicates all the reasons the instance is in \"SUSPENDED\" state.",
+          "items": {
+            "enum": [
+              "SUSPENSION_REASON_UNSPECIFIED",
+              "KMS_KEY_ISSUE"
+            ],
+            "enumDescriptions": [
+              "Not set.",
+              "The KMS key used by the instance is either revoked or denied access to."
+            ],
+            "type": "string"
+          },
+          "readOnly": true,
+          "type": "array"
+        },
         "tier": {
           "description": "The service tier of the instance.",
           "enum": [
@@ -1204,7 +1402,8 @@
             "PREMIUM",
             "BASIC_HDD",
             "BASIC_SSD",
-            "HIGH_SCALE_SSD"
+            "HIGH_SCALE_SSD",
+            "ENTERPRISE"
           ],
           "enumDescriptions": [
             "Not set.",
@@ -1212,7 +1411,8 @@
             "PREMIUM tier.",
             "BASIC instances offer a maximum capacity of 63.9 TB. BASIC_HDD is an alias for STANDARD Tier, offering economical performance backed by HDD.",
             "BASIC instances offer a maximum capacity of 63.9 TB. BASIC_SSD is an alias for PREMIUM Tier, and offers improved performance backed by SSD.",
-            "HIGH_SCALE instances offer expanded capacity and performance scaling capabilities."
+            "HIGH_SCALE instances offer expanded capacity and performance scaling capabilities.",
+            "ENTERPRISE instances offer the features and availability needed for mission-critical workloads."
           ],
           "type": "string"
         }
@@ -1305,6 +1505,24 @@
       },
       "type": "object"
     },
+    "ListSnapshotsResponse": {
+      "description": "ListSnapshotsResponse is the result of ListSnapshotsRequest.",
+      "id": "ListSnapshotsResponse",
+      "properties": {
+        "nextPageToken": {
+          "description": "The token you can use to retrieve the next page of results. Not returned if there are no more results in the list.",
+          "type": "string"
+        },
+        "snapshots": {
+          "description": "A list of snapshots in the project for the specified instance.",
+          "items": {
+            "$ref": "Snapshot"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
     "Location": {
       "description": "A resource that represents Google Cloud Platform location.",
       "id": "Location",
@@ -1408,6 +1626,20 @@
       "description": "Network configuration for the instance.",
       "id": "NetworkConfig",
       "properties": {
+        "connectMode": {
+          "description": "The network connect mode of the Filestore instance. If not provided, the connect mode defaults to DIRECT_PEERING.",
+          "enum": [
+            "CONNECT_MODE_UNSPECIFIED",
+            "DIRECT_PEERING",
+            "PRIVATE_SERVICE_ACCESS"
+          ],
+          "enumDescriptions": [
+            "Not set.",
+            "Connect via direct peering to the Filestore service.",
+            "Connect to your Filestore instance using Private Service Access. Private services access provides an IP address range for multiple Google Cloud services, including Filestore."
+          ],
+          "type": "string"
+        },
         "ipAddresses": {
           "description": "Output only. IPv4 addresses in the format `{octet1}.{octet2}.{octet3}.{octet4}` or IPv6 addresses in the format `{block1}:{block2}:{block3}:{block4}:{block5}:{block6}:{block7}:{block8}`.",
           "items": {
@@ -1436,7 +1668,7 @@
           "type": "string"
         },
         "reservedIpRange": {
-          "description": "A /29 CIDR block in one of the [internal IP address ranges](https://www.arin.net/reference/research/statistics/address_filters/) that identifies the range of IP addresses reserved for this instance. For example, 10.0.0.0/29 or 192.168.0.0/29. The range you specify can't overlap with either existing subnets or assigned IP address ranges for other Cloud Filestore instances in the selected VPC network.",
+          "description": "Optional, reserved_ip_range can have one of the following two types of values. * CIDR range value when using DIRECT_PEERING connect mode. * [Allocated IP address range](https://cloud.google.com/compute/docs/ip-addresses/reserve-static-internal-ip-address) when using PRIVATE_SERVICE_ACCESS connect mode. When the name of an allocated IP address range is specified, it must be one of the ranges associated with the private service access connection. When specified as a direct CIDR value, it must be a /29 CIDR block for Basic tier or a /24 CIDR block for High Scale or Enterprise tier in one of the [internal IP address ranges](https://www.arin.net/reference/research/statistics/address_filters/) that identifies the range of IP addresses reserved for this instance. For example, 10.0.0.0/29 or 192.168.0.0/24. The range you specify can't overlap with either existing subnets or assigned IP address ranges for other Cloud Filestore instances in the selected VPC network.",
           "type": "string"
         }
       },
@@ -1628,6 +1860,58 @@
       },
       "type": "object"
     },
+    "Snapshot": {
+      "description": "A Filestore snapshot.",
+      "id": "Snapshot",
+      "properties": {
+        "createTime": {
+          "description": "Output only. The time when the snapshot was created.",
+          "format": "google-datetime",
+          "readOnly": true,
+          "type": "string"
+        },
+        "description": {
+          "description": "A description of the snapshot with 2048 characters or less. Requests with longer descriptions will be rejected.",
+          "type": "string"
+        },
+        "filesystemUsedBytes": {
+          "description": "Output only. The amount of bytes needed to allocate a full copy of the snapshot content",
+          "format": "int64",
+          "readOnly": true,
+          "type": "string"
+        },
+        "labels": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "description": "Resource labels to represent user provided metadata.",
+          "type": "object"
+        },
+        "name": {
+          "description": "Output only. The resource name of the snapshot, in the format `projects/{project_id}/locations/{location_id}/instances/{instance_id}/snapshots/{snapshot_id}`.",
+          "readOnly": true,
+          "type": "string"
+        },
+        "state": {
+          "description": "Output only. The snapshot state.",
+          "enum": [
+            "STATE_UNSPECIFIED",
+            "CREATING",
+            "READY",
+            "DELETING"
+          ],
+          "enumDescriptions": [
+            "State not set.",
+            "Snapshot is being created.",
+            "Snapshot is available for use.",
+            "Snapshot is being deleted."
+          ],
+          "readOnly": true,
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
     "Status": {
       "description": "The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors).",
       "id": "Status",
diff --git a/googleapiclient/discovery_cache/documents/file.v1beta1.json b/googleapiclient/discovery_cache/documents/file.v1beta1.json
index 8dc05cf6c9b..5bf49ba40e4 100644
--- a/googleapiclient/discovery_cache/documents/file.v1beta1.json
+++ b/googleapiclient/discovery_cache/documents/file.v1beta1.json
@@ -874,7 +874,7 @@
       }
     }
   },
-  "revision": "20211025",
+  "revision": "20211105",
   "rootUrl": "https://file.googleapis.com/",
   "schemas": {
     "Backup": {
diff --git a/googleapiclient/discovery_cache/documents/firebase.v1beta1.json b/googleapiclient/discovery_cache/documents/firebase.v1beta1.json
index 65430022d1c..55f7aaa9d59 100644
--- a/googleapiclient/discovery_cache/documents/firebase.v1beta1.json
+++ b/googleapiclient/discovery_cache/documents/firebase.v1beta1.json
@@ -1121,7 +1121,7 @@
       }
     }
   },
-  "revision": "20211105",
+  "revision": "20211112",
   "rootUrl": "https://firebase.googleapis.com/",
   "schemas": {
     "AddFirebaseRequest": {
diff --git a/googleapiclient/discovery_cache/documents/firebasedatabase.v1beta.json b/googleapiclient/discovery_cache/documents/firebasedatabase.v1beta.json
index 5c2fcf4c9f4..a68e4ead27d 100644
--- a/googleapiclient/discovery_cache/documents/firebasedatabase.v1beta.json
+++ b/googleapiclient/discovery_cache/documents/firebasedatabase.v1beta.json
@@ -317,7 +317,7 @@
       }
     }
   },
-  "revision": "20211105",
+  "revision": "20211112",
   "rootUrl": "https://firebasedatabase.googleapis.com/",
   "schemas": {
     "DatabaseInstance": {
diff --git a/googleapiclient/discovery_cache/documents/firebasedynamiclinks.v1.json b/googleapiclient/discovery_cache/documents/firebasedynamiclinks.v1.json
index c7c7f73e531..7d491fa3784 100644
--- a/googleapiclient/discovery_cache/documents/firebasedynamiclinks.v1.json
+++ b/googleapiclient/discovery_cache/documents/firebasedynamiclinks.v1.json
@@ -224,7 +224,7 @@
       }
     }
   },
-  "revision": "20211102",
+  "revision": "20211112",
   "rootUrl": "https://firebasedynamiclinks.googleapis.com/",
   "schemas": {
     "AnalyticsInfo": {
@@ -817,7 +817,7 @@
       "id": "GooglePlayAnalytics",
       "properties": {
         "gclid": {
-          "description": "[AdWords autotagging parameter](https://support.google.com/analytics/answer/1033981?hl=en); used to measure Google AdWords ads. This value is generated dynamically and should never be modified.",
+          "description": "Deprecated; FDL SDK does not process nor log it.",
           "type": "string"
         },
         "utmCampaign": {
diff --git a/googleapiclient/discovery_cache/documents/firebaseml.v1.json b/googleapiclient/discovery_cache/documents/firebaseml.v1.json
index c3f318f74f4..3ae23c52163 100644
--- a/googleapiclient/discovery_cache/documents/firebaseml.v1.json
+++ b/googleapiclient/discovery_cache/documents/firebaseml.v1.json
@@ -204,7 +204,7 @@
       }
     }
   },
-  "revision": "20211103",
+  "revision": "20211110",
   "rootUrl": "https://firebaseml.googleapis.com/",
   "schemas": {
     "CancelOperationRequest": {
diff --git a/googleapiclient/discovery_cache/documents/firebaseml.v1beta2.json b/googleapiclient/discovery_cache/documents/firebaseml.v1beta2.json
index fdbc2f159a4..4cd61e7bf44 100644
--- a/googleapiclient/discovery_cache/documents/firebaseml.v1beta2.json
+++ b/googleapiclient/discovery_cache/documents/firebaseml.v1beta2.json
@@ -318,7 +318,7 @@
       }
     }
   },
-  "revision": "20211103",
+  "revision": "20211110",
   "rootUrl": "https://firebaseml.googleapis.com/",
   "schemas": {
     "DownloadModelResponse": {
diff --git a/googleapiclient/discovery_cache/documents/firebasestorage.v1beta.json b/googleapiclient/discovery_cache/documents/firebasestorage.v1beta.json
index ee6d6e6ca26..1e53f8c682f 100644
--- a/googleapiclient/discovery_cache/documents/firebasestorage.v1beta.json
+++ b/googleapiclient/discovery_cache/documents/firebasestorage.v1beta.json
@@ -238,7 +238,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211108",
   "rootUrl": "https://firebasestorage.googleapis.com/",
   "schemas": {
     "AddFirebaseRequest": {
diff --git a/googleapiclient/discovery_cache/documents/firestore.v1.json b/googleapiclient/discovery_cache/documents/firestore.v1.json
index ff9ffad91a3..f8bb2f80960 100644
--- a/googleapiclient/discovery_cache/documents/firestore.v1.json
+++ b/googleapiclient/discovery_cache/documents/firestore.v1.json
@@ -1247,7 +1247,7 @@
       }
     }
   },
-  "revision": "20211025",
+  "revision": "20211029",
   "rootUrl": "https://firestore.googleapis.com/",
   "schemas": {
     "ArrayValue": {
diff --git a/googleapiclient/discovery_cache/documents/firestore.v1beta1.json b/googleapiclient/discovery_cache/documents/firestore.v1beta1.json
index 397da1def83..358e3a11a88 100644
--- a/googleapiclient/discovery_cache/documents/firestore.v1beta1.json
+++ b/googleapiclient/discovery_cache/documents/firestore.v1beta1.json
@@ -849,7 +849,7 @@
       }
     }
   },
-  "revision": "20211025",
+  "revision": "20211029",
   "rootUrl": "https://firestore.googleapis.com/",
   "schemas": {
     "ArrayValue": {
diff --git a/googleapiclient/discovery_cache/documents/firestore.v1beta2.json b/googleapiclient/discovery_cache/documents/firestore.v1beta2.json
index 6ae0d406070..6d082a74657 100644
--- a/googleapiclient/discovery_cache/documents/firestore.v1beta2.json
+++ b/googleapiclient/discovery_cache/documents/firestore.v1beta2.json
@@ -415,7 +415,7 @@
       }
     }
   },
-  "revision": "20211025",
+  "revision": "20211029",
   "rootUrl": "https://firestore.googleapis.com/",
   "schemas": {
     "Empty": {
diff --git a/googleapiclient/discovery_cache/documents/fitness.v1.json b/googleapiclient/discovery_cache/documents/fitness.v1.json
index da979061d3d..dc769e665f6 100644
--- a/googleapiclient/discovery_cache/documents/fitness.v1.json
+++ b/googleapiclient/discovery_cache/documents/fitness.v1.json
@@ -831,7 +831,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211110",
   "rootUrl": "https://fitness.googleapis.com/",
   "schemas": {
     "AggregateBucket": {
diff --git a/googleapiclient/discovery_cache/documents/games.v1.json b/googleapiclient/discovery_cache/documents/games.v1.json
index 8b3ef525ae1..b7d7f0702c0 100644
--- a/googleapiclient/discovery_cache/documents/games.v1.json
+++ b/googleapiclient/discovery_cache/documents/games.v1.json
@@ -1224,7 +1224,7 @@
       }
     }
   },
-  "revision": "20211028",
+  "revision": "20211111",
   "rootUrl": "https://games.googleapis.com/",
   "schemas": {
     "AchievementDefinition": {
diff --git a/googleapiclient/discovery_cache/documents/gamesConfiguration.v1configuration.json b/googleapiclient/discovery_cache/documents/gamesConfiguration.v1configuration.json
index 9d720bc050b..e7910417cb9 100644
--- a/googleapiclient/discovery_cache/documents/gamesConfiguration.v1configuration.json
+++ b/googleapiclient/discovery_cache/documents/gamesConfiguration.v1configuration.json
@@ -439,7 +439,7 @@
       }
     }
   },
-  "revision": "20211028",
+  "revision": "20211111",
   "rootUrl": "https://gamesconfiguration.googleapis.com/",
   "schemas": {
     "AchievementConfiguration": {
diff --git a/googleapiclient/discovery_cache/documents/gamesManagement.v1management.json b/googleapiclient/discovery_cache/documents/gamesManagement.v1management.json
index 9a076cf5c2d..382b074cea8 100644
--- a/googleapiclient/discovery_cache/documents/gamesManagement.v1management.json
+++ b/googleapiclient/discovery_cache/documents/gamesManagement.v1management.json
@@ -471,7 +471,7 @@
       }
     }
   },
-  "revision": "20211028",
+  "revision": "20211111",
   "rootUrl": "https://gamesmanagement.googleapis.com/",
   "schemas": {
     "AchievementResetAllResponse": {
diff --git a/googleapiclient/discovery_cache/documents/gameservices.v1.json b/googleapiclient/discovery_cache/documents/gameservices.v1.json
index aa2f60b470e..80b858d5456 100644
--- a/googleapiclient/discovery_cache/documents/gameservices.v1.json
+++ b/googleapiclient/discovery_cache/documents/gameservices.v1.json
@@ -305,7 +305,7 @@
                   ],
                   "parameters": {
                     "options.requestedPolicyVersion": {
-                      "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+                      "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
                       "format": "int32",
                       "location": "query",
                       "type": "integer"
@@ -1357,7 +1357,7 @@
       }
     }
   },
-  "revision": "20211028",
+  "revision": "20211103",
   "rootUrl": "https://gameservices.googleapis.com/",
   "schemas": {
     "AuditConfig": {
@@ -2681,7 +2681,7 @@
       "type": "object"
     },
     "Schedule": {
-      "description": "The schedule of a recurring or one time event. The event's time span is specified by start_time and end_time. If the scheduled event's timespan is larger than the cron_spec + cron_job_duration, the event will be recurring. If only cron_spec + cron_job_duration are specified, the event is effective starting at the local time specified by cron_spec, and is recurring. start_time|-------[cron job]-------[cron job]-------[cron job]---|end_time cron job: cron spec start time + duration",
+      "description": "The schedule of a recurring or one time event. The event's time span is specified by start_time and end_time. If the scheduled event's timespan is larger than the cron_spec + cron_job_duration, the event will be recurring. If only cron_spec + cron_job_duration are specified, the event is effective starting at the local time specified by cron_spec, and is recurring. ``` start_time|-------[cron job]-------[cron job]-------[cron job]---|end_time cron job: cron spec start time + duration ```",
       "id": "Schedule",
       "properties": {
         "cronJobDuration": {
diff --git a/googleapiclient/discovery_cache/documents/gameservices.v1beta.json b/googleapiclient/discovery_cache/documents/gameservices.v1beta.json
index 9d8883fcbbd..c74448a5002 100644
--- a/googleapiclient/discovery_cache/documents/gameservices.v1beta.json
+++ b/googleapiclient/discovery_cache/documents/gameservices.v1beta.json
@@ -305,7 +305,7 @@
                   ],
                   "parameters": {
                     "options.requestedPolicyVersion": {
-                      "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+                      "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
                       "format": "int32",
                       "location": "query",
                       "type": "integer"
@@ -1357,7 +1357,7 @@
       }
     }
   },
-  "revision": "20211028",
+  "revision": "20211103",
   "rootUrl": "https://gameservices.googleapis.com/",
   "schemas": {
     "AuditConfig": {
@@ -2714,7 +2714,7 @@
       "type": "object"
     },
     "Schedule": {
-      "description": "The schedule of a recurring or one time event. The event's time span is specified by start_time and end_time. If the scheduled event's timespan is larger than the cron_spec + cron_job_duration, the event will be recurring. If only cron_spec + cron_job_duration are specified, the event is effective starting at the local time specified by cron_spec, and is recurring. start_time|-------[cron job]-------[cron job]-------[cron job]---|end_time cron job: cron spec start time + duration",
+      "description": "The schedule of a recurring or one time event. The event's time span is specified by start_time and end_time. If the scheduled event's timespan is larger than the cron_spec + cron_job_duration, the event will be recurring. If only cron_spec + cron_job_duration are specified, the event is effective starting at the local time specified by cron_spec, and is recurring. ``` start_time|-------[cron job]-------[cron job]-------[cron job]---|end_time cron job: cron spec start time + duration ```",
       "id": "Schedule",
       "properties": {
         "cronJobDuration": {
diff --git a/googleapiclient/discovery_cache/documents/genomics.v2alpha1.json b/googleapiclient/discovery_cache/documents/genomics.v2alpha1.json
index 84799f35df0..e43fb6f1936 100644
--- a/googleapiclient/discovery_cache/documents/genomics.v2alpha1.json
+++ b/googleapiclient/discovery_cache/documents/genomics.v2alpha1.json
@@ -301,7 +301,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211106",
   "rootUrl": "https://genomics.googleapis.com/",
   "schemas": {
     "Accelerator": {
diff --git a/googleapiclient/discovery_cache/documents/gkehub.v1.json b/googleapiclient/discovery_cache/documents/gkehub.v1.json
index 8ef959b223b..1789c402ea6 100644
--- a/googleapiclient/discovery_cache/documents/gkehub.v1.json
+++ b/googleapiclient/discovery_cache/documents/gkehub.v1.json
@@ -287,7 +287,7 @@
                   ],
                   "parameters": {
                     "options.requestedPolicyVersion": {
-                      "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+                      "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
                       "format": "int32",
                       "location": "query",
                       "type": "integer"
@@ -613,7 +613,7 @@
                   ],
                   "parameters": {
                     "options.requestedPolicyVersion": {
-                      "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+                      "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
                       "format": "int32",
                       "location": "query",
                       "type": "integer"
@@ -905,7 +905,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211105",
   "rootUrl": "https://gkehub.googleapis.com/",
   "schemas": {
     "AppDevExperienceFeatureSpec": {
@@ -1070,6 +1070,10 @@
           "$ref": "ConfigManagementGitConfig",
           "description": "Git repo configuration for the cluster."
         },
+        "preventDrift": {
+          "description": "Set to true to enable the Config Sync admission webhook to prevent drifts. If set to `false`, disables the Config Sync admission webhook and does not prevent drifts.",
+          "type": "boolean"
+        },
         "sourceFormat": {
           "description": "Specifies whether the Config Sync Repo is in \u201chierarchical\u201d or \u201cunstructured\u201d mode.",
           "type": "string"
@@ -1329,7 +1333,7 @@
           "type": "string"
         },
         "secretType": {
-          "description": "Type of secret configured for access to the Git repo.",
+          "description": "Type of secret configured for access to the Git repo. Must be one of ssh, cookiefile, gcenode, token, gcpserviceaccount or none. The validation of this is case-sensitive. Required.",
           "type": "string"
         },
         "syncBranch": {
@@ -1967,6 +1971,37 @@
       },
       "type": "object"
     },
+    "KubernetesResource": {
+      "description": "KubernetesResource contains the YAML manifests and configuration for Membership Kubernetes resources in the cluster. After CreateMembership or UpdateMembership, these resources should be re-applied in the cluster.",
+      "id": "KubernetesResource",
+      "properties": {
+        "connectResources": {
+          "description": "Output only. The Kubernetes resources for installing the GKE Connect agent This field is only populated in the Membership returned from a successful long-running operation from CreateMembership or UpdateMembership. It is not populated during normal GetMembership or ListMemberships requests. To get the resource manifest after the initial registration, the caller should make a UpdateMembership call with an empty field mask.",
+          "items": {
+            "$ref": "ResourceManifest"
+          },
+          "readOnly": true,
+          "type": "array"
+        },
+        "membershipCrManifest": {
+          "description": "Input only. The YAML representation of the Membership CR. This field is ignored for GKE clusters where Hub can read the CR directly. Callers should provide the CR that is currently present in the cluster during CreateMembership or UpdateMembership, or leave this field empty if none exists. The CR manifest is used to validate the cluster has not been registered with another Membership.",
+          "type": "string"
+        },
+        "membershipResources": {
+          "description": "Output only. Additional Kubernetes resources that need to be applied to the cluster after Membership creation, and after every update. This field is only populated in the Membership returned from a successful long-running operation from CreateMembership or UpdateMembership. It is not populated during normal GetMembership or ListMemberships requests. To get the resource manifest after the initial registration, the caller should make a UpdateMembership call with an empty field mask.",
+          "items": {
+            "$ref": "ResourceManifest"
+          },
+          "readOnly": true,
+          "type": "array"
+        },
+        "resourceOptions": {
+          "$ref": "ResourceOptions",
+          "description": "Optional. Options for Kubernetes resource generation."
+        }
+      },
+      "type": "object"
+    },
     "ListFeaturesResponse": {
       "description": "Response message for the `GkeHub.ListFeatures` method.",
       "id": "ListFeaturesResponse",
@@ -2163,6 +2198,10 @@
           "description": "Output only. Useful Kubernetes-specific metadata.",
           "readOnly": true
         },
+        "kubernetesResource": {
+          "$ref": "KubernetesResource",
+          "description": "Optional. The in-cluster Kubernetes Resources that should be applied for a correctly registered cluster, in the steady state. These resources: * Ensure that the cluster is exclusively registered to one and only one Hub Membership. * Propagate Workload Pool Information available in the Membership Authority field. * Ensure proper initial configuration of default Hub Features."
+        },
         "multiCloudCluster": {
           "$ref": "MultiCloudCluster",
           "description": "Optional. Specific information for a GKE Multi-Cloud cluster."
@@ -2389,6 +2428,36 @@
       },
       "type": "object"
     },
+    "ResourceManifest": {
+      "description": "ResourceManifest represents a single Kubernetes resource to be applied to the cluster.",
+      "id": "ResourceManifest",
+      "properties": {
+        "clusterScoped": {
+          "description": "Whether the resource provided in the manifest is `cluster_scoped`. If unset, the manifest is assumed to be namespace scoped. This field is used for REST mapping when applying the resource in a cluster.",
+          "type": "boolean"
+        },
+        "manifest": {
+          "description": "YAML manifest of the resource.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ResourceOptions": {
+      "description": "ResourceOptions represent options for Kubernetes resource generation.",
+      "id": "ResourceOptions",
+      "properties": {
+        "connectVersion": {
+          "description": "Optional. The Connect agent version to use for connect_resources. Defaults to the latest GKE Connect version. The version must be a currently supported version, obsolete versions will be rejected.",
+          "type": "string"
+        },
+        "v1beta1Crd": {
+          "description": "Optional. Use `apiextensions/v1beta1` instead of `apiextensions/v1` for CustomResourceDefinition resources. This option should be set for clusters with Kubernetes apiserver versions <1.16.",
+          "type": "boolean"
+        }
+      },
+      "type": "object"
+    },
     "SetIamPolicyRequest": {
       "description": "Request message for `SetIamPolicy` method.",
       "id": "SetIamPolicyRequest",
diff --git a/googleapiclient/discovery_cache/documents/gkehub.v1alpha.json b/googleapiclient/discovery_cache/documents/gkehub.v1alpha.json
index 01929c3a56e..ba18da280d5 100644
--- a/googleapiclient/discovery_cache/documents/gkehub.v1alpha.json
+++ b/googleapiclient/discovery_cache/documents/gkehub.v1alpha.json
@@ -287,7 +287,7 @@
                   ],
                   "parameters": {
                     "options.requestedPolicyVersion": {
-                      "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+                      "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
                       "format": "int32",
                       "location": "query",
                       "type": "integer"
@@ -613,7 +613,7 @@
                   ],
                   "parameters": {
                     "options.requestedPolicyVersion": {
-                      "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+                      "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
                       "format": "int32",
                       "location": "query",
                       "type": "integer"
@@ -951,7 +951,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211105",
   "rootUrl": "https://gkehub.googleapis.com/",
   "schemas": {
     "AppDevExperienceFeatureSpec": {
@@ -1187,6 +1187,10 @@
           "$ref": "ConfigManagementGitConfig",
           "description": "Git repo configuration for the cluster."
         },
+        "preventDrift": {
+          "description": "Set to true to enable the Config Sync admission webhook to prevent drifts. If set to `false`, disables the Config Sync admission webhook and does not prevent drifts.",
+          "type": "boolean"
+        },
         "sourceFormat": {
           "description": "Specifies whether the Config Sync Repo is in \u201chierarchical\u201d or \u201cunstructured\u201d mode.",
           "type": "string"
@@ -1462,7 +1466,7 @@
           "type": "string"
         },
         "secretType": {
-          "description": "Type of secret configured for access to the Git repo.",
+          "description": "Type of secret configured for access to the Git repo. Must be one of ssh, cookiefile, gcenode, token, gcpserviceaccount or none. The validation of this is case-sensitive. Required.",
           "type": "string"
         },
         "syncBranch": {
@@ -2229,6 +2233,37 @@
       },
       "type": "object"
     },
+    "KubernetesResource": {
+      "description": "KubernetesResource contains the YAML manifests and configuration for Membership Kubernetes resources in the cluster. After CreateMembership or UpdateMembership, these resources should be re-applied in the cluster.",
+      "id": "KubernetesResource",
+      "properties": {
+        "connectResources": {
+          "description": "Output only. The Kubernetes resources for installing the GKE Connect agent This field is only populated in the Membership returned from a successful long-running operation from CreateMembership or UpdateMembership. It is not populated during normal GetMembership or ListMemberships requests. To get the resource manifest after the initial registration, the caller should make a UpdateMembership call with an empty field mask.",
+          "items": {
+            "$ref": "ResourceManifest"
+          },
+          "readOnly": true,
+          "type": "array"
+        },
+        "membershipCrManifest": {
+          "description": "Input only. The YAML representation of the Membership CR. This field is ignored for GKE clusters where Hub can read the CR directly. Callers should provide the CR that is currently present in the cluster during CreateMembership or UpdateMembership, or leave this field empty if none exists. The CR manifest is used to validate the cluster has not been registered with another Membership.",
+          "type": "string"
+        },
+        "membershipResources": {
+          "description": "Output only. Additional Kubernetes resources that need to be applied to the cluster after Membership creation, and after every update. This field is only populated in the Membership returned from a successful long-running operation from CreateMembership or UpdateMembership. It is not populated during normal GetMembership or ListMemberships requests. To get the resource manifest after the initial registration, the caller should make a UpdateMembership call with an empty field mask.",
+          "items": {
+            "$ref": "ResourceManifest"
+          },
+          "readOnly": true,
+          "type": "array"
+        },
+        "resourceOptions": {
+          "$ref": "ResourceOptions",
+          "description": "Optional. Options for Kubernetes resource generation."
+        }
+      },
+      "type": "object"
+    },
     "ListAdminClusterMembershipsResponse": {
       "description": "Response message for the `GkeHub.ListAdminClusterMemberships` method.",
       "id": "ListAdminClusterMembershipsResponse",
@@ -2450,6 +2485,10 @@
           "description": "Output only. Useful Kubernetes-specific metadata.",
           "readOnly": true
         },
+        "kubernetesResource": {
+          "$ref": "KubernetesResource",
+          "description": "Optional. The in-cluster Kubernetes Resources that should be applied for a correctly registered cluster, in the steady state. These resources: * Ensure that the cluster is exclusively registered to one and only one Hub Membership. * Propagate Workload Pool Information available in the Membership Authority field. * Ensure proper initial configuration of default Hub Features."
+        },
         "multiCloudCluster": {
           "$ref": "MultiCloudCluster",
           "description": "Optional. Specific information for a GKE Multi-Cloud cluster."
@@ -2727,6 +2766,36 @@
       },
       "type": "object"
     },
+    "ResourceManifest": {
+      "description": "ResourceManifest represents a single Kubernetes resource to be applied to the cluster.",
+      "id": "ResourceManifest",
+      "properties": {
+        "clusterScoped": {
+          "description": "Whether the resource provided in the manifest is `cluster_scoped`. If unset, the manifest is assumed to be namespace scoped. This field is used for REST mapping when applying the resource in a cluster.",
+          "type": "boolean"
+        },
+        "manifest": {
+          "description": "YAML manifest of the resource.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ResourceOptions": {
+      "description": "ResourceOptions represent options for Kubernetes resource generation.",
+      "id": "ResourceOptions",
+      "properties": {
+        "connectVersion": {
+          "description": "Optional. The Connect agent version to use for connect_resources. Defaults to the latest GKE Connect version. The version must be a currently supported version, obsolete versions will be rejected.",
+          "type": "string"
+        },
+        "v1beta1Crd": {
+          "description": "Optional. Use `apiextensions/v1beta1` instead of `apiextensions/v1` for CustomResourceDefinition resources. This option should be set for clusters with Kubernetes apiserver versions <1.16.",
+          "type": "boolean"
+        }
+      },
+      "type": "object"
+    },
     "ServiceMeshAnalysisMessage": {
       "description": "AnalysisMessage is a single message produced by an analyzer, and it used to communicate to the end user about the state of their Service Mesh configuration.",
       "id": "ServiceMeshAnalysisMessage",
diff --git a/googleapiclient/discovery_cache/documents/gkehub.v1alpha2.json b/googleapiclient/discovery_cache/documents/gkehub.v1alpha2.json
index 8b1aa21f3c5..cce6ad01f01 100644
--- a/googleapiclient/discovery_cache/documents/gkehub.v1alpha2.json
+++ b/googleapiclient/discovery_cache/documents/gkehub.v1alpha2.json
@@ -365,7 +365,7 @@
                   ],
                   "parameters": {
                     "options.requestedPolicyVersion": {
-                      "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+                      "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
                       "format": "int32",
                       "location": "query",
                       "type": "integer"
@@ -652,7 +652,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211105",
   "rootUrl": "https://gkehub.googleapis.com/",
   "schemas": {
     "AuditConfig": {
diff --git a/googleapiclient/discovery_cache/documents/gkehub.v1beta.json b/googleapiclient/discovery_cache/documents/gkehub.v1beta.json
index 8e7c118fb09..8f7e4c1f21e 100644
--- a/googleapiclient/discovery_cache/documents/gkehub.v1beta.json
+++ b/googleapiclient/discovery_cache/documents/gkehub.v1beta.json
@@ -287,7 +287,7 @@
                   ],
                   "parameters": {
                     "options.requestedPolicyVersion": {
-                      "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+                      "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
                       "format": "int32",
                       "location": "query",
                       "type": "integer"
@@ -463,7 +463,7 @@
                   ],
                   "parameters": {
                     "options.requestedPolicyVersion": {
-                      "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+                      "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
                       "format": "int32",
                       "location": "query",
                       "type": "integer"
@@ -670,7 +670,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211105",
   "rootUrl": "https://gkehub.googleapis.com/",
   "schemas": {
     "AppDevExperienceFeatureSpec": {
@@ -858,6 +858,10 @@
           "$ref": "ConfigManagementGitConfig",
           "description": "Git repo configuration for the cluster."
         },
+        "preventDrift": {
+          "description": "Set to true to enable the Config Sync admission webhook to prevent drifts. If set to `false`, disables the Config Sync admission webhook and does not prevent drifts.",
+          "type": "boolean"
+        },
         "sourceFormat": {
           "description": "Specifies whether the Config Sync Repo is in \u201chierarchical\u201d or \u201cunstructured\u201d mode.",
           "type": "string"
@@ -1117,7 +1121,7 @@
           "type": "string"
         },
         "secretType": {
-          "description": "Type of secret configured for access to the Git repo.",
+          "description": "Type of secret configured for access to the Git repo. Must be one of ssh, cookiefile, gcenode, token, gcpserviceaccount or none. The validation of this is case-sensitive. Required.",
           "type": "string"
         },
         "syncBranch": {
diff --git a/googleapiclient/discovery_cache/documents/gkehub.v1beta1.json b/googleapiclient/discovery_cache/documents/gkehub.v1beta1.json
index 04608d9a878..7cef9821574 100644
--- a/googleapiclient/discovery_cache/documents/gkehub.v1beta1.json
+++ b/googleapiclient/discovery_cache/documents/gkehub.v1beta1.json
@@ -379,7 +379,7 @@
                   ],
                   "parameters": {
                     "options.requestedPolicyVersion": {
-                      "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+                      "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
                       "format": "int32",
                       "location": "query",
                       "type": "integer"
@@ -706,7 +706,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211105",
   "rootUrl": "https://gkehub.googleapis.com/",
   "schemas": {
     "AuditConfig": {
diff --git a/googleapiclient/discovery_cache/documents/gmail.v1.json b/googleapiclient/discovery_cache/documents/gmail.v1.json
index bb41cfa4542..c5c394251ef 100644
--- a/googleapiclient/discovery_cache/documents/gmail.v1.json
+++ b/googleapiclient/discovery_cache/documents/gmail.v1.json
@@ -945,7 +945,7 @@
               ]
             },
             "import": {
-              "description": "Imports a message into only this user's mailbox, with standard email delivery scanning and classification similar to receiving via SMTP. Does not send a message. Note: This function doesn't trigger forwarding rules or filters set up by the user.",
+              "description": "Imports a message into only this user's mailbox, with standard email delivery scanning and classification similar to receiving via SMTP. This method doesn't perform SPF checks, so it might not work for some spam messages, such as those attempting to perform domain spoofing. This method does not send a message. Note: This function doesn't trigger forwarding rules or filters set up by the user.",
               "flatPath": "gmail/v1/users/{userId}/messages/import",
               "httpMethod": "POST",
               "id": "gmail.users.messages.import",
@@ -2682,7 +2682,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211108",
   "rootUrl": "https://gmail.googleapis.com/",
   "schemas": {
     "AutoForwarding": {
diff --git a/googleapiclient/discovery_cache/documents/gmailpostmastertools.v1.json b/googleapiclient/discovery_cache/documents/gmailpostmastertools.v1.json
index 30261ce49cb..14933043ccd 100644
--- a/googleapiclient/discovery_cache/documents/gmailpostmastertools.v1.json
+++ b/googleapiclient/discovery_cache/documents/gmailpostmastertools.v1.json
@@ -265,7 +265,7 @@
       }
     }
   },
-  "revision": "20211105",
+  "revision": "20211112",
   "rootUrl": "https://gmailpostmastertools.googleapis.com/",
   "schemas": {
     "DeliveryError": {
diff --git a/googleapiclient/discovery_cache/documents/gmailpostmastertools.v1beta1.json b/googleapiclient/discovery_cache/documents/gmailpostmastertools.v1beta1.json
index d6fe2e52b9e..85ba0e3c103 100644
--- a/googleapiclient/discovery_cache/documents/gmailpostmastertools.v1beta1.json
+++ b/googleapiclient/discovery_cache/documents/gmailpostmastertools.v1beta1.json
@@ -265,7 +265,7 @@
       }
     }
   },
-  "revision": "20211105",
+  "revision": "20211112",
   "rootUrl": "https://gmailpostmastertools.googleapis.com/",
   "schemas": {
     "DeliveryError": {
diff --git a/googleapiclient/discovery_cache/documents/groupsmigration.v1.json b/googleapiclient/discovery_cache/documents/groupsmigration.v1.json
index a66d7b40548..378b7c388eb 100644
--- a/googleapiclient/discovery_cache/documents/groupsmigration.v1.json
+++ b/googleapiclient/discovery_cache/documents/groupsmigration.v1.json
@@ -146,7 +146,7 @@
       }
     }
   },
-  "revision": "20211028",
+  "revision": "20211104",
   "rootUrl": "https://groupsmigration.googleapis.com/",
   "schemas": {
     "Groups": {
diff --git a/googleapiclient/discovery_cache/documents/groupssettings.v1.json b/googleapiclient/discovery_cache/documents/groupssettings.v1.json
index e0e3af905be..fe0ad193878 100644
--- a/googleapiclient/discovery_cache/documents/groupssettings.v1.json
+++ b/googleapiclient/discovery_cache/documents/groupssettings.v1.json
@@ -152,7 +152,7 @@
       }
     }
   },
-  "revision": "20211028",
+  "revision": "20211104",
   "rootUrl": "https://www.googleapis.com/",
   "schemas": {
     "Groups": {
diff --git a/googleapiclient/discovery_cache/documents/healthcare.v1.json b/googleapiclient/discovery_cache/documents/healthcare.v1.json
index 8c5fdbbfd3f..d29e1c1a982 100644
--- a/googleapiclient/discovery_cache/documents/healthcare.v1.json
+++ b/googleapiclient/discovery_cache/documents/healthcare.v1.json
@@ -4012,7 +4012,7 @@
       }
     }
   },
-  "revision": "20211025",
+  "revision": "20211105",
   "rootUrl": "https://healthcare.googleapis.com/",
   "schemas": {
     "ActivateConsentRequest": {
@@ -4969,6 +4969,10 @@
       "description": "Specifies how to handle de-identification of a FHIR store.",
       "id": "FhirConfig",
       "properties": {
+        "defaultKeepExtensions": {
+          "description": "The behaviour for handling FHIR extensions that aren't otherwise specified for de-identification. If true, all extensions are preserved during de-identification by default. If false or unspecified, all extensions are removed during de-identification by default.",
+          "type": "boolean"
+        },
         "fieldMetadataList": {
           "description": "Specifies FHIR paths to match and how to transform them. Any field that is not matched by a FieldMetadata is passed through to the output dataset unmodified. All extensions will be processed according to `default_keep_extensions`.",
           "items": {
diff --git a/googleapiclient/discovery_cache/documents/healthcare.v1beta1.json b/googleapiclient/discovery_cache/documents/healthcare.v1beta1.json
index a63d51a780d..c3405674dc0 100644
--- a/googleapiclient/discovery_cache/documents/healthcare.v1beta1.json
+++ b/googleapiclient/discovery_cache/documents/healthcare.v1beta1.json
@@ -4865,7 +4865,7 @@
       }
     }
   },
-  "revision": "20211025",
+  "revision": "20211105",
   "rootUrl": "https://healthcare.googleapis.com/",
   "schemas": {
     "ActivateConsentRequest": {
@@ -6050,6 +6050,10 @@
       "description": "Specifies how to handle de-identification of a FHIR store.",
       "id": "FhirConfig",
       "properties": {
+        "defaultKeepExtensions": {
+          "description": "The behaviour for handling FHIR extensions that aren't otherwise specified for de-identification. If true, all extensions are preserved during de-identification by default. If false or unspecified, all extensions are removed during de-identification by default.",
+          "type": "boolean"
+        },
         "fieldMetadataList": {
           "description": "Specifies FHIR paths to match and how to transform them. Any field that is not matched by a FieldMetadata is passed through to the output dataset unmodified. All extensions will be processed according to `default_keep_extensions`. If a field can be matched by more than one FieldMetadata, the first FieldMetadata.Action is applied.",
           "items": {
diff --git a/googleapiclient/discovery_cache/documents/homegraph.v1.json b/googleapiclient/discovery_cache/documents/homegraph.v1.json
index 141c7917855..6dad8b5788d 100644
--- a/googleapiclient/discovery_cache/documents/homegraph.v1.json
+++ b/googleapiclient/discovery_cache/documents/homegraph.v1.json
@@ -216,7 +216,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211104",
   "rootUrl": "https://homegraph.googleapis.com/",
   "schemas": {
     "AgentDeviceId": {
diff --git a/googleapiclient/discovery_cache/documents/iam.v1.json b/googleapiclient/discovery_cache/documents/iam.v1.json
index c038890693a..b4d7afc5f42 100644
--- a/googleapiclient/discovery_cache/documents/iam.v1.json
+++ b/googleapiclient/discovery_cache/documents/iam.v1.json
@@ -1243,7 +1243,7 @@
               ],
               "parameters": {
                 "options.requestedPolicyVersion": {
-                  "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+                  "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
                   "format": "int32",
                   "location": "query",
                   "type": "integer"
@@ -1822,7 +1822,7 @@
       }
     }
   },
-  "revision": "20211101",
+  "revision": "20211104",
   "rootUrl": "https://iam.googleapis.com/",
   "schemas": {
     "AdminAuditData": {
diff --git a/googleapiclient/discovery_cache/documents/iamcredentials.v1.json b/googleapiclient/discovery_cache/documents/iamcredentials.v1.json
index 935bb9ee41d..fd66ad151d8 100644
--- a/googleapiclient/discovery_cache/documents/iamcredentials.v1.json
+++ b/googleapiclient/discovery_cache/documents/iamcredentials.v1.json
@@ -226,7 +226,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211104",
   "rootUrl": "https://iamcredentials.googleapis.com/",
   "schemas": {
     "GenerateAccessTokenRequest": {
diff --git a/googleapiclient/discovery_cache/documents/iap.v1.json b/googleapiclient/discovery_cache/documents/iap.v1.json
index 75d6bd6ce5a..f9b25a5f3e8 100644
--- a/googleapiclient/discovery_cache/documents/iap.v1.json
+++ b/googleapiclient/discovery_cache/documents/iap.v1.json
@@ -487,7 +487,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211105",
   "rootUrl": "https://iap.googleapis.com/",
   "schemas": {
     "AccessDeniedPageSettings": {
@@ -683,7 +683,7 @@
       "id": "GetPolicyOptions",
       "properties": {
         "requestedPolicyVersion": {
-          "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+          "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
           "format": "int32",
           "type": "integer"
         }
diff --git a/googleapiclient/discovery_cache/documents/iap.v1beta1.json b/googleapiclient/discovery_cache/documents/iap.v1beta1.json
index 27e6eca2bbb..1ee498655b6 100644
--- a/googleapiclient/discovery_cache/documents/iap.v1beta1.json
+++ b/googleapiclient/discovery_cache/documents/iap.v1beta1.json
@@ -194,7 +194,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211105",
   "rootUrl": "https://iap.googleapis.com/",
   "schemas": {
     "Binding": {
@@ -258,7 +258,7 @@
       "id": "GetPolicyOptions",
       "properties": {
         "requestedPolicyVersion": {
-          "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+          "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
           "format": "int32",
           "type": "integer"
         }
diff --git a/googleapiclient/discovery_cache/documents/ideahub.v1alpha.json b/googleapiclient/discovery_cache/documents/ideahub.v1alpha.json
index 5700ee4a5e1..0c225b23a9a 100644
--- a/googleapiclient/discovery_cache/documents/ideahub.v1alpha.json
+++ b/googleapiclient/discovery_cache/documents/ideahub.v1alpha.json
@@ -331,7 +331,7 @@
       }
     }
   },
-  "revision": "20211105",
+  "revision": "20211112",
   "rootUrl": "https://ideahub.googleapis.com/",
   "schemas": {
     "GoogleSearchIdeahubV1alphaAvailableLocale": {
diff --git a/googleapiclient/discovery_cache/documents/ideahub.v1beta.json b/googleapiclient/discovery_cache/documents/ideahub.v1beta.json
index e39b4138697..abe87fc9a59 100644
--- a/googleapiclient/discovery_cache/documents/ideahub.v1beta.json
+++ b/googleapiclient/discovery_cache/documents/ideahub.v1beta.json
@@ -288,7 +288,7 @@
       }
     }
   },
-  "revision": "20211105",
+  "revision": "20211112",
   "rootUrl": "https://ideahub.googleapis.com/",
   "schemas": {
     "GoogleSearchIdeahubV1betaAvailableLocale": {
diff --git a/googleapiclient/discovery_cache/documents/indexing.v3.json b/googleapiclient/discovery_cache/documents/indexing.v3.json
index 0818036324f..21a8e3a11b9 100644
--- a/googleapiclient/discovery_cache/documents/indexing.v3.json
+++ b/googleapiclient/discovery_cache/documents/indexing.v3.json
@@ -149,7 +149,7 @@
       }
     }
   },
-  "revision": "20211101",
+  "revision": "20211103",
   "rootUrl": "https://indexing.googleapis.com/",
   "schemas": {
     "PublishUrlNotificationResponse": {
diff --git a/googleapiclient/discovery_cache/documents/language.v1.json b/googleapiclient/discovery_cache/documents/language.v1.json
index 731bdd415ad..cda2b97f90b 100644
--- a/googleapiclient/discovery_cache/documents/language.v1.json
+++ b/googleapiclient/discovery_cache/documents/language.v1.json
@@ -227,7 +227,7 @@
       }
     }
   },
-  "revision": "20211022",
+  "revision": "20211105",
   "rootUrl": "https://language.googleapis.com/",
   "schemas": {
     "AnalyzeEntitiesRequest": {
diff --git a/googleapiclient/discovery_cache/documents/language.v1beta1.json b/googleapiclient/discovery_cache/documents/language.v1beta1.json
index f860db8ff7e..e19af7966dd 100644
--- a/googleapiclient/discovery_cache/documents/language.v1beta1.json
+++ b/googleapiclient/discovery_cache/documents/language.v1beta1.json
@@ -189,7 +189,7 @@
       }
     }
   },
-  "revision": "20211022",
+  "revision": "20211105",
   "rootUrl": "https://language.googleapis.com/",
   "schemas": {
     "AnalyzeEntitiesRequest": {
diff --git a/googleapiclient/discovery_cache/documents/language.v1beta2.json b/googleapiclient/discovery_cache/documents/language.v1beta2.json
index 50986242108..a2c224c63c4 100644
--- a/googleapiclient/discovery_cache/documents/language.v1beta2.json
+++ b/googleapiclient/discovery_cache/documents/language.v1beta2.json
@@ -227,7 +227,7 @@
       }
     }
   },
-  "revision": "20211022",
+  "revision": "20211105",
   "rootUrl": "https://language.googleapis.com/",
   "schemas": {
     "AnalyzeEntitiesRequest": {
diff --git a/googleapiclient/discovery_cache/documents/libraryagent.v1.json b/googleapiclient/discovery_cache/documents/libraryagent.v1.json
index 3d2bb2242f6..378b929412e 100644
--- a/googleapiclient/discovery_cache/documents/libraryagent.v1.json
+++ b/googleapiclient/discovery_cache/documents/libraryagent.v1.json
@@ -279,7 +279,7 @@
       }
     }
   },
-  "revision": "20211105",
+  "revision": "20211112",
   "rootUrl": "https://libraryagent.googleapis.com/",
   "schemas": {
     "GoogleExampleLibraryagentV1Book": {
diff --git a/googleapiclient/discovery_cache/documents/licensing.v1.json b/googleapiclient/discovery_cache/documents/licensing.v1.json
index 2a2493f847b..7fa6d114bf0 100644
--- a/googleapiclient/discovery_cache/documents/licensing.v1.json
+++ b/googleapiclient/discovery_cache/documents/licensing.v1.json
@@ -400,7 +400,7 @@
       }
     }
   },
-  "revision": "20211106",
+  "revision": "20211111",
   "rootUrl": "https://licensing.googleapis.com/",
   "schemas": {
     "Empty": {
diff --git a/googleapiclient/discovery_cache/documents/lifesciences.v2beta.json b/googleapiclient/discovery_cache/documents/lifesciences.v2beta.json
index 65a9269ce2f..5481a8ebf47 100644
--- a/googleapiclient/discovery_cache/documents/lifesciences.v2beta.json
+++ b/googleapiclient/discovery_cache/documents/lifesciences.v2beta.json
@@ -312,7 +312,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211105",
   "rootUrl": "https://lifesciences.googleapis.com/",
   "schemas": {
     "Accelerator": {
diff --git a/googleapiclient/discovery_cache/documents/localservices.v1.json b/googleapiclient/discovery_cache/documents/localservices.v1.json
index 1949457492b..16658c32be7 100644
--- a/googleapiclient/discovery_cache/documents/localservices.v1.json
+++ b/googleapiclient/discovery_cache/documents/localservices.v1.json
@@ -250,7 +250,7 @@
       }
     }
   },
-  "revision": "20211105",
+  "revision": "20211112",
   "rootUrl": "https://localservices.googleapis.com/",
   "schemas": {
     "GoogleAdsHomeservicesLocalservicesV1AccountReport": {
diff --git a/googleapiclient/discovery_cache/documents/managedidentities.v1.json b/googleapiclient/discovery_cache/documents/managedidentities.v1.json
index f36334a3a81..2f6004cef4b 100644
--- a/googleapiclient/discovery_cache/documents/managedidentities.v1.json
+++ b/googleapiclient/discovery_cache/documents/managedidentities.v1.json
@@ -330,7 +330,7 @@
                       ],
                       "parameters": {
                         "options.requestedPolicyVersion": {
-                          "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+                          "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
                           "format": "int32",
                           "location": "query",
                           "type": "integer"
@@ -927,7 +927,7 @@
                       ],
                       "parameters": {
                         "options.requestedPolicyVersion": {
-                          "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+                          "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
                           "format": "int32",
                           "location": "query",
                           "type": "integer"
@@ -1093,7 +1093,7 @@
       }
     }
   },
-  "revision": "20211004",
+  "revision": "20211108",
   "rootUrl": "https://managedidentities.googleapis.com/",
   "schemas": {
     "AttachTrustRequest": {
@@ -1108,22 +1108,22 @@
       "type": "object"
     },
     "Binding": {
-      "description": "Associates `members` with a `role`.",
+      "description": "Associates `members`, or principals, with a `role`.",
       "id": "Binding",
       "properties": {
         "condition": {
           "$ref": "Expr",
-          "description": "The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
+          "description": "The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
         },
         "members": {
-          "description": "Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. ",
+          "description": "Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. ",
           "items": {
             "type": "string"
           },
           "type": "array"
         },
         "role": {
-          "description": "Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.",
+          "description": "Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.",
           "type": "string"
         }
       },
@@ -2128,11 +2128,11 @@
       "type": "object"
     },
     "Policy": {
-      "description": "An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { \"bindings\": [ { \"role\": \"roles/resourcemanager.organizationAdmin\", \"members\": [ \"user:mike@example.com\", \"group:admins@example.com\", \"domain:google.com\", \"serviceAccount:my-project-id@appspot.gserviceaccount.com\" ] }, { \"role\": \"roles/resourcemanager.organizationViewer\", \"members\": [ \"user:eve@example.com\" ], \"condition\": { \"title\": \"expirable access\", \"description\": \"Does not grant access after Sep 2020\", \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\", } } ], \"etag\": \"BwWWja0YfJA=\", \"version\": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).",
+      "description": "An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { \"bindings\": [ { \"role\": \"roles/resourcemanager.organizationAdmin\", \"members\": [ \"user:mike@example.com\", \"group:admins@example.com\", \"domain:google.com\", \"serviceAccount:my-project-id@appspot.gserviceaccount.com\" ] }, { \"role\": \"roles/resourcemanager.organizationViewer\", \"members\": [ \"user:eve@example.com\" ], \"condition\": { \"title\": \"expirable access\", \"description\": \"Does not grant access after Sep 2020\", \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\", } } ], \"etag\": \"BwWWja0YfJA=\", \"version\": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).",
       "id": "Policy",
       "properties": {
         "bindings": {
-          "description": "Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.",
+          "description": "Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.",
           "items": {
             "$ref": "Binding"
           },
diff --git a/googleapiclient/discovery_cache/documents/managedidentities.v1alpha1.json b/googleapiclient/discovery_cache/documents/managedidentities.v1alpha1.json
index 739133b7e76..908f03b3dc2 100644
--- a/googleapiclient/discovery_cache/documents/managedidentities.v1alpha1.json
+++ b/googleapiclient/discovery_cache/documents/managedidentities.v1alpha1.json
@@ -330,7 +330,7 @@
                       ],
                       "parameters": {
                         "options.requestedPolicyVersion": {
-                          "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+                          "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
                           "format": "int32",
                           "location": "query",
                           "type": "integer"
@@ -755,7 +755,7 @@
                           ],
                           "parameters": {
                             "options.requestedPolicyVersion": {
-                              "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+                              "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
                               "format": "int32",
                               "location": "query",
                               "type": "integer"
@@ -1209,7 +1209,7 @@
                       ],
                       "parameters": {
                         "options.requestedPolicyVersion": {
-                          "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+                          "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
                           "format": "int32",
                           "location": "query",
                           "type": "integer"
@@ -1375,7 +1375,7 @@
       }
     }
   },
-  "revision": "20211004",
+  "revision": "20211108",
   "rootUrl": "https://managedidentities.googleapis.com/",
   "schemas": {
     "AttachTrustRequest": {
@@ -1459,22 +1459,22 @@
       "type": "object"
     },
     "Binding": {
-      "description": "Associates `members` with a `role`.",
+      "description": "Associates `members`, or principals, with a `role`.",
       "id": "Binding",
       "properties": {
         "condition": {
           "$ref": "Expr",
-          "description": "The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
+          "description": "The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
         },
         "members": {
-          "description": "Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. ",
+          "description": "Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. ",
           "items": {
             "type": "string"
           },
           "type": "array"
         },
         "role": {
-          "description": "Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.",
+          "description": "Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.",
           "type": "string"
         }
       },
@@ -2496,11 +2496,11 @@
       "type": "object"
     },
     "Policy": {
-      "description": "An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { \"bindings\": [ { \"role\": \"roles/resourcemanager.organizationAdmin\", \"members\": [ \"user:mike@example.com\", \"group:admins@example.com\", \"domain:google.com\", \"serviceAccount:my-project-id@appspot.gserviceaccount.com\" ] }, { \"role\": \"roles/resourcemanager.organizationViewer\", \"members\": [ \"user:eve@example.com\" ], \"condition\": { \"title\": \"expirable access\", \"description\": \"Does not grant access after Sep 2020\", \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\", } } ], \"etag\": \"BwWWja0YfJA=\", \"version\": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).",
+      "description": "An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { \"bindings\": [ { \"role\": \"roles/resourcemanager.organizationAdmin\", \"members\": [ \"user:mike@example.com\", \"group:admins@example.com\", \"domain:google.com\", \"serviceAccount:my-project-id@appspot.gserviceaccount.com\" ] }, { \"role\": \"roles/resourcemanager.organizationViewer\", \"members\": [ \"user:eve@example.com\" ], \"condition\": { \"title\": \"expirable access\", \"description\": \"Does not grant access after Sep 2020\", \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\", } } ], \"etag\": \"BwWWja0YfJA=\", \"version\": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).",
       "id": "Policy",
       "properties": {
         "bindings": {
-          "description": "Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.",
+          "description": "Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.",
           "items": {
             "$ref": "Binding"
           },
diff --git a/googleapiclient/discovery_cache/documents/managedidentities.v1beta1.json b/googleapiclient/discovery_cache/documents/managedidentities.v1beta1.json
index 6509c79b259..4de22a2c310 100644
--- a/googleapiclient/discovery_cache/documents/managedidentities.v1beta1.json
+++ b/googleapiclient/discovery_cache/documents/managedidentities.v1beta1.json
@@ -330,7 +330,7 @@
                       ],
                       "parameters": {
                         "options.requestedPolicyVersion": {
-                          "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+                          "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
                           "format": "int32",
                           "location": "query",
                           "type": "integer"
@@ -755,7 +755,7 @@
                           ],
                           "parameters": {
                             "options.requestedPolicyVersion": {
-                              "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+                              "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
                               "format": "int32",
                               "location": "query",
                               "type": "integer"
@@ -1209,7 +1209,7 @@
                       ],
                       "parameters": {
                         "options.requestedPolicyVersion": {
-                          "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+                          "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
                           "format": "int32",
                           "location": "query",
                           "type": "integer"
@@ -1375,7 +1375,7 @@
       }
     }
   },
-  "revision": "20211004",
+  "revision": "20211108",
   "rootUrl": "https://managedidentities.googleapis.com/",
   "schemas": {
     "AttachTrustRequest": {
@@ -1460,22 +1460,22 @@
       "type": "object"
     },
     "Binding": {
-      "description": "Associates `members` with a `role`.",
+      "description": "Associates `members`, or principals, with a `role`.",
       "id": "Binding",
       "properties": {
         "condition": {
           "$ref": "Expr",
-          "description": "The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
+          "description": "The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
         },
         "members": {
-          "description": "Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. ",
+          "description": "Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. ",
           "items": {
             "type": "string"
           },
           "type": "array"
         },
         "role": {
-          "description": "Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.",
+          "description": "Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.",
           "type": "string"
         }
       },
@@ -2506,11 +2506,11 @@
       "type": "object"
     },
     "Policy": {
-      "description": "An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { \"bindings\": [ { \"role\": \"roles/resourcemanager.organizationAdmin\", \"members\": [ \"user:mike@example.com\", \"group:admins@example.com\", \"domain:google.com\", \"serviceAccount:my-project-id@appspot.gserviceaccount.com\" ] }, { \"role\": \"roles/resourcemanager.organizationViewer\", \"members\": [ \"user:eve@example.com\" ], \"condition\": { \"title\": \"expirable access\", \"description\": \"Does not grant access after Sep 2020\", \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\", } } ], \"etag\": \"BwWWja0YfJA=\", \"version\": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).",
+      "description": "An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { \"bindings\": [ { \"role\": \"roles/resourcemanager.organizationAdmin\", \"members\": [ \"user:mike@example.com\", \"group:admins@example.com\", \"domain:google.com\", \"serviceAccount:my-project-id@appspot.gserviceaccount.com\" ] }, { \"role\": \"roles/resourcemanager.organizationViewer\", \"members\": [ \"user:eve@example.com\" ], \"condition\": { \"title\": \"expirable access\", \"description\": \"Does not grant access after Sep 2020\", \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\", } } ], \"etag\": \"BwWWja0YfJA=\", \"version\": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).",
       "id": "Policy",
       "properties": {
         "bindings": {
-          "description": "Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.",
+          "description": "Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.",
           "items": {
             "$ref": "Binding"
           },
diff --git a/googleapiclient/discovery_cache/documents/metastore.v1alpha.json b/googleapiclient/discovery_cache/documents/metastore.v1alpha.json
index 1de3a8067b1..7c29d6f196a 100644
--- a/googleapiclient/discovery_cache/documents/metastore.v1alpha.json
+++ b/googleapiclient/discovery_cache/documents/metastore.v1alpha.json
@@ -405,7 +405,7 @@
                   ],
                   "parameters": {
                     "options.requestedPolicyVersion": {
-                      "description": "Optional. The policy format version to be returned.Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected.Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset.To learn which resources support conditions in their IAM policies, see the IAM documentation (https://cloud.google.com/iam/help/conditions/resource-policies).",
+                      "description": "Optional. The maximum policy version that will be used to format the policy.Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected.Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset.The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1.To learn which resources support conditions in their IAM policies, see the IAM documentation (https://cloud.google.com/iam/help/conditions/resource-policies).",
                       "format": "int32",
                       "location": "query",
                       "type": "integer"
@@ -702,7 +702,7 @@
                       ],
                       "parameters": {
                         "options.requestedPolicyVersion": {
-                          "description": "Optional. The policy format version to be returned.Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected.Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset.To learn which resources support conditions in their IAM policies, see the IAM documentation (https://cloud.google.com/iam/help/conditions/resource-policies).",
+                          "description": "Optional. The maximum policy version that will be used to format the policy.Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected.Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset.The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1.To learn which resources support conditions in their IAM policies, see the IAM documentation (https://cloud.google.com/iam/help/conditions/resource-policies).",
                           "format": "int32",
                           "location": "query",
                           "type": "integer"
@@ -839,7 +839,7 @@
                       ],
                       "parameters": {
                         "options.requestedPolicyVersion": {
-                          "description": "Optional. The policy format version to be returned.Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected.Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset.To learn which resources support conditions in their IAM policies, see the IAM documentation (https://cloud.google.com/iam/help/conditions/resource-policies).",
+                          "description": "Optional. The maximum policy version that will be used to format the policy.Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected.Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset.The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1.To learn which resources support conditions in their IAM policies, see the IAM documentation (https://cloud.google.com/iam/help/conditions/resource-policies).",
                           "format": "int32",
                           "location": "query",
                           "type": "integer"
@@ -930,7 +930,7 @@
                           ],
                           "parameters": {
                             "options.requestedPolicyVersion": {
-                              "description": "Optional. The policy format version to be returned.Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected.Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset.To learn which resources support conditions in their IAM policies, see the IAM documentation (https://cloud.google.com/iam/help/conditions/resource-policies).",
+                              "description": "Optional. The maximum policy version that will be used to format the policy.Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected.Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset.The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1.To learn which resources support conditions in their IAM policies, see the IAM documentation (https://cloud.google.com/iam/help/conditions/resource-policies).",
                               "format": "int32",
                               "location": "query",
                               "type": "integer"
@@ -1170,7 +1170,7 @@
       }
     }
   },
-  "revision": "20211028",
+  "revision": "20211106",
   "rootUrl": "https://metastore.googleapis.com/",
   "schemas": {
     "AuditConfig": {
@@ -1304,6 +1304,22 @@
       },
       "type": "object"
     },
+    "Consumer": {
+      "description": "Contains information of the customer's network configurations.",
+      "id": "Consumer",
+      "properties": {
+        "endpointUri": {
+          "description": "Output only. The URI of the endpoint used to access the metastore service.",
+          "readOnly": true,
+          "type": "string"
+        },
+        "subnetwork": {
+          "description": "The subnetwork of the customer project from which an IP address is reserved and used as the Dataproc Metastore service's endpoint. It is accessible to hosts in the subnet and to all hosts in a subnet in the same region and same network. There must be at least one IP address available in the subnet's primary range. The subnet is specified in the following form:`projects/{project_number}/regions/{region_id}/subnetworks/{subnetwork_id}",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
     "DataCatalogConfig": {
       "description": "Specifies how metastore metadata should be integrated with the Data Catalog service.",
       "id": "DataCatalogConfig",
@@ -1867,6 +1883,20 @@
       },
       "type": "object"
     },
+    "NetworkConfig": {
+      "description": "Network configuration for the Dataproc Metastore service.",
+      "id": "NetworkConfig",
+      "properties": {
+        "consumers": {
+          "description": "Immutable. The consumer-side network configuration for the Dataproc Metastore instance.",
+          "items": {
+            "$ref": "Consumer"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
     "Operation": {
       "description": "This resource represents a long-running operation that is the result of a network API call.",
       "id": "Operation",
@@ -2136,6 +2166,10 @@
           "description": "Immutable. The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form:projects/{project_number}/global/networks/{network_id}.",
           "type": "string"
         },
+        "networkConfig": {
+          "$ref": "NetworkConfig",
+          "description": "Immutable. The configuration specifying the network settings for the Dataproc Metastore service."
+        },
         "port": {
           "description": "The TCP port at which the metastore service is reached. Default: 9083.",
           "format": "int32",
diff --git a/googleapiclient/discovery_cache/documents/metastore.v1beta.json b/googleapiclient/discovery_cache/documents/metastore.v1beta.json
index 1be0cc70a5b..4fa7384c01b 100644
--- a/googleapiclient/discovery_cache/documents/metastore.v1beta.json
+++ b/googleapiclient/discovery_cache/documents/metastore.v1beta.json
@@ -405,7 +405,7 @@
                   ],
                   "parameters": {
                     "options.requestedPolicyVersion": {
-                      "description": "Optional. The policy format version to be returned.Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected.Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset.To learn which resources support conditions in their IAM policies, see the IAM documentation (https://cloud.google.com/iam/help/conditions/resource-policies).",
+                      "description": "Optional. The maximum policy version that will be used to format the policy.Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected.Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset.The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1.To learn which resources support conditions in their IAM policies, see the IAM documentation (https://cloud.google.com/iam/help/conditions/resource-policies).",
                       "format": "int32",
                       "location": "query",
                       "type": "integer"
@@ -702,7 +702,7 @@
                       ],
                       "parameters": {
                         "options.requestedPolicyVersion": {
-                          "description": "Optional. The policy format version to be returned.Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected.Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset.To learn which resources support conditions in their IAM policies, see the IAM documentation (https://cloud.google.com/iam/help/conditions/resource-policies).",
+                          "description": "Optional. The maximum policy version that will be used to format the policy.Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected.Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset.The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1.To learn which resources support conditions in their IAM policies, see the IAM documentation (https://cloud.google.com/iam/help/conditions/resource-policies).",
                           "format": "int32",
                           "location": "query",
                           "type": "integer"
@@ -986,7 +986,7 @@
       }
     }
   },
-  "revision": "20211028",
+  "revision": "20211106",
   "rootUrl": "https://metastore.googleapis.com/",
   "schemas": {
     "AuditConfig": {
@@ -1120,6 +1120,22 @@
       },
       "type": "object"
     },
+    "Consumer": {
+      "description": "Contains information of the customer's network configurations.",
+      "id": "Consumer",
+      "properties": {
+        "endpointUri": {
+          "description": "Output only. The URI of the endpoint used to access the metastore service.",
+          "readOnly": true,
+          "type": "string"
+        },
+        "subnetwork": {
+          "description": "The subnetwork of the customer project from which an IP address is reserved and used as the Dataproc Metastore service's endpoint. It is accessible to hosts in the subnet and to all hosts in a subnet in the same region and same network. There must be at least one IP address available in the subnet's primary range. The subnet is specified in the following form:`projects/{project_number}/regions/{region_id}/subnetworks/{subnetwork_id}",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
     "DataCatalogConfig": {
       "description": "Specifies how metastore metadata should be integrated with the Data Catalog service.",
       "id": "DataCatalogConfig",
@@ -1683,6 +1699,20 @@
       },
       "type": "object"
     },
+    "NetworkConfig": {
+      "description": "Network configuration for the Dataproc Metastore service.",
+      "id": "NetworkConfig",
+      "properties": {
+        "consumers": {
+          "description": "Immutable. The consumer-side network configuration for the Dataproc Metastore instance.",
+          "items": {
+            "$ref": "Consumer"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
     "Operation": {
       "description": "This resource represents a long-running operation that is the result of a network API call.",
       "id": "Operation",
@@ -1952,6 +1982,10 @@
           "description": "Immutable. The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form:projects/{project_number}/global/networks/{network_id}.",
           "type": "string"
         },
+        "networkConfig": {
+          "$ref": "NetworkConfig",
+          "description": "Immutable. The configuration specifying the network settings for the Dataproc Metastore service."
+        },
         "port": {
           "description": "The TCP port at which the metastore service is reached. Default: 9083.",
           "format": "int32",
diff --git a/googleapiclient/discovery_cache/documents/monitoring.v1.json b/googleapiclient/discovery_cache/documents/monitoring.v1.json
index 88b5d48ea47..b7337d1e346 100644
--- a/googleapiclient/discovery_cache/documents/monitoring.v1.json
+++ b/googleapiclient/discovery_cache/documents/monitoring.v1.json
@@ -679,7 +679,7 @@
       }
     }
   },
-  "revision": "20211031",
+  "revision": "20211108",
   "rootUrl": "https://monitoring.googleapis.com/",
   "schemas": {
     "Aggregation": {
@@ -1190,6 +1190,24 @@
       },
       "type": "object"
     },
+    "LogsPanel": {
+      "description": "A widget that displays a stream of log.",
+      "id": "LogsPanel",
+      "properties": {
+        "filter": {
+          "description": "A filter that chooses which log entries to return. See Advanced Logs Queries (https://cloud.google.com/logging/docs/view/advanced-queries). Only log entries that match the filter are returned. An empty filter matches all log entries.",
+          "type": "string"
+        },
+        "resourceNames": {
+          "description": "The names of logging resources to collect logs for. Does not implicitly include the current host project. Currently only projects are supported. There must be at least one resource_name.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
     "MetricsScope": {
       "description": "Represents a Metrics Scope (https://cloud.google.com/monitoring/settings#concept-scope) in Cloud Monitoring, which specifies one or more Google projects and zero or more AWS accounts to monitor together.",
       "id": "MetricsScope",
@@ -1929,6 +1947,10 @@
           "$ref": "Empty",
           "description": "A blank space."
         },
+        "logsPanel": {
+          "$ref": "LogsPanel",
+          "description": "A widget that shows a stream of logs."
+        },
         "scorecard": {
           "$ref": "Scorecard",
           "description": "A scorecard summarizing time series data."
diff --git a/googleapiclient/discovery_cache/documents/monitoring.v3.json b/googleapiclient/discovery_cache/documents/monitoring.v3.json
index fcbaaea63a6..df4d3de7b52 100644
--- a/googleapiclient/discovery_cache/documents/monitoring.v3.json
+++ b/googleapiclient/discovery_cache/documents/monitoring.v3.json
@@ -2571,7 +2571,7 @@
       }
     }
   },
-  "revision": "20211031",
+  "revision": "20211108",
   "rootUrl": "https://monitoring.googleapis.com/",
   "schemas": {
     "Aggregation": {
diff --git a/googleapiclient/discovery_cache/documents/mybusinessaccountmanagement.v1.json b/googleapiclient/discovery_cache/documents/mybusinessaccountmanagement.v1.json
index 4e9535fcc39..42660228628 100644
--- a/googleapiclient/discovery_cache/documents/mybusinessaccountmanagement.v1.json
+++ b/googleapiclient/discovery_cache/documents/mybusinessaccountmanagement.v1.json
@@ -530,7 +530,7 @@
       }
     }
   },
-  "revision": "20211106",
+  "revision": "20211112",
   "rootUrl": "https://mybusinessaccountmanagement.googleapis.com/",
   "schemas": {
     "AcceptInvitationRequest": {
diff --git a/googleapiclient/discovery_cache/documents/mybusinessbusinessinformation.v1.json b/googleapiclient/discovery_cache/documents/mybusinessbusinessinformation.v1.json
index 804248582d7..db8fbe961aa 100644
--- a/googleapiclient/discovery_cache/documents/mybusinessbusinessinformation.v1.json
+++ b/googleapiclient/discovery_cache/documents/mybusinessbusinessinformation.v1.json
@@ -662,7 +662,7 @@
       }
     }
   },
-  "revision": "20211106",
+  "revision": "20211112",
   "rootUrl": "https://mybusinessbusinessinformation.googleapis.com/",
   "schemas": {
     "AdWordsLocationExtensions": {
@@ -1245,6 +1245,11 @@
           "readOnly": true,
           "type": "boolean"
         },
+        "canHaveBusinessCalls": {
+          "description": "Output only. Indicates if the listing is eligible for business calls.",
+          "readOnly": true,
+          "type": "boolean"
+        },
         "canHaveFoodMenus": {
           "description": "Output only. Indicates if the listing is eligible for food menu.",
           "readOnly": true,
diff --git a/googleapiclient/discovery_cache/documents/mybusinesslodging.v1.json b/googleapiclient/discovery_cache/documents/mybusinesslodging.v1.json
index 0dd2b9946ac..3f9bd5ba596 100644
--- a/googleapiclient/discovery_cache/documents/mybusinesslodging.v1.json
+++ b/googleapiclient/discovery_cache/documents/mybusinesslodging.v1.json
@@ -194,7 +194,7 @@
       }
     }
   },
-  "revision": "20211106",
+  "revision": "20211112",
   "rootUrl": "https://mybusinesslodging.googleapis.com/",
   "schemas": {
     "Accessibility": {
diff --git a/googleapiclient/discovery_cache/documents/mybusinessnotifications.v1.json b/googleapiclient/discovery_cache/documents/mybusinessnotifications.v1.json
index a36ad56fc1d..288723a06cd 100644
--- a/googleapiclient/discovery_cache/documents/mybusinessnotifications.v1.json
+++ b/googleapiclient/discovery_cache/documents/mybusinessnotifications.v1.json
@@ -154,7 +154,7 @@
       }
     }
   },
-  "revision": "20211106",
+  "revision": "20211112",
   "rootUrl": "https://mybusinessnotifications.googleapis.com/",
   "schemas": {
     "NotificationSetting": {
diff --git a/googleapiclient/discovery_cache/documents/mybusinessplaceactions.v1.json b/googleapiclient/discovery_cache/documents/mybusinessplaceactions.v1.json
index 87f681f8a9b..5e5d80c04d8 100644
--- a/googleapiclient/discovery_cache/documents/mybusinessplaceactions.v1.json
+++ b/googleapiclient/discovery_cache/documents/mybusinessplaceactions.v1.json
@@ -281,7 +281,7 @@
       }
     }
   },
-  "revision": "20211106",
+  "revision": "20211112",
   "rootUrl": "https://mybusinessplaceactions.googleapis.com/",
   "schemas": {
     "Empty": {
diff --git a/googleapiclient/discovery_cache/documents/mybusinessverifications.v1.json b/googleapiclient/discovery_cache/documents/mybusinessverifications.v1.json
index 9b45fc64be5..5c8626fb18d 100644
--- a/googleapiclient/discovery_cache/documents/mybusinessverifications.v1.json
+++ b/googleapiclient/discovery_cache/documents/mybusinessverifications.v1.json
@@ -256,7 +256,7 @@
       }
     }
   },
-  "revision": "20211106",
+  "revision": "20211112",
   "rootUrl": "https://mybusinessverifications.googleapis.com/",
   "schemas": {
     "AddressVerificationData": {
diff --git a/googleapiclient/discovery_cache/documents/networkmanagement.v1.json b/googleapiclient/discovery_cache/documents/networkmanagement.v1.json
index 75789ce675f..906788b133b 100644
--- a/googleapiclient/discovery_cache/documents/networkmanagement.v1.json
+++ b/googleapiclient/discovery_cache/documents/networkmanagement.v1.json
@@ -274,7 +274,7 @@
                       ],
                       "parameters": {
                         "options.requestedPolicyVersion": {
-                          "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+                          "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
                           "format": "int32",
                           "location": "query",
                           "type": "integer"
@@ -591,7 +591,7 @@
       }
     }
   },
-  "revision": "20211027",
+  "revision": "20211103",
   "rootUrl": "https://networkmanagement.googleapis.com/",
   "schemas": {
     "AbortInfo": {
diff --git a/googleapiclient/discovery_cache/documents/networkmanagement.v1beta1.json b/googleapiclient/discovery_cache/documents/networkmanagement.v1beta1.json
index 49a18e760a8..6e0fdb8f699 100644
--- a/googleapiclient/discovery_cache/documents/networkmanagement.v1beta1.json
+++ b/googleapiclient/discovery_cache/documents/networkmanagement.v1beta1.json
@@ -274,7 +274,7 @@
                       ],
                       "parameters": {
                         "options.requestedPolicyVersion": {
-                          "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+                          "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
                           "format": "int32",
                           "location": "query",
                           "type": "integer"
@@ -591,7 +591,7 @@
       }
     }
   },
-  "revision": "20211027",
+  "revision": "20211103",
   "rootUrl": "https://networkmanagement.googleapis.com/",
   "schemas": {
     "AbortInfo": {
diff --git a/googleapiclient/discovery_cache/documents/networkservices.v1.json b/googleapiclient/discovery_cache/documents/networkservices.v1.json
index dd22459fcab..4a5febdb0de 100644
--- a/googleapiclient/discovery_cache/documents/networkservices.v1.json
+++ b/googleapiclient/discovery_cache/documents/networkservices.v1.json
@@ -189,7 +189,7 @@
                   ],
                   "parameters": {
                     "options.requestedPolicyVersion": {
-                      "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+                      "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
                       "format": "int32",
                       "location": "query",
                       "type": "integer"
@@ -280,7 +280,7 @@
                   ],
                   "parameters": {
                     "options.requestedPolicyVersion": {
-                      "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+                      "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
                       "format": "int32",
                       "location": "query",
                       "type": "integer"
@@ -371,7 +371,7 @@
                   ],
                   "parameters": {
                     "options.requestedPolicyVersion": {
-                      "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+                      "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
                       "format": "int32",
                       "location": "query",
                       "type": "integer"
@@ -545,7 +545,7 @@
                   ],
                   "parameters": {
                     "options.requestedPolicyVersion": {
-                      "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+                      "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
                       "format": "int32",
                       "location": "query",
                       "type": "integer"
@@ -822,7 +822,7 @@
       }
     }
   },
-  "revision": "20211019",
+  "revision": "20211109",
   "rootUrl": "https://networkservices.googleapis.com/",
   "schemas": {
     "AuditConfig": {
@@ -966,7 +966,7 @@
       "id": "EndpointPolicy",
       "properties": {
         "authorizationPolicy": {
-          "description": "Optional. This field specifies the URL of AuthorizationPolicy resource that applies authorization policies to the inbound traffic at the matched endpoints. Refer to Authorization. If this field is not specified, authorization is disabled(no authz checks) for this endpoint. Applicable only when EndpointPolicyType is SIDECAR_PROXY.",
+          "description": "Optional. This field specifies the URL of AuthorizationPolicy resource that applies authorization policies to the inbound traffic at the matched endpoints. Refer to Authorization. If this field is not specified, authorization is disabled(no authz checks) for this endpoint.",
           "type": "string"
         },
         "clientTlsPolicy": {
diff --git a/googleapiclient/discovery_cache/documents/networkservices.v1beta1.json b/googleapiclient/discovery_cache/documents/networkservices.v1beta1.json
index 2c03924d029..30d3d493c9c 100644
--- a/googleapiclient/discovery_cache/documents/networkservices.v1beta1.json
+++ b/googleapiclient/discovery_cache/documents/networkservices.v1beta1.json
@@ -272,7 +272,7 @@
                   ],
                   "parameters": {
                     "options.requestedPolicyVersion": {
-                      "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+                      "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
                       "format": "int32",
                       "location": "query",
                       "type": "integer"
@@ -549,7 +549,7 @@
       }
     }
   },
-  "revision": "20211019",
+  "revision": "20211109",
   "rootUrl": "https://networkservices.googleapis.com/",
   "schemas": {
     "AuditConfig": {
@@ -650,7 +650,7 @@
       "id": "EndpointPolicy",
       "properties": {
         "authorizationPolicy": {
-          "description": "Optional. This field specifies the URL of AuthorizationPolicy resource that applies authorization policies to the inbound traffic at the matched endpoints. Refer to Authorization. If this field is not specified, authorization is disabled(no authz checks) for this endpoint. Applicable only when EndpointPolicyType is SIDECAR_PROXY.",
+          "description": "Optional. This field specifies the URL of AuthorizationPolicy resource that applies authorization policies to the inbound traffic at the matched endpoints. Refer to Authorization. If this field is not specified, authorization is disabled(no authz checks) for this endpoint.",
           "type": "string"
         },
         "clientTlsPolicy": {
diff --git a/googleapiclient/discovery_cache/documents/ondemandscanning.v1.json b/googleapiclient/discovery_cache/documents/ondemandscanning.v1.json
index 8245259a01d..9251610dba1 100644
--- a/googleapiclient/discovery_cache/documents/ondemandscanning.v1.json
+++ b/googleapiclient/discovery_cache/documents/ondemandscanning.v1.json
@@ -339,7 +339,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211106",
   "rootUrl": "https://ondemandscanning.googleapis.com/",
   "schemas": {
     "AliasContext": {
diff --git a/googleapiclient/discovery_cache/documents/ondemandscanning.v1beta1.json b/googleapiclient/discovery_cache/documents/ondemandscanning.v1beta1.json
index cfb9e04831a..fa4a67f522a 100644
--- a/googleapiclient/discovery_cache/documents/ondemandscanning.v1beta1.json
+++ b/googleapiclient/discovery_cache/documents/ondemandscanning.v1beta1.json
@@ -339,7 +339,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211106",
   "rootUrl": "https://ondemandscanning.googleapis.com/",
   "schemas": {
     "AliasContext": {
diff --git a/googleapiclient/discovery_cache/documents/orgpolicy.v2.json b/googleapiclient/discovery_cache/documents/orgpolicy.v2.json
index 5d53e0b3002..8bf5348fd8a 100644
--- a/googleapiclient/discovery_cache/documents/orgpolicy.v2.json
+++ b/googleapiclient/discovery_cache/documents/orgpolicy.v2.json
@@ -751,7 +751,7 @@
       }
     }
   },
-  "revision": "20211105",
+  "revision": "20211114",
   "rootUrl": "https://orgpolicy.googleapis.com/",
   "schemas": {
     "GoogleCloudOrgpolicyV2Constraint": {
diff --git a/googleapiclient/discovery_cache/documents/oslogin.v1.json b/googleapiclient/discovery_cache/documents/oslogin.v1.json
index c740dab23c6..e30f92e243b 100644
--- a/googleapiclient/discovery_cache/documents/oslogin.v1.json
+++ b/googleapiclient/discovery_cache/documents/oslogin.v1.json
@@ -347,7 +347,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211106",
   "rootUrl": "https://oslogin.googleapis.com/",
   "schemas": {
     "Empty": {
diff --git a/googleapiclient/discovery_cache/documents/oslogin.v1alpha.json b/googleapiclient/discovery_cache/documents/oslogin.v1alpha.json
index f94d554656b..5995a90c4b2 100644
--- a/googleapiclient/discovery_cache/documents/oslogin.v1alpha.json
+++ b/googleapiclient/discovery_cache/documents/oslogin.v1alpha.json
@@ -407,7 +407,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211106",
   "rootUrl": "https://oslogin.googleapis.com/",
   "schemas": {
     "Empty": {
diff --git a/googleapiclient/discovery_cache/documents/oslogin.v1beta.json b/googleapiclient/discovery_cache/documents/oslogin.v1beta.json
index 06dbd7d81b0..c0464532229 100644
--- a/googleapiclient/discovery_cache/documents/oslogin.v1beta.json
+++ b/googleapiclient/discovery_cache/documents/oslogin.v1beta.json
@@ -377,7 +377,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211106",
   "rootUrl": "https://oslogin.googleapis.com/",
   "schemas": {
     "Empty": {
diff --git a/googleapiclient/discovery_cache/documents/pagespeedonline.v5.json b/googleapiclient/discovery_cache/documents/pagespeedonline.v5.json
index 38d0a6f539a..8fdf5557943 100644
--- a/googleapiclient/discovery_cache/documents/pagespeedonline.v5.json
+++ b/googleapiclient/discovery_cache/documents/pagespeedonline.v5.json
@@ -193,7 +193,7 @@
       }
     }
   },
-  "revision": "20211105",
+  "revision": "20211112",
   "rootUrl": "https://pagespeedonline.googleapis.com/",
   "schemas": {
     "AuditRefs": {
diff --git a/googleapiclient/discovery_cache/documents/paymentsresellersubscription.v1.json b/googleapiclient/discovery_cache/documents/paymentsresellersubscription.v1.json
index 7b7d022b03f..2154906e43c 100644
--- a/googleapiclient/discovery_cache/documents/paymentsresellersubscription.v1.json
+++ b/googleapiclient/discovery_cache/documents/paymentsresellersubscription.v1.json
@@ -366,7 +366,7 @@
       }
     }
   },
-  "revision": "20211108",
+  "revision": "20211115",
   "rootUrl": "https://paymentsresellersubscription.googleapis.com/",
   "schemas": {
     "GoogleCloudPaymentsResellerSubscriptionV1CancelSubscriptionRequest": {
@@ -762,6 +762,12 @@
           "readOnly": true,
           "type": "string"
         },
+        "renewalTime": {
+          "description": "Output only. The time at which the subscription is expected to be renewed by Google - a new charge will be incurred and the service entitlement will be renewed. A non-immediate cancellation will take place at this time too, before which, the service entitlement for the end user will remain valid. UTC timezone in ISO 8061 format. For example: \"2019-08-31T17:28:54.564Z\"",
+          "format": "google-datetime",
+          "readOnly": true,
+          "type": "string"
+        },
         "serviceLocation": {
           "$ref": "GoogleCloudPaymentsResellerSubscriptionV1Location",
           "description": "Required. The location that the service is provided as indicated by the partner."
diff --git a/googleapiclient/discovery_cache/documents/people.v1.json b/googleapiclient/discovery_cache/documents/people.v1.json
index 1d1dcf2e285..fe8d5648a9f 100644
--- a/googleapiclient/discovery_cache/documents/people.v1.json
+++ b/googleapiclient/discovery_cache/documents/people.v1.json
@@ -1172,7 +1172,7 @@
       }
     }
   },
-  "revision": "20211103",
+  "revision": "20211111",
   "rootUrl": "https://people.googleapis.com/",
   "schemas": {
     "Address": {
diff --git a/googleapiclient/discovery_cache/documents/playcustomapp.v1.json b/googleapiclient/discovery_cache/documents/playcustomapp.v1.json
index 7d1c62d34d4..ff573db39bf 100644
--- a/googleapiclient/discovery_cache/documents/playcustomapp.v1.json
+++ b/googleapiclient/discovery_cache/documents/playcustomapp.v1.json
@@ -158,7 +158,7 @@
       }
     }
   },
-  "revision": "20211105",
+  "revision": "20211112",
   "rootUrl": "https://playcustomapp.googleapis.com/",
   "schemas": {
     "CustomApp": {
diff --git a/googleapiclient/discovery_cache/documents/policyanalyzer.v1.json b/googleapiclient/discovery_cache/documents/policyanalyzer.v1.json
index fc62a638650..31132c0eab7 100644
--- a/googleapiclient/discovery_cache/documents/policyanalyzer.v1.json
+++ b/googleapiclient/discovery_cache/documents/policyanalyzer.v1.json
@@ -163,7 +163,7 @@
       }
     }
   },
-  "revision": "20211105",
+  "revision": "20211112",
   "rootUrl": "https://policyanalyzer.googleapis.com/",
   "schemas": {
     "GoogleCloudPolicyanalyzerV1Activity": {
diff --git a/googleapiclient/discovery_cache/documents/policyanalyzer.v1beta1.json b/googleapiclient/discovery_cache/documents/policyanalyzer.v1beta1.json
index a63b773b00b..adf84640726 100644
--- a/googleapiclient/discovery_cache/documents/policyanalyzer.v1beta1.json
+++ b/googleapiclient/discovery_cache/documents/policyanalyzer.v1beta1.json
@@ -163,7 +163,7 @@
       }
     }
   },
-  "revision": "20211105",
+  "revision": "20211112",
   "rootUrl": "https://policyanalyzer.googleapis.com/",
   "schemas": {
     "GoogleCloudPolicyanalyzerV1beta1Activity": {
diff --git a/googleapiclient/discovery_cache/documents/policysimulator.v1.json b/googleapiclient/discovery_cache/documents/policysimulator.v1.json
index 2b6dda84ffc..cf45145d3a0 100644
--- a/googleapiclient/discovery_cache/documents/policysimulator.v1.json
+++ b/googleapiclient/discovery_cache/documents/policysimulator.v1.json
@@ -493,7 +493,7 @@
       }
     }
   },
-  "revision": "20211022",
+  "revision": "20211105",
   "rootUrl": "https://policysimulator.googleapis.com/",
   "schemas": {
     "GoogleCloudPolicysimulatorV1AccessStateDiff": {
diff --git a/googleapiclient/discovery_cache/documents/policysimulator.v1beta1.json b/googleapiclient/discovery_cache/documents/policysimulator.v1beta1.json
index 94a046932f7..8814322025c 100644
--- a/googleapiclient/discovery_cache/documents/policysimulator.v1beta1.json
+++ b/googleapiclient/discovery_cache/documents/policysimulator.v1beta1.json
@@ -493,7 +493,7 @@
       }
     }
   },
-  "revision": "20211022",
+  "revision": "20211105",
   "rootUrl": "https://policysimulator.googleapis.com/",
   "schemas": {
     "GoogleCloudPolicysimulatorV1Replay": {
diff --git a/googleapiclient/discovery_cache/documents/policytroubleshooter.v1.json b/googleapiclient/discovery_cache/documents/policytroubleshooter.v1.json
index 0884b81c28b..dbde2775f43 100644
--- a/googleapiclient/discovery_cache/documents/policytroubleshooter.v1.json
+++ b/googleapiclient/discovery_cache/documents/policytroubleshooter.v1.json
@@ -128,7 +128,7 @@
       }
     }
   },
-  "revision": "20211105",
+  "revision": "20211112",
   "rootUrl": "https://policytroubleshooter.googleapis.com/",
   "schemas": {
     "GoogleCloudPolicytroubleshooterV1AccessTuple": {
diff --git a/googleapiclient/discovery_cache/documents/policytroubleshooter.v1beta.json b/googleapiclient/discovery_cache/documents/policytroubleshooter.v1beta.json
index 016813f2f94..8f722a69040 100644
--- a/googleapiclient/discovery_cache/documents/policytroubleshooter.v1beta.json
+++ b/googleapiclient/discovery_cache/documents/policytroubleshooter.v1beta.json
@@ -128,7 +128,7 @@
       }
     }
   },
-  "revision": "20211105",
+  "revision": "20211112",
   "rootUrl": "https://policytroubleshooter.googleapis.com/",
   "schemas": {
     "GoogleCloudPolicytroubleshooterV1betaAccessTuple": {
diff --git a/googleapiclient/discovery_cache/documents/privateca.v1.json b/googleapiclient/discovery_cache/documents/privateca.v1.json
index 3d6f1668ec2..2240906f6ff 100644
--- a/googleapiclient/discovery_cache/documents/privateca.v1.json
+++ b/googleapiclient/discovery_cache/documents/privateca.v1.json
@@ -12,7 +12,7 @@
   "baseUrl": "https://privateca.googleapis.com/",
   "batchPath": "batch",
   "canonicalName": "Certificate Authority Service",
-  "description": "The Certificate Authority Service API is a highly-available, scalable service that enables you to simplify and automate the management of private certificate authorities (CAs) while staying in control of your private keys.\" ",
+  "description": "The Certificate Authority Service API is a highly-available, scalable service that enables you to simplify and automate the management of private certificate authorities (CAs) while staying in control of your private keys. ",
   "discoveryVersion": "v1",
   "documentationLink": "https://cloud.google.com/",
   "fullyEncodeReservedExpansion": true,
@@ -310,7 +310,7 @@
                   ],
                   "parameters": {
                     "options.requestedPolicyVersion": {
-                      "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+                      "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
                       "format": "int32",
                       "location": "query",
                       "type": "integer"
@@ -835,7 +835,7 @@
                           ],
                           "parameters": {
                             "options.requestedPolicyVersion": {
-                              "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+                              "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
                               "format": "int32",
                               "location": "query",
                               "type": "integer"
@@ -1298,7 +1298,7 @@
                   ],
                   "parameters": {
                     "options.requestedPolicyVersion": {
-                      "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+                      "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
                       "format": "int32",
                       "location": "query",
                       "type": "integer"
@@ -1590,7 +1590,7 @@
       }
     }
   },
-  "revision": "20211101",
+  "revision": "20211103",
   "rootUrl": "https://privateca.googleapis.com/",
   "schemas": {
     "AccessUrls": {
diff --git a/googleapiclient/discovery_cache/documents/privateca.v1beta1.json b/googleapiclient/discovery_cache/documents/privateca.v1beta1.json
index 689876ef0ad..3f659daae26 100644
--- a/googleapiclient/discovery_cache/documents/privateca.v1beta1.json
+++ b/googleapiclient/discovery_cache/documents/privateca.v1beta1.json
@@ -12,7 +12,7 @@
   "baseUrl": "https://privateca.googleapis.com/",
   "batchPath": "batch",
   "canonicalName": "Certificate Authority Service",
-  "description": "The Certificate Authority Service API is a highly-available, scalable service that enables you to simplify and automate the management of private certificate authorities (CAs) while staying in control of your private keys.\" ",
+  "description": "The Certificate Authority Service API is a highly-available, scalable service that enables you to simplify and automate the management of private certificate authorities (CAs) while staying in control of your private keys. ",
   "discoveryVersion": "v1",
   "documentationLink": "https://cloud.google.com/",
   "fullyEncodeReservedExpansion": true,
@@ -361,7 +361,7 @@
                   ],
                   "parameters": {
                     "options.requestedPolicyVersion": {
-                      "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+                      "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
                       "format": "int32",
                       "location": "query",
                       "type": "integer"
@@ -618,7 +618,7 @@
                       ],
                       "parameters": {
                         "options.requestedPolicyVersion": {
-                          "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+                          "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
                           "format": "int32",
                           "location": "query",
                           "type": "integer"
@@ -1124,7 +1124,7 @@
                   ],
                   "parameters": {
                     "options.requestedPolicyVersion": {
-                      "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+                      "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
                       "format": "int32",
                       "location": "query",
                       "type": "integer"
@@ -1254,7 +1254,7 @@
       }
     }
   },
-  "revision": "20211101",
+  "revision": "20211103",
   "rootUrl": "https://privateca.googleapis.com/",
   "schemas": {
     "AccessUrls": {
diff --git a/googleapiclient/discovery_cache/documents/pubsub.v1.json b/googleapiclient/discovery_cache/documents/pubsub.v1.json
index 573596059d5..8a3ccfab1ff 100644
--- a/googleapiclient/discovery_cache/documents/pubsub.v1.json
+++ b/googleapiclient/discovery_cache/documents/pubsub.v1.json
@@ -1424,7 +1424,7 @@
       }
     }
   },
-  "revision": "20211025",
+  "revision": "20211105",
   "rootUrl": "https://pubsub.googleapis.com/",
   "schemas": {
     "AcknowledgeRequest": {
diff --git a/googleapiclient/discovery_cache/documents/pubsub.v1beta1a.json b/googleapiclient/discovery_cache/documents/pubsub.v1beta1a.json
index 19053af6fe2..5b9de8378eb 100644
--- a/googleapiclient/discovery_cache/documents/pubsub.v1beta1a.json
+++ b/googleapiclient/discovery_cache/documents/pubsub.v1beta1a.json
@@ -457,7 +457,7 @@
       }
     }
   },
-  "revision": "20211025",
+  "revision": "20211105",
   "rootUrl": "https://pubsub.googleapis.com/",
   "schemas": {
     "AcknowledgeRequest": {
diff --git a/googleapiclient/discovery_cache/documents/pubsub.v1beta2.json b/googleapiclient/discovery_cache/documents/pubsub.v1beta2.json
index b35377c8e0a..53e8922ab9d 100644
--- a/googleapiclient/discovery_cache/documents/pubsub.v1beta2.json
+++ b/googleapiclient/discovery_cache/documents/pubsub.v1beta2.json
@@ -724,7 +724,7 @@
       }
     }
   },
-  "revision": "20211025",
+  "revision": "20211105",
   "rootUrl": "https://pubsub.googleapis.com/",
   "schemas": {
     "AcknowledgeRequest": {
diff --git a/googleapiclient/discovery_cache/documents/pubsublite.v1.json b/googleapiclient/discovery_cache/documents/pubsublite.v1.json
index b275e380468..71b9865e22c 100644
--- a/googleapiclient/discovery_cache/documents/pubsublite.v1.json
+++ b/googleapiclient/discovery_cache/documents/pubsublite.v1.json
@@ -1040,7 +1040,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211105",
   "rootUrl": "https://pubsublite.googleapis.com/",
   "schemas": {
     "CancelOperationRequest": {
diff --git a/googleapiclient/discovery_cache/documents/realtimebidding.v1.json b/googleapiclient/discovery_cache/documents/realtimebidding.v1.json
index 9bae10940ff..5ec513817c6 100644
--- a/googleapiclient/discovery_cache/documents/realtimebidding.v1.json
+++ b/googleapiclient/discovery_cache/documents/realtimebidding.v1.json
@@ -1174,7 +1174,7 @@
       }
     }
   },
-  "revision": "20211106",
+  "revision": "20211115",
   "rootUrl": "https://realtimebidding.googleapis.com/",
   "schemas": {
     "ActivatePretargetingConfigRequest": {
diff --git a/googleapiclient/discovery_cache/documents/realtimebidding.v1alpha.json b/googleapiclient/discovery_cache/documents/realtimebidding.v1alpha.json
index eb4259fb0d5..d2ebe10b051 100644
--- a/googleapiclient/discovery_cache/documents/realtimebidding.v1alpha.json
+++ b/googleapiclient/discovery_cache/documents/realtimebidding.v1alpha.json
@@ -234,7 +234,7 @@
       }
     }
   },
-  "revision": "20211106",
+  "revision": "20211115",
   "rootUrl": "https://realtimebidding.googleapis.com/",
   "schemas": {
     "ActivateBiddingFunctionRequest": {
diff --git a/googleapiclient/discovery_cache/documents/recaptchaenterprise.v1.json b/googleapiclient/discovery_cache/documents/recaptchaenterprise.v1.json
index caa0c7f8141..d94144d8ae7 100644
--- a/googleapiclient/discovery_cache/documents/recaptchaenterprise.v1.json
+++ b/googleapiclient/discovery_cache/documents/recaptchaenterprise.v1.json
@@ -489,7 +489,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211112",
   "rootUrl": "https://recaptchaenterprise.googleapis.com/",
   "schemas": {
     "GoogleCloudRecaptchaenterpriseV1AccountDefenderAssessment": {
@@ -665,11 +665,6 @@
           "description": "Optional. The expected action for this type of event. This should be the same action provided at token generation time on client-side platforms already integrated with recaptcha enterprise.",
           "type": "string"
         },
-        "hashedAccountId": {
-          "description": "Optional. Optional unique stable hashed user identifier for the request. The identifier should ideally be hashed using sha256 with stable secret.",
-          "format": "byte",
-          "type": "string"
-        },
         "siteKey": {
           "description": "Optional. The site key that was used to invoke reCAPTCHA on your site and generate the token.",
           "type": "string"
diff --git a/googleapiclient/discovery_cache/documents/recommendationengine.v1beta1.json b/googleapiclient/discovery_cache/documents/recommendationengine.v1beta1.json
index 9a897874920..77f8fcfb0cf 100644
--- a/googleapiclient/discovery_cache/documents/recommendationengine.v1beta1.json
+++ b/googleapiclient/discovery_cache/documents/recommendationengine.v1beta1.json
@@ -842,7 +842,7 @@
       }
     }
   },
-  "revision": "20211027",
+  "revision": "20211111",
   "rootUrl": "https://recommendationengine.googleapis.com/",
   "schemas": {
     "GoogleApiHttpBody": {
diff --git a/googleapiclient/discovery_cache/documents/recommender.v1.json b/googleapiclient/discovery_cache/documents/recommender.v1.json
index 45403e17ba6..7cb389a6812 100644
--- a/googleapiclient/discovery_cache/documents/recommender.v1.json
+++ b/googleapiclient/discovery_cache/documents/recommender.v1.json
@@ -1178,7 +1178,7 @@
       }
     }
   },
-  "revision": "20211031",
+  "revision": "20211105",
   "rootUrl": "https://recommender.googleapis.com/",
   "schemas": {
     "GoogleCloudRecommenderV1CostProjection": {
diff --git a/googleapiclient/discovery_cache/documents/recommender.v1beta1.json b/googleapiclient/discovery_cache/documents/recommender.v1beta1.json
index 354e65bd223..996537e4999 100644
--- a/googleapiclient/discovery_cache/documents/recommender.v1beta1.json
+++ b/googleapiclient/discovery_cache/documents/recommender.v1beta1.json
@@ -646,6 +646,72 @@
         "locations": {
           "resources": {
             "insightTypes": {
+              "methods": {
+                "config": {
+                  "description": "Updates an InsightTypeConfig change. This will create a new revision of the config.",
+                  "flatPath": "v1beta1/organizations/{organizationsId}/locations/{locationsId}/insightTypes/{insightTypesId}/config",
+                  "httpMethod": "POST",
+                  "id": "recommender.organizations.locations.insightTypes.config",
+                  "parameterOrder": [
+                    "name"
+                  ],
+                  "parameters": {
+                    "name": {
+                      "description": "Name of insight type config. Eg, projects/[PROJECT_NUMBER]/locations/[LOCATION]/insightTypes/[INSIGHT_TYPE_ID]/config",
+                      "location": "path",
+                      "pattern": "^organizations/[^/]+/locations/[^/]+/insightTypes/[^/]+/config$",
+                      "required": true,
+                      "type": "string"
+                    },
+                    "updateMask": {
+                      "description": "The list of fields to be updated.",
+                      "format": "google-fieldmask",
+                      "location": "query",
+                      "type": "string"
+                    },
+                    "validateOnly": {
+                      "description": "If true, validate the request and preview the change, but do not actually update it.",
+                      "location": "query",
+                      "type": "boolean"
+                    }
+                  },
+                  "path": "v1beta1/{+name}",
+                  "request": {
+                    "$ref": "GoogleCloudRecommenderV1beta1InsightTypeConfig"
+                  },
+                  "response": {
+                    "$ref": "GoogleCloudRecommenderV1beta1InsightTypeConfig"
+                  },
+                  "scopes": [
+                    "https://www.googleapis.com/auth/cloud-platform"
+                  ]
+                },
+                "getConfig": {
+                  "description": "Gets the requested InsightTypeConfig. There is only one instance of the config for each InsightType.",
+                  "flatPath": "v1beta1/organizations/{organizationsId}/locations/{locationsId}/insightTypes/{insightTypesId}/config",
+                  "httpMethod": "GET",
+                  "id": "recommender.organizations.locations.insightTypes.getConfig",
+                  "parameterOrder": [
+                    "name"
+                  ],
+                  "parameters": {
+                    "name": {
+                      "description": "Required. Name of the InsightTypeConfig to get. Acceptable formats: * `projects/[PROJECT_NUMBER]/locations/global/recommenders/[INSIGHT_TYPE_ID]/config` * `projects/[PROJECT_ID]/locations/global/recommenders/[INSIGHT_TYPE_ID]/config`",
+                      "location": "path",
+                      "pattern": "^organizations/[^/]+/locations/[^/]+/insightTypes/[^/]+/config$",
+                      "required": true,
+                      "type": "string"
+                    }
+                  },
+                  "path": "v1beta1/{+name}",
+                  "response": {
+                    "$ref": "GoogleCloudRecommenderV1beta1InsightTypeConfig"
+                  },
+                  "scopes": [
+                    "https://www.googleapis.com/auth/cloud-platform"
+                  ]
+                }
+              },
               "resources": {
                 "insights": {
                   "methods": {
@@ -748,6 +814,72 @@
               }
             },
             "recommenders": {
+              "methods": {
+                "config": {
+                  "description": "Updates a Recommender Config. This will create a new revision of the config.",
+                  "flatPath": "v1beta1/organizations/{organizationsId}/locations/{locationsId}/recommenders/{recommendersId}/config",
+                  "httpMethod": "POST",
+                  "id": "recommender.organizations.locations.recommenders.config",
+                  "parameterOrder": [
+                    "name"
+                  ],
+                  "parameters": {
+                    "name": {
+                      "description": "Name of recommender config. Eg, projects/[PROJECT_NUMBER]/locations/[LOCATION]/recommenders/[RECOMMENDER_ID]/config",
+                      "location": "path",
+                      "pattern": "^organizations/[^/]+/locations/[^/]+/recommenders/[^/]+/config$",
+                      "required": true,
+                      "type": "string"
+                    },
+                    "updateMask": {
+                      "description": "The list of fields to be updated.",
+                      "format": "google-fieldmask",
+                      "location": "query",
+                      "type": "string"
+                    },
+                    "validateOnly": {
+                      "description": "If true, validate the request and preview the change, but do not actually update it.",
+                      "location": "query",
+                      "type": "boolean"
+                    }
+                  },
+                  "path": "v1beta1/{+name}",
+                  "request": {
+                    "$ref": "GoogleCloudRecommenderV1beta1RecommenderConfig"
+                  },
+                  "response": {
+                    "$ref": "GoogleCloudRecommenderV1beta1RecommenderConfig"
+                  },
+                  "scopes": [
+                    "https://www.googleapis.com/auth/cloud-platform"
+                  ]
+                },
+                "getConfig": {
+                  "description": "Gets the requested Recommender Config. There is only one instance of the config for each Recommender.",
+                  "flatPath": "v1beta1/organizations/{organizationsId}/locations/{locationsId}/recommenders/{recommendersId}/config",
+                  "httpMethod": "GET",
+                  "id": "recommender.organizations.locations.recommenders.getConfig",
+                  "parameterOrder": [
+                    "name"
+                  ],
+                  "parameters": {
+                    "name": {
+                      "description": "Required. Name of the Recommendation Config to get. Acceptable formats: * `projects/[PROJECT_NUMBER]/locations/global/recommenders/[RECOMMENDER_ID]/config` * `projects/[PROJECT_ID]/locations/global/recommenders/[RECOMMENDER_ID]/config`",
+                      "location": "path",
+                      "pattern": "^organizations/[^/]+/locations/[^/]+/recommenders/[^/]+/config$",
+                      "required": true,
+                      "type": "string"
+                    }
+                  },
+                  "path": "v1beta1/{+name}",
+                  "response": {
+                    "$ref": "GoogleCloudRecommenderV1beta1RecommenderConfig"
+                  },
+                  "scopes": [
+                    "https://www.googleapis.com/auth/cloud-platform"
+                  ]
+                }
+              },
               "resources": {
                 "recommendations": {
                   "methods": {
@@ -914,6 +1046,72 @@
         "locations": {
           "resources": {
             "insightTypes": {
+              "methods": {
+                "getConfig": {
+                  "description": "Gets the requested InsightTypeConfig. There is only one instance of the config for each InsightType.",
+                  "flatPath": "v1beta1/projects/{projectsId}/locations/{locationsId}/insightTypes/{insightTypesId}/config",
+                  "httpMethod": "GET",
+                  "id": "recommender.projects.locations.insightTypes.getConfig",
+                  "parameterOrder": [
+                    "name"
+                  ],
+                  "parameters": {
+                    "name": {
+                      "description": "Required. Name of the InsightTypeConfig to get. Acceptable formats: * `projects/[PROJECT_NUMBER]/locations/global/recommenders/[INSIGHT_TYPE_ID]/config` * `projects/[PROJECT_ID]/locations/global/recommenders/[INSIGHT_TYPE_ID]/config`",
+                      "location": "path",
+                      "pattern": "^projects/[^/]+/locations/[^/]+/insightTypes/[^/]+/config$",
+                      "required": true,
+                      "type": "string"
+                    }
+                  },
+                  "path": "v1beta1/{+name}",
+                  "response": {
+                    "$ref": "GoogleCloudRecommenderV1beta1InsightTypeConfig"
+                  },
+                  "scopes": [
+                    "https://www.googleapis.com/auth/cloud-platform"
+                  ]
+                },
+                "updateConfig": {
+                  "description": "Updates an InsightTypeConfig change. This will create a new revision of the config.",
+                  "flatPath": "v1beta1/projects/{projectsId}/locations/{locationsId}/insightTypes/{insightTypesId}/config",
+                  "httpMethod": "PATCH",
+                  "id": "recommender.projects.locations.insightTypes.updateConfig",
+                  "parameterOrder": [
+                    "name"
+                  ],
+                  "parameters": {
+                    "name": {
+                      "description": "Name of insight type config. Eg, projects/[PROJECT_NUMBER]/locations/[LOCATION]/insightTypes/[INSIGHT_TYPE_ID]/config",
+                      "location": "path",
+                      "pattern": "^projects/[^/]+/locations/[^/]+/insightTypes/[^/]+/config$",
+                      "required": true,
+                      "type": "string"
+                    },
+                    "updateMask": {
+                      "description": "The list of fields to be updated.",
+                      "format": "google-fieldmask",
+                      "location": "query",
+                      "type": "string"
+                    },
+                    "validateOnly": {
+                      "description": "If true, validate the request and preview the change, but do not actually update it.",
+                      "location": "query",
+                      "type": "boolean"
+                    }
+                  },
+                  "path": "v1beta1/{+name}",
+                  "request": {
+                    "$ref": "GoogleCloudRecommenderV1beta1InsightTypeConfig"
+                  },
+                  "response": {
+                    "$ref": "GoogleCloudRecommenderV1beta1InsightTypeConfig"
+                  },
+                  "scopes": [
+                    "https://www.googleapis.com/auth/cloud-platform"
+                  ]
+                }
+              },
               "resources": {
                 "insights": {
                   "methods": {
@@ -1016,6 +1214,72 @@
               }
             },
             "recommenders": {
+              "methods": {
+                "getConfig": {
+                  "description": "Gets the requested Recommender Config. There is only one instance of the config for each Recommender.",
+                  "flatPath": "v1beta1/projects/{projectsId}/locations/{locationsId}/recommenders/{recommendersId}/config",
+                  "httpMethod": "GET",
+                  "id": "recommender.projects.locations.recommenders.getConfig",
+                  "parameterOrder": [
+                    "name"
+                  ],
+                  "parameters": {
+                    "name": {
+                      "description": "Required. Name of the Recommendation Config to get. Acceptable formats: * `projects/[PROJECT_NUMBER]/locations/global/recommenders/[RECOMMENDER_ID]/config` * `projects/[PROJECT_ID]/locations/global/recommenders/[RECOMMENDER_ID]/config`",
+                      "location": "path",
+                      "pattern": "^projects/[^/]+/locations/[^/]+/recommenders/[^/]+/config$",
+                      "required": true,
+                      "type": "string"
+                    }
+                  },
+                  "path": "v1beta1/{+name}",
+                  "response": {
+                    "$ref": "GoogleCloudRecommenderV1beta1RecommenderConfig"
+                  },
+                  "scopes": [
+                    "https://www.googleapis.com/auth/cloud-platform"
+                  ]
+                },
+                "updateConfig": {
+                  "description": "Updates a Recommender Config. This will create a new revision of the config.",
+                  "flatPath": "v1beta1/projects/{projectsId}/locations/{locationsId}/recommenders/{recommendersId}/config",
+                  "httpMethod": "PATCH",
+                  "id": "recommender.projects.locations.recommenders.updateConfig",
+                  "parameterOrder": [
+                    "name"
+                  ],
+                  "parameters": {
+                    "name": {
+                      "description": "Name of recommender config. Eg, projects/[PROJECT_NUMBER]/locations/[LOCATION]/recommenders/[RECOMMENDER_ID]/config",
+                      "location": "path",
+                      "pattern": "^projects/[^/]+/locations/[^/]+/recommenders/[^/]+/config$",
+                      "required": true,
+                      "type": "string"
+                    },
+                    "updateMask": {
+                      "description": "The list of fields to be updated.",
+                      "format": "google-fieldmask",
+                      "location": "query",
+                      "type": "string"
+                    },
+                    "validateOnly": {
+                      "description": "If true, validate the request and preview the change, but do not actually update it.",
+                      "location": "query",
+                      "type": "boolean"
+                    }
+                  },
+                  "path": "v1beta1/{+name}",
+                  "request": {
+                    "$ref": "GoogleCloudRecommenderV1beta1RecommenderConfig"
+                  },
+                  "response": {
+                    "$ref": "GoogleCloudRecommenderV1beta1RecommenderConfig"
+                  },
+                  "scopes": [
+                    "https://www.googleapis.com/auth/cloud-platform"
+                  ]
+                }
+              },
               "resources": {
                 "recommendations": {
                   "methods": {
@@ -1178,7 +1442,7 @@
       }
     }
   },
-  "revision": "20211031",
+  "revision": "20211105",
   "rootUrl": "https://recommender.googleapis.com/",
   "schemas": {
     "GoogleCloudRecommenderV1beta1CostProjection": {
@@ -1366,6 +1630,61 @@
       },
       "type": "object"
     },
+    "GoogleCloudRecommenderV1beta1InsightTypeConfig": {
+      "description": "Configuration for an InsightType.",
+      "id": "GoogleCloudRecommenderV1beta1InsightTypeConfig",
+      "properties": {
+        "annotations": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "description": "Allows clients to store small amounts of arbitrary data. Annotations must follow the Kubernetes syntax. The total size of all keys and values combined is limited to 256k. Key can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between.",
+          "type": "object"
+        },
+        "displayName": {
+          "description": "A user-settable field to provide a human-readable name to be used in user interfaces.",
+          "type": "string"
+        },
+        "etag": {
+          "description": "Fingerprint of the InsightTypeConfig. Provides optimistic locking when updating.",
+          "type": "string"
+        },
+        "insightTypeGenerationConfig": {
+          "$ref": "GoogleCloudRecommenderV1beta1InsightTypeGenerationConfig",
+          "description": "InsightTypeGenerationConfig which configures the generation of insights for this insight type."
+        },
+        "name": {
+          "description": "Name of insight type config. Eg, projects/[PROJECT_NUMBER]/locations/[LOCATION]/insightTypes/[INSIGHT_TYPE_ID]/config",
+          "type": "string"
+        },
+        "revisionId": {
+          "description": "Output only. Immutable. The revision ID of the config. A new revision is committed whenever the config is changed in any way. The format is an 8-character hexadecimal string.",
+          "readOnly": true,
+          "type": "string"
+        },
+        "updateTime": {
+          "description": "Last time when the config was updated.",
+          "format": "google-datetime",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "GoogleCloudRecommenderV1beta1InsightTypeGenerationConfig": {
+      "description": "A configuration to customize the generation of insights. Eg, customizing the lookback period considered when generating a insight.",
+      "id": "GoogleCloudRecommenderV1beta1InsightTypeGenerationConfig",
+      "properties": {
+        "params": {
+          "additionalProperties": {
+            "description": "Properties of the object.",
+            "type": "any"
+          },
+          "description": "Parameters for this InsightTypeGenerationConfig. These configs can be used by or are applied to all subtypes.",
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
     "GoogleCloudRecommenderV1beta1ListInsightsResponse": {
       "description": "Response to the `ListInsights` method.",
       "id": "GoogleCloudRecommenderV1beta1ListInsightsResponse",
@@ -1684,6 +2003,61 @@
       },
       "type": "object"
     },
+    "GoogleCloudRecommenderV1beta1RecommenderConfig": {
+      "description": "Configuration for a Recommender.",
+      "id": "GoogleCloudRecommenderV1beta1RecommenderConfig",
+      "properties": {
+        "annotations": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "description": "Allows clients to store small amounts of arbitrary data. Annotations must follow the Kubernetes syntax. The total size of all keys and values combined is limited to 256k. Key can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between.",
+          "type": "object"
+        },
+        "displayName": {
+          "description": "A user-settable field to provide a human-readable name to be used in user interfaces.",
+          "type": "string"
+        },
+        "etag": {
+          "description": "Fingerprint of the RecommenderConfig. Provides optimistic locking when updating.",
+          "type": "string"
+        },
+        "name": {
+          "description": "Name of recommender config. Eg, projects/[PROJECT_NUMBER]/locations/[LOCATION]/recommenders/[RECOMMENDER_ID]/config",
+          "type": "string"
+        },
+        "recommenderGenerationConfig": {
+          "$ref": "GoogleCloudRecommenderV1beta1RecommenderGenerationConfig",
+          "description": "RecommenderGenerationConfig which configures the Generation of recommendations for this recommender."
+        },
+        "revisionId": {
+          "description": "Output only. Immutable. The revision ID of the config. A new revision is committed whenever the config is changed in any way. The format is an 8-character hexadecimal string.",
+          "readOnly": true,
+          "type": "string"
+        },
+        "updateTime": {
+          "description": "Last time when the config was updated.",
+          "format": "google-datetime",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "GoogleCloudRecommenderV1beta1RecommenderGenerationConfig": {
+      "description": "A Configuration to customize the generation of recommendations. Eg, customizing the lookback period considered when generating a recommendation.",
+      "id": "GoogleCloudRecommenderV1beta1RecommenderGenerationConfig",
+      "properties": {
+        "params": {
+          "additionalProperties": {
+            "description": "Properties of the object.",
+            "type": "any"
+          },
+          "description": "Parameters for this RecommenderGenerationConfig. These configs can be used by or are applied to all subtypes.",
+          "type": "object"
+        }
+      },
+      "type": "object"
+    },
     "GoogleCloudRecommenderV1beta1SecurityProjection": {
       "description": "Contains various ways of describing the impact on Security.",
       "id": "GoogleCloudRecommenderV1beta1SecurityProjection",
diff --git a/googleapiclient/discovery_cache/documents/redis.v1.json b/googleapiclient/discovery_cache/documents/redis.v1.json
index 8db57aedeb4..3b5c87c9541 100644
--- a/googleapiclient/discovery_cache/documents/redis.v1.json
+++ b/googleapiclient/discovery_cache/documents/redis.v1.json
@@ -624,7 +624,7 @@
       }
     }
   },
-  "revision": "20211026",
+  "revision": "20211104",
   "rootUrl": "https://redis.googleapis.com/",
   "schemas": {
     "Empty": {
@@ -768,7 +768,7 @@
       "type": "object"
     },
     "Instance": {
-      "description": "A Google Cloud Redis instance. next id = 38",
+      "description": "A Google Cloud Redis instance.",
       "id": "Instance",
       "properties": {
         "alternativeLocationId": {
@@ -881,16 +881,16 @@
           "type": "integer"
         },
         "readReplicasMode": {
-          "description": "Optional. Read replica mode.",
+          "description": "Optional. Read replica mode. Can only be specified when trying to create the instance.",
           "enum": [
             "READ_REPLICAS_MODE_UNSPECIFIED",
             "READ_REPLICAS_DISABLED",
             "READ_REPLICAS_ENABLED"
           ],
           "enumDescriptions": [
-            "If not set, Memorystore Redis backend will pick the mode based on other fields in the request.",
+            "If not set, Memorystore Redis backend will default to READ_REPLICAS_DISABLED.",
             "If disabled, read endpoint will not be provided and the instance cannot scale up or down the number of replicas.",
-            "If enabled, read endpoint will be provided and the instance can scale up and down the number of replicas."
+            "If enabled, read endpoint will be provided and the instance can scale up and down the number of replicas. Not valid for basic tier."
           ],
           "type": "string"
         },
@@ -906,7 +906,7 @@
           "type": "string"
         },
         "replicaCount": {
-          "description": "Optional. The number of replica nodes. Valid range for standard tier is [1-5] and defaults to 2. Valid value for basic tier is 0 and defaults to 0.",
+          "description": "Optional. The number of replica nodes. The valid range for the Standard Tier with read replicas enabled is [1-5] and defaults to 2. If read replicas are not enabled for a Standard Tier instance, the only valid value is 1 and the default is 1. The valid value for basic tier is 0 and the default is also 0.",
           "format": "int32",
           "type": "integer"
         },
diff --git a/googleapiclient/discovery_cache/documents/redis.v1beta1.json b/googleapiclient/discovery_cache/documents/redis.v1beta1.json
index f576471e2c9..2773c0d72f8 100644
--- a/googleapiclient/discovery_cache/documents/redis.v1beta1.json
+++ b/googleapiclient/discovery_cache/documents/redis.v1beta1.json
@@ -624,7 +624,7 @@
       }
     }
   },
-  "revision": "20211026",
+  "revision": "20211104",
   "rootUrl": "https://redis.googleapis.com/",
   "schemas": {
     "Empty": {
@@ -775,7 +775,7 @@
       "type": "object"
     },
     "Instance": {
-      "description": "A Google Cloud Redis instance. next id = 38",
+      "description": "A Google Cloud Redis instance.",
       "id": "Instance",
       "properties": {
         "alternativeLocationId": {
@@ -888,16 +888,16 @@
           "type": "integer"
         },
         "readReplicasMode": {
-          "description": "Optional. Read replica mode.",
+          "description": "Optional. Read replica mode. Can only be specified when trying to create the instance.",
           "enum": [
             "READ_REPLICAS_MODE_UNSPECIFIED",
             "READ_REPLICAS_DISABLED",
             "READ_REPLICAS_ENABLED"
           ],
           "enumDescriptions": [
-            "If not set, Memorystore Redis backend will pick the mode based on other fields in the request.",
+            "If not set, Memorystore Redis backend will default to READ_REPLICAS_DISABLED.",
             "If disabled, read endpoint will not be provided and the instance cannot scale up or down the number of replicas.",
-            "If enabled, read endpoint will be provided and the instance can scale up and down the number of replicas."
+            "If enabled, read endpoint will be provided and the instance can scale up and down the number of replicas. Not valid for basic tier."
           ],
           "type": "string"
         },
@@ -913,7 +913,7 @@
           "type": "string"
         },
         "replicaCount": {
-          "description": "Optional. The number of replica nodes. Valid range for standard tier is [1-5] and defaults to 2. Valid value for basic tier is 0 and defaults to 0.",
+          "description": "Optional. The number of replica nodes. The valid range for the Standard Tier with read replicas enabled is [1-5] and defaults to 2. If read replicas are not enabled for a Standard Tier instance, the only valid value is 1 and the default is 1. The valid value for basic tier is 0 and the default is also 0.",
           "format": "int32",
           "type": "integer"
         },
diff --git a/googleapiclient/discovery_cache/documents/reseller.v1.json b/googleapiclient/discovery_cache/documents/reseller.v1.json
index 91109866425..7e6db2f5fb9 100644
--- a/googleapiclient/discovery_cache/documents/reseller.v1.json
+++ b/googleapiclient/discovery_cache/documents/reseller.v1.json
@@ -631,7 +631,7 @@
       }
     }
   },
-  "revision": "20211102",
+  "revision": "20211106",
   "rootUrl": "https://reseller.googleapis.com/",
   "schemas": {
     "Address": {
@@ -733,9 +733,9 @@
         "customerType": {
           "description": "Identifies the type of the customer. Acceptable values include: * `domain`: Implies a domain-verified customer (default). * `team`: Implies an email-verified customer. For more information, see [managed teams](https://support.google.com/a/users/answer/9939479).",
           "enum": [
-            "CUSTOMER_TYPE_UNSPECIFIED",
-            "DOMAIN",
-            "TEAM"
+            "customerTypeUnspecified",
+            "domain",
+            "team"
           ],
           "enumDescriptions": [
             "Customer type not known",
diff --git a/googleapiclient/discovery_cache/documents/resourcesettings.v1.json b/googleapiclient/discovery_cache/documents/resourcesettings.v1.json
index 7cd59cc5f57..eba4454c1e2 100644
--- a/googleapiclient/discovery_cache/documents/resourcesettings.v1.json
+++ b/googleapiclient/discovery_cache/documents/resourcesettings.v1.json
@@ -499,7 +499,7 @@
       }
     }
   },
-  "revision": "20211105",
+  "revision": "20211112",
   "rootUrl": "https://resourcesettings.googleapis.com/",
   "schemas": {
     "GoogleCloudResourcesettingsV1ListSettingsResponse": {
diff --git a/googleapiclient/discovery_cache/documents/retail.v2.json b/googleapiclient/discovery_cache/documents/retail.v2.json
index 3dcfd44ea40..0be7aefd0a1 100644
--- a/googleapiclient/discovery_cache/documents/retail.v2.json
+++ b/googleapiclient/discovery_cache/documents/retail.v2.json
@@ -1007,7 +1007,7 @@
       }
     }
   },
-  "revision": "20211028",
+  "revision": "20211104",
   "rootUrl": "https://retail.googleapis.com/",
   "schemas": {
     "GoogleApiHttpBody": {
@@ -2128,7 +2128,7 @@
       "id": "GoogleCloudRetailV2ProductLevelConfig",
       "properties": {
         "ingestionProductType": {
-          "description": "The type of Products allowed to be ingested into the catalog. Acceptable values are: * `primary` (default): You can only ingest Product.Type.PRIMARY Products. This means Product.primary_product_id can only be empty or set to the same value as Product.id. * `variant`: You can only ingest Product.Type.VARIANT Products. This means Product.primary_product_id cannot be empty. If this field is set to an invalid value other than these, an INVALID_ARGUMENT error is returned. If this field is `variant` and merchant_center_product_id_field is `itemGroupId`, an INVALID_ARGUMENT error is returned. See [Using product levels](https://cloud.google.com/retail/recommendations-ai/docs/catalog#product-levels) for more details.",
+          "description": "The type of Products allowed to be ingested into the catalog. Acceptable values are: * `primary` (default): You can ingest Products of all types. When ingesting a Product, its type will default to Product.Type.PRIMARY if unset. * `variant`: You can only ingest Product.Type.VARIANT Products. This means Product.primary_product_id cannot be empty. If this field is set to an invalid value other than these, an INVALID_ARGUMENT error is returned. If this field is `variant` and merchant_center_product_id_field is `itemGroupId`, an INVALID_ARGUMENT error is returned. See [Using product levels](https://cloud.google.com/retail/recommendations-ai/docs/catalog#product-levels) for more details.",
           "type": "string"
         },
         "merchantCenterProductIdField": {
diff --git a/googleapiclient/discovery_cache/documents/retail.v2alpha.json b/googleapiclient/discovery_cache/documents/retail.v2alpha.json
index 25a88e6254f..0364ab230eb 100644
--- a/googleapiclient/discovery_cache/documents/retail.v2alpha.json
+++ b/googleapiclient/discovery_cache/documents/retail.v2alpha.json
@@ -1068,7 +1068,7 @@
       }
     }
   },
-  "revision": "20211028",
+  "revision": "20211104",
   "rootUrl": "https://retail.googleapis.com/",
   "schemas": {
     "GoogleApiHttpBody": {
@@ -1470,7 +1470,7 @@
           "type": "string"
         },
         "allowMissing": {
-          "description": "If set to true, and the Product is not found, the local inventory will still be processed and retained for at most 1 day and processed once the Product is created. If set to false, an INVALID_ARGUMENT error is returned if the Product is not found.",
+          "description": "If set to true, and the Product is not found, the local inventory will still be processed and retained for at most 1 day and processed once the Product is created. If set to false, a NOT_FOUND error is returned if the Product is not found.",
           "type": "boolean"
         },
         "localInventories": {
@@ -2089,7 +2089,7 @@
           "additionalProperties": {
             "$ref": "GoogleCloudRetailV2alphaCustomAttribute"
           },
-          "description": "Additional local inventory attributes, for example, store name, promotion tags, etc. * At most 5 values are allowed. Otherwise, an INVALID_ARGUMENT error is returned. * The key must be a UTF-8 encoded string with a length limit of 10 characters. * The key must match the pattern: `a-zA-Z0-9*`. For example, key0LikeThis or KEY_1_LIKE_THIS. * The attribute values must be of the same type (text or number). * The max number of values per attribute is 10. * For text values, the length limit is 10 UTF-8 characters.",
+          "description": "Additional local inventory attributes, for example, store name, promotion tags, etc. * At most 5 values are allowed. Otherwise, an INVALID_ARGUMENT error is returned. * The key must be a UTF-8 encoded string with a length limit of 10 characters. * The key must match the pattern: `a-zA-Z0-9*`. For example, key0LikeThis or KEY_1_LIKE_THIS. * The attribute values must be of the same type (text or number). * The max number of values per attribute is 10. * For text values, the length limit is 10 UTF-8 characters. * The attribute does not support search. The `searchable` field should be unset or set to false.",
           "type": "object"
         },
         "placeId": {
@@ -2550,7 +2550,7 @@
       "id": "GoogleCloudRetailV2alphaProductLevelConfig",
       "properties": {
         "ingestionProductType": {
-          "description": "The type of Products allowed to be ingested into the catalog. Acceptable values are: * `primary` (default): You can only ingest Product.Type.PRIMARY Products. This means Product.primary_product_id can only be empty or set to the same value as Product.id. * `variant`: You can only ingest Product.Type.VARIANT Products. This means Product.primary_product_id cannot be empty. If this field is set to an invalid value other than these, an INVALID_ARGUMENT error is returned. If this field is `variant` and merchant_center_product_id_field is `itemGroupId`, an INVALID_ARGUMENT error is returned. See [Using product levels](https://cloud.google.com/retail/recommendations-ai/docs/catalog#product-levels) for more details.",
+          "description": "The type of Products allowed to be ingested into the catalog. Acceptable values are: * `primary` (default): You can ingest Products of all types. When ingesting a Product, its type will default to Product.Type.PRIMARY if unset. * `variant`: You can only ingest Product.Type.VARIANT Products. This means Product.primary_product_id cannot be empty. If this field is set to an invalid value other than these, an INVALID_ARGUMENT error is returned. If this field is `variant` and merchant_center_product_id_field is `itemGroupId`, an INVALID_ARGUMENT error is returned. See [Using product levels](https://cloud.google.com/retail/recommendations-ai/docs/catalog#product-levels) for more details.",
           "type": "string"
         },
         "merchantCenterProductIdField": {
diff --git a/googleapiclient/discovery_cache/documents/retail.v2beta.json b/googleapiclient/discovery_cache/documents/retail.v2beta.json
index d7392efc9ef..ebb47e0928b 100644
--- a/googleapiclient/discovery_cache/documents/retail.v2beta.json
+++ b/googleapiclient/discovery_cache/documents/retail.v2beta.json
@@ -1007,7 +1007,7 @@
       }
     }
   },
-  "revision": "20211028",
+  "revision": "20211104",
   "rootUrl": "https://retail.googleapis.com/",
   "schemas": {
     "GoogleApiHttpBody": {
@@ -2658,7 +2658,7 @@
       "id": "GoogleCloudRetailV2betaProductLevelConfig",
       "properties": {
         "ingestionProductType": {
-          "description": "The type of Products allowed to be ingested into the catalog. Acceptable values are: * `primary` (default): You can only ingest Product.Type.PRIMARY Products. This means Product.primary_product_id can only be empty or set to the same value as Product.id. * `variant`: You can only ingest Product.Type.VARIANT Products. This means Product.primary_product_id cannot be empty. If this field is set to an invalid value other than these, an INVALID_ARGUMENT error is returned. If this field is `variant` and merchant_center_product_id_field is `itemGroupId`, an INVALID_ARGUMENT error is returned. See [Using product levels](https://cloud.google.com/retail/recommendations-ai/docs/catalog#product-levels) for more details.",
+          "description": "The type of Products allowed to be ingested into the catalog. Acceptable values are: * `primary` (default): You can ingest Products of all types. When ingesting a Product, its type will default to Product.Type.PRIMARY if unset. * `variant`: You can only ingest Product.Type.VARIANT Products. This means Product.primary_product_id cannot be empty. If this field is set to an invalid value other than these, an INVALID_ARGUMENT error is returned. If this field is `variant` and merchant_center_product_id_field is `itemGroupId`, an INVALID_ARGUMENT error is returned. See [Using product levels](https://cloud.google.com/retail/recommendations-ai/docs/catalog#product-levels) for more details.",
           "type": "string"
         },
         "merchantCenterProductIdField": {
diff --git a/googleapiclient/discovery_cache/documents/run.v1.json b/googleapiclient/discovery_cache/documents/run.v1.json
index 8cb0c318b9e..568b28e4448 100644
--- a/googleapiclient/discovery_cache/documents/run.v1.json
+++ b/googleapiclient/discovery_cache/documents/run.v1.json
@@ -1590,7 +1590,7 @@
                   ],
                   "parameters": {
                     "options.requestedPolicyVersion": {
-                      "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+                      "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
                       "format": "int32",
                       "location": "query",
                       "type": "integer"
@@ -1768,7 +1768,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211105",
   "rootUrl": "https://run.googleapis.com/",
   "schemas": {
     "Addressable": {
diff --git a/googleapiclient/discovery_cache/documents/run.v1alpha1.json b/googleapiclient/discovery_cache/documents/run.v1alpha1.json
index 949887c522b..3dfd7f2e2bc 100644
--- a/googleapiclient/discovery_cache/documents/run.v1alpha1.json
+++ b/googleapiclient/discovery_cache/documents/run.v1alpha1.json
@@ -268,7 +268,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211105",
   "rootUrl": "https://run.googleapis.com/",
   "schemas": {
     "ConfigMapEnvSource": {
diff --git a/googleapiclient/discovery_cache/documents/runtimeconfig.v1.json b/googleapiclient/discovery_cache/documents/runtimeconfig.v1.json
index 54120291a84..3a4d93bbcb5 100644
--- a/googleapiclient/discovery_cache/documents/runtimeconfig.v1.json
+++ b/googleapiclient/discovery_cache/documents/runtimeconfig.v1.json
@@ -210,7 +210,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211115",
   "rootUrl": "https://runtimeconfig.googleapis.com/",
   "schemas": {
     "CancelOperationRequest": {
diff --git a/googleapiclient/discovery_cache/documents/runtimeconfig.v1beta1.json b/googleapiclient/discovery_cache/documents/runtimeconfig.v1beta1.json
index 956161a1e99..40f113dbef1 100644
--- a/googleapiclient/discovery_cache/documents/runtimeconfig.v1beta1.json
+++ b/googleapiclient/discovery_cache/documents/runtimeconfig.v1beta1.json
@@ -208,7 +208,7 @@
               ],
               "parameters": {
                 "options.requestedPolicyVersion": {
-                  "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+                  "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
                   "format": "int32",
                   "location": "query",
                   "type": "integer"
@@ -805,7 +805,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211108",
   "rootUrl": "https://runtimeconfig.googleapis.com/",
   "schemas": {
     "Binding": {
diff --git a/googleapiclient/discovery_cache/documents/safebrowsing.v4.json b/googleapiclient/discovery_cache/documents/safebrowsing.v4.json
index 1907a2620af..e974fddc1f4 100644
--- a/googleapiclient/discovery_cache/documents/safebrowsing.v4.json
+++ b/googleapiclient/discovery_cache/documents/safebrowsing.v4.json
@@ -261,7 +261,7 @@
       }
     }
   },
-  "revision": "20211105",
+  "revision": "20211112",
   "rootUrl": "https://safebrowsing.googleapis.com/",
   "schemas": {
     "GoogleProtobufEmpty": {
diff --git a/googleapiclient/discovery_cache/documents/sasportal.v1alpha1.json b/googleapiclient/discovery_cache/documents/sasportal.v1alpha1.json
index 8f9b63a1802..5c368cf8906 100644
--- a/googleapiclient/discovery_cache/documents/sasportal.v1alpha1.json
+++ b/googleapiclient/discovery_cache/documents/sasportal.v1alpha1.json
@@ -2483,7 +2483,7 @@
       }
     }
   },
-  "revision": "20211014",
+  "revision": "20211105",
   "rootUrl": "https://sasportal.googleapis.com/",
   "schemas": {
     "SasPortalAssignment": {
diff --git a/googleapiclient/discovery_cache/documents/script.v1.json b/googleapiclient/discovery_cache/documents/script.v1.json
index 930421c8403..e654a6a1029 100644
--- a/googleapiclient/discovery_cache/documents/script.v1.json
+++ b/googleapiclient/discovery_cache/documents/script.v1.json
@@ -887,7 +887,7 @@
       }
     }
   },
-  "revision": "20211025",
+  "revision": "20211105",
   "rootUrl": "https://script.googleapis.com/",
   "schemas": {
     "Content": {
diff --git a/googleapiclient/discovery_cache/documents/searchconsole.v1.json b/googleapiclient/discovery_cache/documents/searchconsole.v1.json
index 511806f9f87..574ec7ab9bc 100644
--- a/googleapiclient/discovery_cache/documents/searchconsole.v1.json
+++ b/googleapiclient/discovery_cache/documents/searchconsole.v1.json
@@ -373,7 +373,7 @@
       }
     }
   },
-  "revision": "20211104",
+  "revision": "20211112",
   "rootUrl": "https://searchconsole.googleapis.com/",
   "schemas": {
     "ApiDataRow": {
diff --git a/googleapiclient/discovery_cache/documents/secretmanager.v1.json b/googleapiclient/discovery_cache/documents/secretmanager.v1.json
index a78d56d92c6..bc256deb283 100644
--- a/googleapiclient/discovery_cache/documents/secretmanager.v1.json
+++ b/googleapiclient/discovery_cache/documents/secretmanager.v1.json
@@ -305,7 +305,7 @@
               ],
               "parameters": {
                 "options.requestedPolicyVersion": {
-                  "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+                  "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
                   "format": "int32",
                   "location": "query",
                   "type": "integer"
@@ -643,7 +643,7 @@
       }
     }
   },
-  "revision": "20211022",
+  "revision": "20211105",
   "rootUrl": "https://secretmanager.googleapis.com/",
   "schemas": {
     "AccessSecretVersionResponse": {
diff --git a/googleapiclient/discovery_cache/documents/secretmanager.v1beta1.json b/googleapiclient/discovery_cache/documents/secretmanager.v1beta1.json
index 6fb88fb29be..d95b2581af5 100644
--- a/googleapiclient/discovery_cache/documents/secretmanager.v1beta1.json
+++ b/googleapiclient/discovery_cache/documents/secretmanager.v1beta1.json
@@ -300,7 +300,7 @@
               ],
               "parameters": {
                 "options.requestedPolicyVersion": {
-                  "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+                  "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
                   "format": "int32",
                   "location": "query",
                   "type": "integer"
@@ -628,7 +628,7 @@
       }
     }
   },
-  "revision": "20211022",
+  "revision": "20211105",
   "rootUrl": "https://secretmanager.googleapis.com/",
   "schemas": {
     "AccessSecretVersionResponse": {
diff --git a/googleapiclient/discovery_cache/documents/securitycenter.v1.json b/googleapiclient/discovery_cache/documents/securitycenter.v1.json
index 7dbacfbbb7f..2af92703a22 100644
--- a/googleapiclient/discovery_cache/documents/securitycenter.v1.json
+++ b/googleapiclient/discovery_cache/documents/securitycenter.v1.json
@@ -243,6 +243,195 @@
             }
           }
         },
+        "findings": {
+          "methods": {
+            "bulkMute": {
+              "description": "Kicks off an LRO to bulk mute findings for a parent based on a filter. The parent can be either an organization, folder or project. The findings matched by the filter will be muted after the LRO is done.",
+              "flatPath": "v1/folders/{foldersId}/findings:bulkMute",
+              "httpMethod": "POST",
+              "id": "securitycenter.folders.findings.bulkMute",
+              "parameterOrder": [
+                "parent"
+              ],
+              "parameters": {
+                "parent": {
+                  "description": "Required. The parent, at which bulk action needs to be applied. Its format is \"organizations/[organization_id]\", \"folders/[folder_id]\", \"projects/[project_id]\".",
+                  "location": "path",
+                  "pattern": "^folders/[^/]+$",
+                  "required": true,
+                  "type": "string"
+                }
+              },
+              "path": "v1/{+parent}/findings:bulkMute",
+              "request": {
+                "$ref": "BulkMuteFindingsRequest"
+              },
+              "response": {
+                "$ref": "Operation"
+              },
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ]
+            }
+          }
+        },
+        "muteConfigs": {
+          "methods": {
+            "create": {
+              "description": "Creates a mute config.",
+              "flatPath": "v1/folders/{foldersId}/muteConfigs",
+              "httpMethod": "POST",
+              "id": "securitycenter.folders.muteConfigs.create",
+              "parameterOrder": [
+                "parent"
+              ],
+              "parameters": {
+                "muteConfigId": {
+                  "description": "Required. Unique identifier provided by the client within the parent scope. It must consist of lower case letters, numbers, and hyphen, with the first character a letter, the last a letter or a number, and a 63 character maximum.",
+                  "location": "query",
+                  "type": "string"
+                },
+                "parent": {
+                  "description": "Required. Resource name of the new mute configs's parent. Its format is \"organizations/[organization_id]\", \"folders/[folder_id]\", or \"projects/[project_id]\".",
+                  "location": "path",
+                  "pattern": "^folders/[^/]+$",
+                  "required": true,
+                  "type": "string"
+                }
+              },
+              "path": "v1/{+parent}/muteConfigs",
+              "request": {
+                "$ref": "GoogleCloudSecuritycenterV1MuteConfig"
+              },
+              "response": {
+                "$ref": "GoogleCloudSecuritycenterV1MuteConfig"
+              },
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ]
+            },
+            "delete": {
+              "description": "Deletes an existing mute config.",
+              "flatPath": "v1/folders/{foldersId}/muteConfigs/{muteConfigsId}",
+              "httpMethod": "DELETE",
+              "id": "securitycenter.folders.muteConfigs.delete",
+              "parameterOrder": [
+                "name"
+              ],
+              "parameters": {
+                "name": {
+                  "description": "Required. Name of the mute config to delete. Its format is organizations/{organization}/muteConfigs/{config_id}, folders/{folder}/muteConfigs/{config_id}, or projects/{project}/muteConfigs/{config_id}",
+                  "location": "path",
+                  "pattern": "^folders/[^/]+/muteConfigs/[^/]+$",
+                  "required": true,
+                  "type": "string"
+                }
+              },
+              "path": "v1/{+name}",
+              "response": {
+                "$ref": "Empty"
+              },
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ]
+            },
+            "get": {
+              "description": "Gets a mute config.",
+              "flatPath": "v1/folders/{foldersId}/muteConfigs/{muteConfigsId}",
+              "httpMethod": "GET",
+              "id": "securitycenter.folders.muteConfigs.get",
+              "parameterOrder": [
+                "name"
+              ],
+              "parameters": {
+                "name": {
+                  "description": "Required. Name of the mute config to retrieve. Its format is organizations/{organization}/muteConfigs/{config_id}, folders/{folder}/muteConfigs/{config_id}, or projects/{project}/muteConfigs/{config_id}",
+                  "location": "path",
+                  "pattern": "^folders/[^/]+/muteConfigs/[^/]+$",
+                  "required": true,
+                  "type": "string"
+                }
+              },
+              "path": "v1/{+name}",
+              "response": {
+                "$ref": "GoogleCloudSecuritycenterV1MuteConfig"
+              },
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ]
+            },
+            "list": {
+              "description": "Lists mute configs.",
+              "flatPath": "v1/folders/{foldersId}/muteConfigs",
+              "httpMethod": "GET",
+              "id": "securitycenter.folders.muteConfigs.list",
+              "parameterOrder": [
+                "parent"
+              ],
+              "parameters": {
+                "pageSize": {
+                  "description": "The maximum number of configs to return. The service may return fewer than this value. If unspecified, at most 10 configs will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.",
+                  "format": "int32",
+                  "location": "query",
+                  "type": "integer"
+                },
+                "pageToken": {
+                  "description": "A page token, received from a previous `ListMuteConfigs` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListMuteConfigs` must match the call that provided the page token.",
+                  "location": "query",
+                  "type": "string"
+                },
+                "parent": {
+                  "description": "Required. The parent, which owns the collection of mute configs. Its format is \"organizations/[organization_id]\", \"folders/[folder_id]\", \"projects/[project_id]\".",
+                  "location": "path",
+                  "pattern": "^folders/[^/]+$",
+                  "required": true,
+                  "type": "string"
+                }
+              },
+              "path": "v1/{+parent}/muteConfigs",
+              "response": {
+                "$ref": "ListMuteConfigsResponse"
+              },
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ]
+            },
+            "patch": {
+              "description": "Updates a mute config.",
+              "flatPath": "v1/folders/{foldersId}/muteConfigs/{muteConfigsId}",
+              "httpMethod": "PATCH",
+              "id": "securitycenter.folders.muteConfigs.patch",
+              "parameterOrder": [
+                "name"
+              ],
+              "parameters": {
+                "name": {
+                  "description": "This field will be ignored if provided on config creation. Format \"organizations/{organization}/muteConfigs/{mute_config}\" \"folders/{folder}/muteConfigs/{mute_config}\" \"projects/{project}/muteConfigs/{mute_config}\"",
+                  "location": "path",
+                  "pattern": "^folders/[^/]+/muteConfigs/[^/]+$",
+                  "required": true,
+                  "type": "string"
+                },
+                "updateMask": {
+                  "description": "The list of fields to be updated. If empty all mutable fields will be updated.",
+                  "format": "google-fieldmask",
+                  "location": "query",
+                  "type": "string"
+                }
+              },
+              "path": "v1/{+name}",
+              "request": {
+                "$ref": "GoogleCloudSecuritycenterV1MuteConfig"
+              },
+              "response": {
+                "$ref": "GoogleCloudSecuritycenterV1MuteConfig"
+              },
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ]
+            }
+          }
+        },
         "sources": {
           "methods": {
             "list": {
@@ -411,6 +600,34 @@
                     "https://www.googleapis.com/auth/cloud-platform"
                   ]
                 },
+                "setMute": {
+                  "description": "Updates the mute state of a finding.",
+                  "flatPath": "v1/folders/{foldersId}/sources/{sourcesId}/findings/{findingsId}:setMute",
+                  "httpMethod": "POST",
+                  "id": "securitycenter.folders.sources.findings.setMute",
+                  "parameterOrder": [
+                    "name"
+                  ],
+                  "parameters": {
+                    "name": {
+                      "description": "Required. The relative resource name of the finding. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: \"organizations/{organization_id}/sources/{source_id}/finding/{finding_id}\", \"folders/{folder_id}/sources/{source_id}/finding/{finding_id}\", \"projects/{project_id}/sources/{source_id}/finding/{finding_id}\".",
+                      "location": "path",
+                      "pattern": "^folders/[^/]+/sources/[^/]+/findings/[^/]+$",
+                      "required": true,
+                      "type": "string"
+                    }
+                  },
+                  "path": "v1/{+name}:setMute",
+                  "request": {
+                    "$ref": "SetMuteRequest"
+                  },
+                  "response": {
+                    "$ref": "Finding"
+                  },
+                  "scopes": [
+                    "https://www.googleapis.com/auth/cloud-platform"
+                  ]
+                },
                 "setState": {
                   "description": "Updates the state of a finding.",
                   "flatPath": "v1/folders/{foldersId}/sources/{sourcesId}/findings/{findingsId}:setState",
@@ -479,6 +696,46 @@
                     "https://www.googleapis.com/auth/cloud-platform"
                   ]
                 }
+              },
+              "resources": {
+                "externalSystems": {
+                  "methods": {
+                    "patch": {
+                      "description": "Updates external system. This is for a given finding.",
+                      "flatPath": "v1/folders/{foldersId}/sources/{sourcesId}/findings/{findingsId}/externalSystems/{externalSystemsId}",
+                      "httpMethod": "PATCH",
+                      "id": "securitycenter.folders.sources.findings.externalSystems.patch",
+                      "parameterOrder": [
+                        "name"
+                      ],
+                      "parameters": {
+                        "name": {
+                          "description": "External System Name e.g. jira, demisto, etc. e.g.: organizations/1234/sources/5678/findings/123456/externalSystems/jira folders/1234/sources/5678/findings/123456/externalSystems/jira projects/1234/sources/5678/findings/123456/externalSystems/jira",
+                          "location": "path",
+                          "pattern": "^folders/[^/]+/sources/[^/]+/findings/[^/]+/externalSystems/[^/]+$",
+                          "required": true,
+                          "type": "string"
+                        },
+                        "updateMask": {
+                          "description": "The FieldMask to use when updating the external system resource. If empty all mutable fields will be updated.",
+                          "format": "google-fieldmask",
+                          "location": "query",
+                          "type": "string"
+                        }
+                      },
+                      "path": "v1/{+name}",
+                      "request": {
+                        "$ref": "GoogleCloudSecuritycenterV1ExternalSystem"
+                      },
+                      "response": {
+                        "$ref": "GoogleCloudSecuritycenterV1ExternalSystem"
+                      },
+                      "scopes": [
+                        "https://www.googleapis.com/auth/cloud-platform"
+                      ]
+                    }
+                  }
+                }
               }
             }
           }
@@ -712,6 +969,195 @@
             }
           }
         },
+        "findings": {
+          "methods": {
+            "bulkMute": {
+              "description": "Kicks off an LRO to bulk mute findings for a parent based on a filter. The parent can be either an organization, folder or project. The findings matched by the filter will be muted after the LRO is done.",
+              "flatPath": "v1/organizations/{organizationsId}/findings:bulkMute",
+              "httpMethod": "POST",
+              "id": "securitycenter.organizations.findings.bulkMute",
+              "parameterOrder": [
+                "parent"
+              ],
+              "parameters": {
+                "parent": {
+                  "description": "Required. The parent, at which bulk action needs to be applied. Its format is \"organizations/[organization_id]\", \"folders/[folder_id]\", \"projects/[project_id]\".",
+                  "location": "path",
+                  "pattern": "^organizations/[^/]+$",
+                  "required": true,
+                  "type": "string"
+                }
+              },
+              "path": "v1/{+parent}/findings:bulkMute",
+              "request": {
+                "$ref": "BulkMuteFindingsRequest"
+              },
+              "response": {
+                "$ref": "Operation"
+              },
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ]
+            }
+          }
+        },
+        "muteConfigs": {
+          "methods": {
+            "create": {
+              "description": "Creates a mute config.",
+              "flatPath": "v1/organizations/{organizationsId}/muteConfigs",
+              "httpMethod": "POST",
+              "id": "securitycenter.organizations.muteConfigs.create",
+              "parameterOrder": [
+                "parent"
+              ],
+              "parameters": {
+                "muteConfigId": {
+                  "description": "Required. Unique identifier provided by the client within the parent scope. It must consist of lower case letters, numbers, and hyphen, with the first character a letter, the last a letter or a number, and a 63 character maximum.",
+                  "location": "query",
+                  "type": "string"
+                },
+                "parent": {
+                  "description": "Required. Resource name of the new mute configs's parent. Its format is \"organizations/[organization_id]\", \"folders/[folder_id]\", or \"projects/[project_id]\".",
+                  "location": "path",
+                  "pattern": "^organizations/[^/]+$",
+                  "required": true,
+                  "type": "string"
+                }
+              },
+              "path": "v1/{+parent}/muteConfigs",
+              "request": {
+                "$ref": "GoogleCloudSecuritycenterV1MuteConfig"
+              },
+              "response": {
+                "$ref": "GoogleCloudSecuritycenterV1MuteConfig"
+              },
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ]
+            },
+            "delete": {
+              "description": "Deletes an existing mute config.",
+              "flatPath": "v1/organizations/{organizationsId}/muteConfigs/{muteConfigsId}",
+              "httpMethod": "DELETE",
+              "id": "securitycenter.organizations.muteConfigs.delete",
+              "parameterOrder": [
+                "name"
+              ],
+              "parameters": {
+                "name": {
+                  "description": "Required. Name of the mute config to delete. Its format is organizations/{organization}/muteConfigs/{config_id}, folders/{folder}/muteConfigs/{config_id}, or projects/{project}/muteConfigs/{config_id}",
+                  "location": "path",
+                  "pattern": "^organizations/[^/]+/muteConfigs/[^/]+$",
+                  "required": true,
+                  "type": "string"
+                }
+              },
+              "path": "v1/{+name}",
+              "response": {
+                "$ref": "Empty"
+              },
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ]
+            },
+            "get": {
+              "description": "Gets a mute config.",
+              "flatPath": "v1/organizations/{organizationsId}/muteConfigs/{muteConfigsId}",
+              "httpMethod": "GET",
+              "id": "securitycenter.organizations.muteConfigs.get",
+              "parameterOrder": [
+                "name"
+              ],
+              "parameters": {
+                "name": {
+                  "description": "Required. Name of the mute config to retrieve. Its format is organizations/{organization}/muteConfigs/{config_id}, folders/{folder}/muteConfigs/{config_id}, or projects/{project}/muteConfigs/{config_id}",
+                  "location": "path",
+                  "pattern": "^organizations/[^/]+/muteConfigs/[^/]+$",
+                  "required": true,
+                  "type": "string"
+                }
+              },
+              "path": "v1/{+name}",
+              "response": {
+                "$ref": "GoogleCloudSecuritycenterV1MuteConfig"
+              },
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ]
+            },
+            "list": {
+              "description": "Lists mute configs.",
+              "flatPath": "v1/organizations/{organizationsId}/muteConfigs",
+              "httpMethod": "GET",
+              "id": "securitycenter.organizations.muteConfigs.list",
+              "parameterOrder": [
+                "parent"
+              ],
+              "parameters": {
+                "pageSize": {
+                  "description": "The maximum number of configs to return. The service may return fewer than this value. If unspecified, at most 10 configs will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.",
+                  "format": "int32",
+                  "location": "query",
+                  "type": "integer"
+                },
+                "pageToken": {
+                  "description": "A page token, received from a previous `ListMuteConfigs` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListMuteConfigs` must match the call that provided the page token.",
+                  "location": "query",
+                  "type": "string"
+                },
+                "parent": {
+                  "description": "Required. The parent, which owns the collection of mute configs. Its format is \"organizations/[organization_id]\", \"folders/[folder_id]\", \"projects/[project_id]\".",
+                  "location": "path",
+                  "pattern": "^organizations/[^/]+$",
+                  "required": true,
+                  "type": "string"
+                }
+              },
+              "path": "v1/{+parent}/muteConfigs",
+              "response": {
+                "$ref": "ListMuteConfigsResponse"
+              },
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ]
+            },
+            "patch": {
+              "description": "Updates a mute config.",
+              "flatPath": "v1/organizations/{organizationsId}/muteConfigs/{muteConfigsId}",
+              "httpMethod": "PATCH",
+              "id": "securitycenter.organizations.muteConfigs.patch",
+              "parameterOrder": [
+                "name"
+              ],
+              "parameters": {
+                "name": {
+                  "description": "This field will be ignored if provided on config creation. Format \"organizations/{organization}/muteConfigs/{mute_config}\" \"folders/{folder}/muteConfigs/{mute_config}\" \"projects/{project}/muteConfigs/{mute_config}\"",
+                  "location": "path",
+                  "pattern": "^organizations/[^/]+/muteConfigs/[^/]+$",
+                  "required": true,
+                  "type": "string"
+                },
+                "updateMask": {
+                  "description": "The list of fields to be updated. If empty all mutable fields will be updated.",
+                  "format": "google-fieldmask",
+                  "location": "query",
+                  "type": "string"
+                }
+              },
+              "path": "v1/{+name}",
+              "request": {
+                "$ref": "GoogleCloudSecuritycenterV1MuteConfig"
+              },
+              "response": {
+                "$ref": "GoogleCloudSecuritycenterV1MuteConfig"
+              },
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ]
+            }
+          }
+        },
         "notificationConfigs": {
           "methods": {
             "create": {
@@ -1361,6 +1807,34 @@
                     "https://www.googleapis.com/auth/cloud-platform"
                   ]
                 },
+                "setMute": {
+                  "description": "Updates the mute state of a finding.",
+                  "flatPath": "v1/organizations/{organizationsId}/sources/{sourcesId}/findings/{findingsId}:setMute",
+                  "httpMethod": "POST",
+                  "id": "securitycenter.organizations.sources.findings.setMute",
+                  "parameterOrder": [
+                    "name"
+                  ],
+                  "parameters": {
+                    "name": {
+                      "description": "Required. The relative resource name of the finding. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: \"organizations/{organization_id}/sources/{source_id}/finding/{finding_id}\", \"folders/{folder_id}/sources/{source_id}/finding/{finding_id}\", \"projects/{project_id}/sources/{source_id}/finding/{finding_id}\".",
+                      "location": "path",
+                      "pattern": "^organizations/[^/]+/sources/[^/]+/findings/[^/]+$",
+                      "required": true,
+                      "type": "string"
+                    }
+                  },
+                  "path": "v1/{+name}:setMute",
+                  "request": {
+                    "$ref": "SetMuteRequest"
+                  },
+                  "response": {
+                    "$ref": "Finding"
+                  },
+                  "scopes": [
+                    "https://www.googleapis.com/auth/cloud-platform"
+                  ]
+                },
                 "setState": {
                   "description": "Updates the state of a finding.",
                   "flatPath": "v1/organizations/{organizationsId}/sources/{sourcesId}/findings/{findingsId}:setState",
@@ -1429,132 +1903,361 @@
                     "https://www.googleapis.com/auth/cloud-platform"
                   ]
                 }
+              },
+              "resources": {
+                "externalSystems": {
+                  "methods": {
+                    "patch": {
+                      "description": "Updates external system. This is for a given finding.",
+                      "flatPath": "v1/organizations/{organizationsId}/sources/{sourcesId}/findings/{findingsId}/externalSystems/{externalSystemsId}",
+                      "httpMethod": "PATCH",
+                      "id": "securitycenter.organizations.sources.findings.externalSystems.patch",
+                      "parameterOrder": [
+                        "name"
+                      ],
+                      "parameters": {
+                        "name": {
+                          "description": "External System Name e.g. jira, demisto, etc. e.g.: organizations/1234/sources/5678/findings/123456/externalSystems/jira folders/1234/sources/5678/findings/123456/externalSystems/jira projects/1234/sources/5678/findings/123456/externalSystems/jira",
+                          "location": "path",
+                          "pattern": "^organizations/[^/]+/sources/[^/]+/findings/[^/]+/externalSystems/[^/]+$",
+                          "required": true,
+                          "type": "string"
+                        },
+                        "updateMask": {
+                          "description": "The FieldMask to use when updating the external system resource. If empty all mutable fields will be updated.",
+                          "format": "google-fieldmask",
+                          "location": "query",
+                          "type": "string"
+                        }
+                      },
+                      "path": "v1/{+name}",
+                      "request": {
+                        "$ref": "GoogleCloudSecuritycenterV1ExternalSystem"
+                      },
+                      "response": {
+                        "$ref": "GoogleCloudSecuritycenterV1ExternalSystem"
+                      },
+                      "scopes": [
+                        "https://www.googleapis.com/auth/cloud-platform"
+                      ]
+                    }
+                  }
+                }
               }
             }
           }
-        }
-      }
-    },
-    "projects": {
-      "resources": {
-        "assets": {
+        }
+      }
+    },
+    "projects": {
+      "resources": {
+        "assets": {
+          "methods": {
+            "group": {
+              "description": "Filters an organization's assets and groups them by their specified properties.",
+              "flatPath": "v1/projects/{projectsId}/assets:group",
+              "httpMethod": "POST",
+              "id": "securitycenter.projects.assets.group",
+              "parameterOrder": [
+                "parent"
+              ],
+              "parameters": {
+                "parent": {
+                  "description": "Required. Name of the organization to groupBy. Its format is \"organizations/[organization_id], folders/[folder_id], or projects/[project_id]\".",
+                  "location": "path",
+                  "pattern": "^projects/[^/]+$",
+                  "required": true,
+                  "type": "string"
+                }
+              },
+              "path": "v1/{+parent}/assets:group",
+              "request": {
+                "$ref": "GroupAssetsRequest"
+              },
+              "response": {
+                "$ref": "GroupAssetsResponse"
+              },
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ]
+            },
+            "list": {
+              "description": "Lists an organization's assets.",
+              "flatPath": "v1/projects/{projectsId}/assets",
+              "httpMethod": "GET",
+              "id": "securitycenter.projects.assets.list",
+              "parameterOrder": [
+                "parent"
+              ],
+              "parameters": {
+                "compareDuration": {
+                  "description": "When compare_duration is set, the ListAssetsResult's \"state_change\" attribute is updated to indicate whether the asset was added, removed, or remained present during the compare_duration period of time that precedes the read_time. This is the time between (read_time - compare_duration) and read_time. The state_change value is derived based on the presence of the asset at the two points in time. Intermediate state changes between the two times don't affect the result. For example, the results aren't affected if the asset is removed and re-created again. Possible \"state_change\" values when compare_duration is specified: * \"ADDED\": indicates that the asset was not present at the start of compare_duration, but present at read_time. * \"REMOVED\": indicates that the asset was present at the start of compare_duration, but not present at read_time. * \"ACTIVE\": indicates that the asset was present at both the start and the end of the time period defined by compare_duration and read_time. If compare_duration is not specified, then the only possible state_change is \"UNUSED\", which will be the state_change set for all assets present at read_time.",
+                  "format": "google-duration",
+                  "location": "query",
+                  "type": "string"
+                },
+                "fieldMask": {
+                  "description": "A field mask to specify the ListAssetsResult fields to be listed in the response. An empty field mask will list all fields.",
+                  "format": "google-fieldmask",
+                  "location": "query",
+                  "type": "string"
+                },
+                "filter": {
+                  "description": "Expression that defines the filter to apply across assets. The expression is a list of zero or more restrictions combined via logical operators `AND` and `OR`. Parentheses are supported, and `OR` has higher precedence than `AND`. Restrictions have the form ` ` and may have a `-` character in front of them to indicate negation. The fields map to those defined in the Asset resource. Examples include: * name * security_center_properties.resource_name * resource_properties.a_property * security_marks.marks.marka The supported operators are: * `=` for all value types. * `>`, `<`, `>=`, `<=` for integer values. * `:`, meaning substring matching, for strings. The supported value types are: * string literals in quotes. * integer literals without quotes. * boolean literals `true` and `false` without quotes. The following are the allowed field and operator combinations: * name: `=` * update_time: `=`, `>`, `<`, `>=`, `<=` Usage: This should be milliseconds since epoch or an RFC3339 string. Examples: `update_time = \"2019-06-10T16:07:18-07:00\"` `update_time = 1560208038000` * create_time: `=`, `>`, `<`, `>=`, `<=` Usage: This should be milliseconds since epoch or an RFC3339 string. Examples: `create_time = \"2019-06-10T16:07:18-07:00\"` `create_time = 1560208038000` * iam_policy.policy_blob: `=`, `:` * resource_properties: `=`, `:`, `>`, `<`, `>=`, `<=` * security_marks.marks: `=`, `:` * security_center_properties.resource_name: `=`, `:` * security_center_properties.resource_display_name: `=`, `:` * security_center_properties.resource_type: `=`, `:` * security_center_properties.resource_parent: `=`, `:` * security_center_properties.resource_parent_display_name: `=`, `:` * security_center_properties.resource_project: `=`, `:` * security_center_properties.resource_project_display_name: `=`, `:` * security_center_properties.resource_owners: `=`, `:` For example, `resource_properties.size = 100` is a valid filter string. Use a partial match on the empty string to filter based on a property existing: `resource_properties.my_property : \"\"` Use a negated partial match on the empty string to filter based on a property not existing: `-resource_properties.my_property : \"\"`",
+                  "location": "query",
+                  "type": "string"
+                },
+                "orderBy": {
+                  "description": "Expression that defines what fields and order to use for sorting. The string value should follow SQL syntax: comma separated list of fields. For example: \"name,resource_properties.a_property\". The default sorting order is ascending. To specify descending order for a field, a suffix \" desc\" should be appended to the field name. For example: \"name desc,resource_properties.a_property\". Redundant space characters in the syntax are insignificant. \"name desc,resource_properties.a_property\" and \" name desc , resource_properties.a_property \" are equivalent. The following fields are supported: name update_time resource_properties security_marks.marks security_center_properties.resource_name security_center_properties.resource_display_name security_center_properties.resource_parent security_center_properties.resource_parent_display_name security_center_properties.resource_project security_center_properties.resource_project_display_name security_center_properties.resource_type",
+                  "location": "query",
+                  "type": "string"
+                },
+                "pageSize": {
+                  "description": "The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000.",
+                  "format": "int32",
+                  "location": "query",
+                  "type": "integer"
+                },
+                "pageToken": {
+                  "description": "The value returned by the last `ListAssetsResponse`; indicates that this is a continuation of a prior `ListAssets` call, and that the system should return the next page of data.",
+                  "location": "query",
+                  "type": "string"
+                },
+                "parent": {
+                  "description": "Required. Name of the organization assets should belong to. Its format is \"organizations/[organization_id], folders/[folder_id], or projects/[project_id]\".",
+                  "location": "path",
+                  "pattern": "^projects/[^/]+$",
+                  "required": true,
+                  "type": "string"
+                },
+                "readTime": {
+                  "description": "Time used as a reference point when filtering assets. The filter is limited to assets existing at the supplied time and their values are those at that specific time. Absence of this field will default to the API's version of NOW.",
+                  "format": "google-datetime",
+                  "location": "query",
+                  "type": "string"
+                }
+              },
+              "path": "v1/{+parent}/assets",
+              "response": {
+                "$ref": "ListAssetsResponse"
+              },
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ]
+            },
+            "updateSecurityMarks": {
+              "description": "Updates security marks.",
+              "flatPath": "v1/projects/{projectsId}/assets/{assetsId}/securityMarks",
+              "httpMethod": "PATCH",
+              "id": "securitycenter.projects.assets.updateSecurityMarks",
+              "parameterOrder": [
+                "name"
+              ],
+              "parameters": {
+                "name": {
+                  "description": "The relative resource name of the SecurityMarks. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Examples: \"organizations/{organization_id}/assets/{asset_id}/securityMarks\" \"organizations/{organization_id}/sources/{source_id}/findings/{finding_id}/securityMarks\".",
+                  "location": "path",
+                  "pattern": "^projects/[^/]+/assets/[^/]+/securityMarks$",
+                  "required": true,
+                  "type": "string"
+                },
+                "startTime": {
+                  "description": "The time at which the updated SecurityMarks take effect. If not set uses current server time. Updates will be applied to the SecurityMarks that are active immediately preceding this time.",
+                  "format": "google-datetime",
+                  "location": "query",
+                  "type": "string"
+                },
+                "updateMask": {
+                  "description": "The FieldMask to use when updating the security marks resource. The field mask must not contain duplicate fields. If empty or set to \"marks\", all marks will be replaced. Individual marks can be updated using \"marks.\".",
+                  "format": "google-fieldmask",
+                  "location": "query",
+                  "type": "string"
+                }
+              },
+              "path": "v1/{+name}",
+              "request": {
+                "$ref": "SecurityMarks"
+              },
+              "response": {
+                "$ref": "SecurityMarks"
+              },
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ]
+            }
+          }
+        },
+        "findings": {
           "methods": {
-            "group": {
-              "description": "Filters an organization's assets and groups them by their specified properties.",
-              "flatPath": "v1/projects/{projectsId}/assets:group",
+            "bulkMute": {
+              "description": "Kicks off an LRO to bulk mute findings for a parent based on a filter. The parent can be either an organization, folder or project. The findings matched by the filter will be muted after the LRO is done.",
+              "flatPath": "v1/projects/{projectsId}/findings:bulkMute",
               "httpMethod": "POST",
-              "id": "securitycenter.projects.assets.group",
+              "id": "securitycenter.projects.findings.bulkMute",
               "parameterOrder": [
                 "parent"
               ],
               "parameters": {
                 "parent": {
-                  "description": "Required. Name of the organization to groupBy. Its format is \"organizations/[organization_id], folders/[folder_id], or projects/[project_id]\".",
+                  "description": "Required. The parent, at which bulk action needs to be applied. Its format is \"organizations/[organization_id]\", \"folders/[folder_id]\", \"projects/[project_id]\".",
                   "location": "path",
                   "pattern": "^projects/[^/]+$",
                   "required": true,
                   "type": "string"
                 }
               },
-              "path": "v1/{+parent}/assets:group",
+              "path": "v1/{+parent}/findings:bulkMute",
               "request": {
-                "$ref": "GroupAssetsRequest"
+                "$ref": "BulkMuteFindingsRequest"
               },
               "response": {
-                "$ref": "GroupAssetsResponse"
+                "$ref": "Operation"
               },
               "scopes": [
                 "https://www.googleapis.com/auth/cloud-platform"
               ]
-            },
-            "list": {
-              "description": "Lists an organization's assets.",
-              "flatPath": "v1/projects/{projectsId}/assets",
-              "httpMethod": "GET",
-              "id": "securitycenter.projects.assets.list",
+            }
+          }
+        },
+        "muteConfigs": {
+          "methods": {
+            "create": {
+              "description": "Creates a mute config.",
+              "flatPath": "v1/projects/{projectsId}/muteConfigs",
+              "httpMethod": "POST",
+              "id": "securitycenter.projects.muteConfigs.create",
               "parameterOrder": [
                 "parent"
               ],
               "parameters": {
-                "compareDuration": {
-                  "description": "When compare_duration is set, the ListAssetsResult's \"state_change\" attribute is updated to indicate whether the asset was added, removed, or remained present during the compare_duration period of time that precedes the read_time. This is the time between (read_time - compare_duration) and read_time. The state_change value is derived based on the presence of the asset at the two points in time. Intermediate state changes between the two times don't affect the result. For example, the results aren't affected if the asset is removed and re-created again. Possible \"state_change\" values when compare_duration is specified: * \"ADDED\": indicates that the asset was not present at the start of compare_duration, but present at read_time. * \"REMOVED\": indicates that the asset was present at the start of compare_duration, but not present at read_time. * \"ACTIVE\": indicates that the asset was present at both the start and the end of the time period defined by compare_duration and read_time. If compare_duration is not specified, then the only possible state_change is \"UNUSED\", which will be the state_change set for all assets present at read_time.",
-                  "format": "google-duration",
+                "muteConfigId": {
+                  "description": "Required. Unique identifier provided by the client within the parent scope. It must consist of lower case letters, numbers, and hyphen, with the first character a letter, the last a letter or a number, and a 63 character maximum.",
                   "location": "query",
                   "type": "string"
                 },
-                "fieldMask": {
-                  "description": "A field mask to specify the ListAssetsResult fields to be listed in the response. An empty field mask will list all fields.",
-                  "format": "google-fieldmask",
-                  "location": "query",
+                "parent": {
+                  "description": "Required. Resource name of the new mute configs's parent. Its format is \"organizations/[organization_id]\", \"folders/[folder_id]\", or \"projects/[project_id]\".",
+                  "location": "path",
+                  "pattern": "^projects/[^/]+$",
+                  "required": true,
                   "type": "string"
-                },
-                "filter": {
-                  "description": "Expression that defines the filter to apply across assets. The expression is a list of zero or more restrictions combined via logical operators `AND` and `OR`. Parentheses are supported, and `OR` has higher precedence than `AND`. Restrictions have the form ` ` and may have a `-` character in front of them to indicate negation. The fields map to those defined in the Asset resource. Examples include: * name * security_center_properties.resource_name * resource_properties.a_property * security_marks.marks.marka The supported operators are: * `=` for all value types. * `>`, `<`, `>=`, `<=` for integer values. * `:`, meaning substring matching, for strings. The supported value types are: * string literals in quotes. * integer literals without quotes. * boolean literals `true` and `false` without quotes. The following are the allowed field and operator combinations: * name: `=` * update_time: `=`, `>`, `<`, `>=`, `<=` Usage: This should be milliseconds since epoch or an RFC3339 string. Examples: `update_time = \"2019-06-10T16:07:18-07:00\"` `update_time = 1560208038000` * create_time: `=`, `>`, `<`, `>=`, `<=` Usage: This should be milliseconds since epoch or an RFC3339 string. Examples: `create_time = \"2019-06-10T16:07:18-07:00\"` `create_time = 1560208038000` * iam_policy.policy_blob: `=`, `:` * resource_properties: `=`, `:`, `>`, `<`, `>=`, `<=` * security_marks.marks: `=`, `:` * security_center_properties.resource_name: `=`, `:` * security_center_properties.resource_display_name: `=`, `:` * security_center_properties.resource_type: `=`, `:` * security_center_properties.resource_parent: `=`, `:` * security_center_properties.resource_parent_display_name: `=`, `:` * security_center_properties.resource_project: `=`, `:` * security_center_properties.resource_project_display_name: `=`, `:` * security_center_properties.resource_owners: `=`, `:` For example, `resource_properties.size = 100` is a valid filter string. Use a partial match on the empty string to filter based on a property existing: `resource_properties.my_property : \"\"` Use a negated partial match on the empty string to filter based on a property not existing: `-resource_properties.my_property : \"\"`",
-                  "location": "query",
+                }
+              },
+              "path": "v1/{+parent}/muteConfigs",
+              "request": {
+                "$ref": "GoogleCloudSecuritycenterV1MuteConfig"
+              },
+              "response": {
+                "$ref": "GoogleCloudSecuritycenterV1MuteConfig"
+              },
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ]
+            },
+            "delete": {
+              "description": "Deletes an existing mute config.",
+              "flatPath": "v1/projects/{projectsId}/muteConfigs/{muteConfigsId}",
+              "httpMethod": "DELETE",
+              "id": "securitycenter.projects.muteConfigs.delete",
+              "parameterOrder": [
+                "name"
+              ],
+              "parameters": {
+                "name": {
+                  "description": "Required. Name of the mute config to delete. Its format is organizations/{organization}/muteConfigs/{config_id}, folders/{folder}/muteConfigs/{config_id}, or projects/{project}/muteConfigs/{config_id}",
+                  "location": "path",
+                  "pattern": "^projects/[^/]+/muteConfigs/[^/]+$",
+                  "required": true,
                   "type": "string"
-                },
-                "orderBy": {
-                  "description": "Expression that defines what fields and order to use for sorting. The string value should follow SQL syntax: comma separated list of fields. For example: \"name,resource_properties.a_property\". The default sorting order is ascending. To specify descending order for a field, a suffix \" desc\" should be appended to the field name. For example: \"name desc,resource_properties.a_property\". Redundant space characters in the syntax are insignificant. \"name desc,resource_properties.a_property\" and \" name desc , resource_properties.a_property \" are equivalent. The following fields are supported: name update_time resource_properties security_marks.marks security_center_properties.resource_name security_center_properties.resource_display_name security_center_properties.resource_parent security_center_properties.resource_parent_display_name security_center_properties.resource_project security_center_properties.resource_project_display_name security_center_properties.resource_type",
-                  "location": "query",
+                }
+              },
+              "path": "v1/{+name}",
+              "response": {
+                "$ref": "Empty"
+              },
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ]
+            },
+            "get": {
+              "description": "Gets a mute config.",
+              "flatPath": "v1/projects/{projectsId}/muteConfigs/{muteConfigsId}",
+              "httpMethod": "GET",
+              "id": "securitycenter.projects.muteConfigs.get",
+              "parameterOrder": [
+                "name"
+              ],
+              "parameters": {
+                "name": {
+                  "description": "Required. Name of the mute config to retrieve. Its format is organizations/{organization}/muteConfigs/{config_id}, folders/{folder}/muteConfigs/{config_id}, or projects/{project}/muteConfigs/{config_id}",
+                  "location": "path",
+                  "pattern": "^projects/[^/]+/muteConfigs/[^/]+$",
+                  "required": true,
                   "type": "string"
-                },
+                }
+              },
+              "path": "v1/{+name}",
+              "response": {
+                "$ref": "GoogleCloudSecuritycenterV1MuteConfig"
+              },
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ]
+            },
+            "list": {
+              "description": "Lists mute configs.",
+              "flatPath": "v1/projects/{projectsId}/muteConfigs",
+              "httpMethod": "GET",
+              "id": "securitycenter.projects.muteConfigs.list",
+              "parameterOrder": [
+                "parent"
+              ],
+              "parameters": {
                 "pageSize": {
-                  "description": "The maximum number of results to return in a single response. Default is 10, minimum is 1, maximum is 1000.",
+                  "description": "The maximum number of configs to return. The service may return fewer than this value. If unspecified, at most 10 configs will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.",
                   "format": "int32",
                   "location": "query",
                   "type": "integer"
                 },
                 "pageToken": {
-                  "description": "The value returned by the last `ListAssetsResponse`; indicates that this is a continuation of a prior `ListAssets` call, and that the system should return the next page of data.",
+                  "description": "A page token, received from a previous `ListMuteConfigs` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListMuteConfigs` must match the call that provided the page token.",
                   "location": "query",
                   "type": "string"
                 },
                 "parent": {
-                  "description": "Required. Name of the organization assets should belong to. Its format is \"organizations/[organization_id], folders/[folder_id], or projects/[project_id]\".",
+                  "description": "Required. The parent, which owns the collection of mute configs. Its format is \"organizations/[organization_id]\", \"folders/[folder_id]\", \"projects/[project_id]\".",
                   "location": "path",
                   "pattern": "^projects/[^/]+$",
                   "required": true,
                   "type": "string"
-                },
-                "readTime": {
-                  "description": "Time used as a reference point when filtering assets. The filter is limited to assets existing at the supplied time and their values are those at that specific time. Absence of this field will default to the API's version of NOW.",
-                  "format": "google-datetime",
-                  "location": "query",
-                  "type": "string"
                 }
               },
-              "path": "v1/{+parent}/assets",
+              "path": "v1/{+parent}/muteConfigs",
               "response": {
-                "$ref": "ListAssetsResponse"
+                "$ref": "ListMuteConfigsResponse"
               },
               "scopes": [
                 "https://www.googleapis.com/auth/cloud-platform"
               ]
             },
-            "updateSecurityMarks": {
-              "description": "Updates security marks.",
-              "flatPath": "v1/projects/{projectsId}/assets/{assetsId}/securityMarks",
+            "patch": {
+              "description": "Updates a mute config.",
+              "flatPath": "v1/projects/{projectsId}/muteConfigs/{muteConfigsId}",
               "httpMethod": "PATCH",
-              "id": "securitycenter.projects.assets.updateSecurityMarks",
+              "id": "securitycenter.projects.muteConfigs.patch",
               "parameterOrder": [
                 "name"
               ],
               "parameters": {
                 "name": {
-                  "description": "The relative resource name of the SecurityMarks. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Examples: \"organizations/{organization_id}/assets/{asset_id}/securityMarks\" \"organizations/{organization_id}/sources/{source_id}/findings/{finding_id}/securityMarks\".",
+                  "description": "This field will be ignored if provided on config creation. Format \"organizations/{organization}/muteConfigs/{mute_config}\" \"folders/{folder}/muteConfigs/{mute_config}\" \"projects/{project}/muteConfigs/{mute_config}\"",
                   "location": "path",
-                  "pattern": "^projects/[^/]+/assets/[^/]+/securityMarks$",
+                  "pattern": "^projects/[^/]+/muteConfigs/[^/]+$",
                   "required": true,
                   "type": "string"
                 },
-                "startTime": {
-                  "description": "The time at which the updated SecurityMarks take effect. If not set uses current server time. Updates will be applied to the SecurityMarks that are active immediately preceding this time.",
-                  "format": "google-datetime",
-                  "location": "query",
-                  "type": "string"
-                },
                 "updateMask": {
-                  "description": "The FieldMask to use when updating the security marks resource. The field mask must not contain duplicate fields. If empty or set to \"marks\", all marks will be replaced. Individual marks can be updated using \"marks.\".",
+                  "description": "The list of fields to be updated. If empty all mutable fields will be updated.",
                   "format": "google-fieldmask",
                   "location": "query",
                   "type": "string"
@@ -1562,10 +2265,10 @@
               },
               "path": "v1/{+name}",
               "request": {
-                "$ref": "SecurityMarks"
+                "$ref": "GoogleCloudSecuritycenterV1MuteConfig"
               },
               "response": {
-                "$ref": "SecurityMarks"
+                "$ref": "GoogleCloudSecuritycenterV1MuteConfig"
               },
               "scopes": [
                 "https://www.googleapis.com/auth/cloud-platform"
@@ -1741,6 +2444,34 @@
                     "https://www.googleapis.com/auth/cloud-platform"
                   ]
                 },
+                "setMute": {
+                  "description": "Updates the mute state of a finding.",
+                  "flatPath": "v1/projects/{projectsId}/sources/{sourcesId}/findings/{findingsId}:setMute",
+                  "httpMethod": "POST",
+                  "id": "securitycenter.projects.sources.findings.setMute",
+                  "parameterOrder": [
+                    "name"
+                  ],
+                  "parameters": {
+                    "name": {
+                      "description": "Required. The relative resource name of the finding. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: \"organizations/{organization_id}/sources/{source_id}/finding/{finding_id}\", \"folders/{folder_id}/sources/{source_id}/finding/{finding_id}\", \"projects/{project_id}/sources/{source_id}/finding/{finding_id}\".",
+                      "location": "path",
+                      "pattern": "^projects/[^/]+/sources/[^/]+/findings/[^/]+$",
+                      "required": true,
+                      "type": "string"
+                    }
+                  },
+                  "path": "v1/{+name}:setMute",
+                  "request": {
+                    "$ref": "SetMuteRequest"
+                  },
+                  "response": {
+                    "$ref": "Finding"
+                  },
+                  "scopes": [
+                    "https://www.googleapis.com/auth/cloud-platform"
+                  ]
+                },
                 "setState": {
                   "description": "Updates the state of a finding.",
                   "flatPath": "v1/projects/{projectsId}/sources/{sourcesId}/findings/{findingsId}:setState",
@@ -1809,6 +2540,46 @@
                     "https://www.googleapis.com/auth/cloud-platform"
                   ]
                 }
+              },
+              "resources": {
+                "externalSystems": {
+                  "methods": {
+                    "patch": {
+                      "description": "Updates external system. This is for a given finding.",
+                      "flatPath": "v1/projects/{projectsId}/sources/{sourcesId}/findings/{findingsId}/externalSystems/{externalSystemsId}",
+                      "httpMethod": "PATCH",
+                      "id": "securitycenter.projects.sources.findings.externalSystems.patch",
+                      "parameterOrder": [
+                        "name"
+                      ],
+                      "parameters": {
+                        "name": {
+                          "description": "External System Name e.g. jira, demisto, etc. e.g.: organizations/1234/sources/5678/findings/123456/externalSystems/jira folders/1234/sources/5678/findings/123456/externalSystems/jira projects/1234/sources/5678/findings/123456/externalSystems/jira",
+                          "location": "path",
+                          "pattern": "^projects/[^/]+/sources/[^/]+/findings/[^/]+/externalSystems/[^/]+$",
+                          "required": true,
+                          "type": "string"
+                        },
+                        "updateMask": {
+                          "description": "The FieldMask to use when updating the external system resource. If empty all mutable fields will be updated.",
+                          "format": "google-fieldmask",
+                          "location": "query",
+                          "type": "string"
+                        }
+                      },
+                      "path": "v1/{+name}",
+                      "request": {
+                        "$ref": "GoogleCloudSecuritycenterV1ExternalSystem"
+                      },
+                      "response": {
+                        "$ref": "GoogleCloudSecuritycenterV1ExternalSystem"
+                      },
+                      "scopes": [
+                        "https://www.googleapis.com/auth/cloud-platform"
+                      ]
+                    }
+                  }
+                }
               }
             }
           }
@@ -1816,7 +2587,7 @@
       }
     }
   },
-  "revision": "20211103",
+  "revision": "20211112",
   "rootUrl": "https://securitycenter.googleapis.com/",
   "schemas": {
     "Asset": {
@@ -1968,6 +2739,21 @@
       },
       "type": "object"
     },
+    "BulkMuteFindingsRequest": {
+      "description": "Request message for bulk findings update. Note: 1. If multiple bulk update requests match the same resource, the order in which they get executed is not defined. 2. Once a bulk operation is started, there is no way to stop it.",
+      "id": "BulkMuteFindingsRequest",
+      "properties": {
+        "filter": {
+          "description": "Expression that identifies findings that should be updated. The expression is a list of zero or more restrictions combined via logical operators `AND` and `OR`. Parentheses are supported, and `OR` has higher precedence than `AND`. Restrictions have the form ` ` and may have a `-` character in front of them to indicate negation. The fields map to those defined in the corresponding resource. The supported operators are: * `=` for all value types. * `>`, `<`, `>=`, `<=` for integer values. * `:`, meaning substring matching, for strings. The supported value types are: * string literals in quotes. * integer literals without quotes. * boolean literals `true` and `false` without quotes.",
+          "type": "string"
+        },
+        "muteAnnotation": {
+          "description": "This can be a mute configuration name or any identifier for mute/unmute of findings based on the filter.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
     "Cve": {
       "description": "CVE stands for Common Vulnerabilities and Exposures. More information: https://cve.mitre.org",
       "id": "Cve",
@@ -2177,6 +2963,14 @@
           "format": "google-datetime",
           "type": "string"
         },
+        "externalSystems": {
+          "additionalProperties": {
+            "$ref": "GoogleCloudSecuritycenterV1ExternalSystem"
+          },
+          "description": "Output only. Third party SIEM/SOAR fields within SCC, contains external system information and external system finding fields.",
+          "readOnly": true,
+          "type": "object"
+        },
         "externalUri": {
           "description": "The URI that, if available, points to a web page outside of Security Command Center where additional information about the finding can be found. This field is guaranteed to be either empty or a well formed URL.",
           "type": "string"
@@ -2205,6 +2999,32 @@
           "$ref": "Indicator",
           "description": "Represents what's commonly known as an Indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise"
         },
+        "mute": {
+          "description": "Indicates the mute state of a finding (either unspecified, muted, unmuted or undefined).",
+          "enum": [
+            "MUTE_UNSPECIFIED",
+            "MUTED",
+            "UNMUTED",
+            "UNDEFINED"
+          ],
+          "enumDescriptions": [
+            "Unspecified.",
+            "Finding has been muted.",
+            "Finding has been unmuted.",
+            "Finding has never been muted/unmuted."
+          ],
+          "type": "string"
+        },
+        "muteInitiator": {
+          "description": "First known as mute_annotation. Records additional information about the mute operation e.g. mute config that muted the finding, user who muted the finding, etc.",
+          "type": "string"
+        },
+        "muteUpdateTime": {
+          "description": "Output only. The most recent time this finding was muted or unmuted.",
+          "format": "google-datetime",
+          "readOnly": true,
+          "type": "string"
+        },
         "name": {
           "description": "The relative resource name of this finding. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: \"organizations/{organization_id}/sources/{source_id}/findings/{finding_id}\"",
           "type": "string"
@@ -2306,6 +3126,77 @@
       },
       "type": "object"
     },
+    "GoogleCloudSecuritycenterV1ExternalSystem": {
+      "description": "Representation of third party SIEM/SOAR fields within SCC.",
+      "id": "GoogleCloudSecuritycenterV1ExternalSystem",
+      "properties": {
+        "assignees": {
+          "description": "References primary/secondary etc assignees in the external system.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "externalSystemUpdateTime": {
+          "description": "The most recent time when the corresponding finding's ticket/tracker was updated in the external system.",
+          "format": "google-datetime",
+          "type": "string"
+        },
+        "externalUid": {
+          "description": "Identifier that's used to track the given finding in the external system.",
+          "type": "string"
+        },
+        "name": {
+          "description": "External System Name e.g. jira, demisto, etc. e.g.: organizations/1234/sources/5678/findings/123456/externalSystems/jira folders/1234/sources/5678/findings/123456/externalSystems/jira projects/1234/sources/5678/findings/123456/externalSystems/jira",
+          "type": "string"
+        },
+        "status": {
+          "description": "Most recent status of the corresponding finding's ticket/tracker in the external system.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "GoogleCloudSecuritycenterV1MuteConfig": {
+      "description": "A mute config is a Cloud SCC resource that contains the configuration to mute create/update events of findings.",
+      "id": "GoogleCloudSecuritycenterV1MuteConfig",
+      "properties": {
+        "createTime": {
+          "description": "Output only. The time at which the mute config was created. This field is set by the server and will be ignored if provided on config creation.",
+          "format": "google-datetime",
+          "readOnly": true,
+          "type": "string"
+        },
+        "description": {
+          "description": "A description of the mute config.",
+          "type": "string"
+        },
+        "displayName": {
+          "description": "The human readable name to be displayed for the mute config.",
+          "type": "string"
+        },
+        "filter": {
+          "description": "Required. An expression that defines the filter to apply across create/update events of findings. While creating a filter string, be mindful of the scope in which the mute configuration is being created. E.g., If a filter contains project = X but is created under the project = Y scope, it might not match any findings. The following field and operator combinations are supported: * severity: `=`, `:` * category: `=`, `:` * resource.name: `=`, `:` * resource.project_name: `=`, `:` * resource.project_display_name: `=`, `:` * resource.folders.resource_folder: `=`, `:` * resource.parent_name: `=`, `:` * resource.parent_display_name: `=`, `:` * resource.type: `=`, `:` * finding_class: `=`, `:` * indicator.ip_addresses: `=`, `:` * indicator.domains: `=`, `:`",
+          "type": "string"
+        },
+        "mostRecentEditor": {
+          "description": "Output only. Email address of the user who last edited the mute config. This field is set by the server and will be ignored if provided on config creation or update.",
+          "readOnly": true,
+          "type": "string"
+        },
+        "name": {
+          "description": "This field will be ignored if provided on config creation. Format \"organizations/{organization}/muteConfigs/{mute_config}\" \"folders/{folder}/muteConfigs/{mute_config}\" \"projects/{project}/muteConfigs/{mute_config}\"",
+          "type": "string"
+        },
+        "updateTime": {
+          "description": "Output only. The most recent time at which the mute config was updated. This field is set by the server and will be ignored if provided on config creation or update.",
+          "format": "google-datetime",
+          "readOnly": true,
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
     "GoogleCloudSecuritycenterV1NotificationMessage": {
       "description": "Cloud SCC's Notification",
       "id": "GoogleCloudSecuritycenterV1NotificationMessage",
@@ -2920,6 +3811,24 @@
       },
       "type": "object"
     },
+    "ListMuteConfigsResponse": {
+      "description": "Response message for listing mute configs.",
+      "id": "ListMuteConfigsResponse",
+      "properties": {
+        "muteConfigs": {
+          "description": "The mute configs from the specified parent.",
+          "items": {
+            "$ref": "GoogleCloudSecuritycenterV1MuteConfig"
+          },
+          "type": "array"
+        },
+        "nextPageToken": {
+          "description": "A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
     "ListNotificationConfigsResponse": {
       "description": "Response message for listing notification configs.",
       "id": "ListNotificationConfigsResponse",
@@ -3263,6 +4172,29 @@
       },
       "type": "object"
     },
+    "SetMuteRequest": {
+      "description": "Request message for updating a finding's mute status.",
+      "id": "SetMuteRequest",
+      "properties": {
+        "mute": {
+          "description": "Required. The desired state of the Mute.",
+          "enum": [
+            "MUTE_UNSPECIFIED",
+            "MUTED",
+            "UNMUTED",
+            "UNDEFINED"
+          ],
+          "enumDescriptions": [
+            "Unspecified.",
+            "Finding has been muted.",
+            "Finding has been unmuted.",
+            "Finding has never been muted/unmuted."
+          ],
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
     "Source": {
       "description": "Security Command Center finding source. A finding source is an entity or a mechanism that can produce a finding. A source is like a container of findings that come from the same scanner, logger, monitor, and other tools.",
       "id": "Source",
diff --git a/googleapiclient/discovery_cache/documents/securitycenter.v1beta1.json b/googleapiclient/discovery_cache/documents/securitycenter.v1beta1.json
index 078a0e053da..017b9588ec8 100644
--- a/googleapiclient/discovery_cache/documents/securitycenter.v1beta1.json
+++ b/googleapiclient/discovery_cache/documents/securitycenter.v1beta1.json
@@ -896,7 +896,7 @@
       }
     }
   },
-  "revision": "20211103",
+  "revision": "20211112",
   "rootUrl": "https://securitycenter.googleapis.com/",
   "schemas": {
     "Asset": {
@@ -1248,6 +1248,14 @@
           "format": "google-datetime",
           "type": "string"
         },
+        "externalSystems": {
+          "additionalProperties": {
+            "$ref": "GoogleCloudSecuritycenterV1ExternalSystem"
+          },
+          "description": "Output only. Third party SIEM/SOAR fields within SCC, contains external system information and external system finding fields.",
+          "readOnly": true,
+          "type": "object"
+        },
         "externalUri": {
           "description": "The URI that, if available, points to a web page outside of Security Command Center where additional information about the finding can be found. This field is guaranteed to be either empty or a well formed URL.",
           "type": "string"
@@ -1276,6 +1284,32 @@
           "$ref": "Indicator",
           "description": "Represents what's commonly known as an Indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise"
         },
+        "mute": {
+          "description": "Indicates the mute state of a finding (either unspecified, muted, unmuted or undefined).",
+          "enum": [
+            "MUTE_UNSPECIFIED",
+            "MUTED",
+            "UNMUTED",
+            "UNDEFINED"
+          ],
+          "enumDescriptions": [
+            "Unspecified.",
+            "Finding has been muted.",
+            "Finding has been unmuted.",
+            "Finding has never been muted/unmuted."
+          ],
+          "type": "string"
+        },
+        "muteInitiator": {
+          "description": "First known as mute_annotation. Records additional information about the mute operation e.g. mute config that muted the finding, user who muted the finding, etc.",
+          "type": "string"
+        },
+        "muteUpdateTime": {
+          "description": "Output only. The most recent time this finding was muted or unmuted.",
+          "format": "google-datetime",
+          "readOnly": true,
+          "type": "string"
+        },
         "name": {
           "description": "The relative resource name of this finding. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: \"organizations/{organization_id}/sources/{source_id}/findings/{finding_id}\"",
           "type": "string"
@@ -1377,6 +1411,77 @@
       },
       "type": "object"
     },
+    "GoogleCloudSecuritycenterV1ExternalSystem": {
+      "description": "Representation of third party SIEM/SOAR fields within SCC.",
+      "id": "GoogleCloudSecuritycenterV1ExternalSystem",
+      "properties": {
+        "assignees": {
+          "description": "References primary/secondary etc assignees in the external system.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "externalSystemUpdateTime": {
+          "description": "The most recent time when the corresponding finding's ticket/tracker was updated in the external system.",
+          "format": "google-datetime",
+          "type": "string"
+        },
+        "externalUid": {
+          "description": "Identifier that's used to track the given finding in the external system.",
+          "type": "string"
+        },
+        "name": {
+          "description": "External System Name e.g. jira, demisto, etc. e.g.: organizations/1234/sources/5678/findings/123456/externalSystems/jira folders/1234/sources/5678/findings/123456/externalSystems/jira projects/1234/sources/5678/findings/123456/externalSystems/jira",
+          "type": "string"
+        },
+        "status": {
+          "description": "Most recent status of the corresponding finding's ticket/tracker in the external system.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "GoogleCloudSecuritycenterV1MuteConfig": {
+      "description": "A mute config is a Cloud SCC resource that contains the configuration to mute create/update events of findings.",
+      "id": "GoogleCloudSecuritycenterV1MuteConfig",
+      "properties": {
+        "createTime": {
+          "description": "Output only. The time at which the mute config was created. This field is set by the server and will be ignored if provided on config creation.",
+          "format": "google-datetime",
+          "readOnly": true,
+          "type": "string"
+        },
+        "description": {
+          "description": "A description of the mute config.",
+          "type": "string"
+        },
+        "displayName": {
+          "description": "The human readable name to be displayed for the mute config.",
+          "type": "string"
+        },
+        "filter": {
+          "description": "Required. An expression that defines the filter to apply across create/update events of findings. While creating a filter string, be mindful of the scope in which the mute configuration is being created. E.g., If a filter contains project = X but is created under the project = Y scope, it might not match any findings. The following field and operator combinations are supported: * severity: `=`, `:` * category: `=`, `:` * resource.name: `=`, `:` * resource.project_name: `=`, `:` * resource.project_display_name: `=`, `:` * resource.folders.resource_folder: `=`, `:` * resource.parent_name: `=`, `:` * resource.parent_display_name: `=`, `:` * resource.type: `=`, `:` * finding_class: `=`, `:` * indicator.ip_addresses: `=`, `:` * indicator.domains: `=`, `:`",
+          "type": "string"
+        },
+        "mostRecentEditor": {
+          "description": "Output only. Email address of the user who last edited the mute config. This field is set by the server and will be ignored if provided on config creation or update.",
+          "readOnly": true,
+          "type": "string"
+        },
+        "name": {
+          "description": "This field will be ignored if provided on config creation. Format \"organizations/{organization}/muteConfigs/{mute_config}\" \"folders/{folder}/muteConfigs/{mute_config}\" \"projects/{project}/muteConfigs/{mute_config}\"",
+          "type": "string"
+        },
+        "updateTime": {
+          "description": "Output only. The most recent time at which the mute config was updated. This field is set by the server and will be ignored if provided on config creation or update.",
+          "format": "google-datetime",
+          "readOnly": true,
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
     "GoogleCloudSecuritycenterV1NotificationMessage": {
       "description": "Cloud SCC's Notification",
       "id": "GoogleCloudSecuritycenterV1NotificationMessage",
diff --git a/googleapiclient/discovery_cache/documents/securitycenter.v1beta2.json b/googleapiclient/discovery_cache/documents/securitycenter.v1beta2.json
index dadaf76f392..d66feb79cd5 100644
--- a/googleapiclient/discovery_cache/documents/securitycenter.v1beta2.json
+++ b/googleapiclient/discovery_cache/documents/securitycenter.v1beta2.json
@@ -1328,7 +1328,7 @@
       }
     }
   },
-  "revision": "20211103",
+  "revision": "20211112",
   "rootUrl": "https://securitycenter.googleapis.com/",
   "schemas": {
     "Config": {
@@ -1662,6 +1662,14 @@
           "format": "google-datetime",
           "type": "string"
         },
+        "externalSystems": {
+          "additionalProperties": {
+            "$ref": "GoogleCloudSecuritycenterV1ExternalSystem"
+          },
+          "description": "Output only. Third party SIEM/SOAR fields within SCC, contains external system information and external system finding fields.",
+          "readOnly": true,
+          "type": "object"
+        },
         "externalUri": {
           "description": "The URI that, if available, points to a web page outside of Security Command Center where additional information about the finding can be found. This field is guaranteed to be either empty or a well formed URL.",
           "type": "string"
@@ -1690,6 +1698,32 @@
           "$ref": "Indicator",
           "description": "Represents what's commonly known as an Indicator of compromise (IoC) in computer forensics. This is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise"
         },
+        "mute": {
+          "description": "Indicates the mute state of a finding (either unspecified, muted, unmuted or undefined).",
+          "enum": [
+            "MUTE_UNSPECIFIED",
+            "MUTED",
+            "UNMUTED",
+            "UNDEFINED"
+          ],
+          "enumDescriptions": [
+            "Unspecified.",
+            "Finding has been muted.",
+            "Finding has been unmuted.",
+            "Finding has never been muted/unmuted."
+          ],
+          "type": "string"
+        },
+        "muteInitiator": {
+          "description": "First known as mute_annotation. Records additional information about the mute operation e.g. mute config that muted the finding, user who muted the finding, etc.",
+          "type": "string"
+        },
+        "muteUpdateTime": {
+          "description": "Output only. The most recent time this finding was muted or unmuted.",
+          "format": "google-datetime",
+          "readOnly": true,
+          "type": "string"
+        },
         "name": {
           "description": "The relative resource name of this finding. See: https://cloud.google.com/apis/design/resource_names#relative_resource_name Example: \"organizations/{organization_id}/sources/{source_id}/findings/{finding_id}\"",
           "type": "string"
@@ -1768,6 +1802,77 @@
       },
       "type": "object"
     },
+    "GoogleCloudSecuritycenterV1ExternalSystem": {
+      "description": "Representation of third party SIEM/SOAR fields within SCC.",
+      "id": "GoogleCloudSecuritycenterV1ExternalSystem",
+      "properties": {
+        "assignees": {
+          "description": "References primary/secondary etc assignees in the external system.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "externalSystemUpdateTime": {
+          "description": "The most recent time when the corresponding finding's ticket/tracker was updated in the external system.",
+          "format": "google-datetime",
+          "type": "string"
+        },
+        "externalUid": {
+          "description": "Identifier that's used to track the given finding in the external system.",
+          "type": "string"
+        },
+        "name": {
+          "description": "External System Name e.g. jira, demisto, etc. e.g.: organizations/1234/sources/5678/findings/123456/externalSystems/jira folders/1234/sources/5678/findings/123456/externalSystems/jira projects/1234/sources/5678/findings/123456/externalSystems/jira",
+          "type": "string"
+        },
+        "status": {
+          "description": "Most recent status of the corresponding finding's ticket/tracker in the external system.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "GoogleCloudSecuritycenterV1MuteConfig": {
+      "description": "A mute config is a Cloud SCC resource that contains the configuration to mute create/update events of findings.",
+      "id": "GoogleCloudSecuritycenterV1MuteConfig",
+      "properties": {
+        "createTime": {
+          "description": "Output only. The time at which the mute config was created. This field is set by the server and will be ignored if provided on config creation.",
+          "format": "google-datetime",
+          "readOnly": true,
+          "type": "string"
+        },
+        "description": {
+          "description": "A description of the mute config.",
+          "type": "string"
+        },
+        "displayName": {
+          "description": "The human readable name to be displayed for the mute config.",
+          "type": "string"
+        },
+        "filter": {
+          "description": "Required. An expression that defines the filter to apply across create/update events of findings. While creating a filter string, be mindful of the scope in which the mute configuration is being created. E.g., If a filter contains project = X but is created under the project = Y scope, it might not match any findings. The following field and operator combinations are supported: * severity: `=`, `:` * category: `=`, `:` * resource.name: `=`, `:` * resource.project_name: `=`, `:` * resource.project_display_name: `=`, `:` * resource.folders.resource_folder: `=`, `:` * resource.parent_name: `=`, `:` * resource.parent_display_name: `=`, `:` * resource.type: `=`, `:` * finding_class: `=`, `:` * indicator.ip_addresses: `=`, `:` * indicator.domains: `=`, `:`",
+          "type": "string"
+        },
+        "mostRecentEditor": {
+          "description": "Output only. Email address of the user who last edited the mute config. This field is set by the server and will be ignored if provided on config creation or update.",
+          "readOnly": true,
+          "type": "string"
+        },
+        "name": {
+          "description": "This field will be ignored if provided on config creation. Format \"organizations/{organization}/muteConfigs/{mute_config}\" \"folders/{folder}/muteConfigs/{mute_config}\" \"projects/{project}/muteConfigs/{mute_config}\"",
+          "type": "string"
+        },
+        "updateTime": {
+          "description": "Output only. The most recent time at which the mute config was updated. This field is set by the server and will be ignored if provided on config creation or update.",
+          "format": "google-datetime",
+          "readOnly": true,
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
     "GoogleCloudSecuritycenterV1NotificationMessage": {
       "description": "Cloud SCC's Notification",
       "id": "GoogleCloudSecuritycenterV1NotificationMessage",
diff --git a/googleapiclient/discovery_cache/documents/serviceconsumermanagement.v1.json b/googleapiclient/discovery_cache/documents/serviceconsumermanagement.v1.json
index 60c0a750b53..b48098333af 100644
--- a/googleapiclient/discovery_cache/documents/serviceconsumermanagement.v1.json
+++ b/googleapiclient/discovery_cache/documents/serviceconsumermanagement.v1.json
@@ -542,7 +542,7 @@
       }
     }
   },
-  "revision": "20211105",
+  "revision": "20211112",
   "rootUrl": "https://serviceconsumermanagement.googleapis.com/",
   "schemas": {
     "AddTenantProjectRequest": {
diff --git a/googleapiclient/discovery_cache/documents/serviceconsumermanagement.v1beta1.json b/googleapiclient/discovery_cache/documents/serviceconsumermanagement.v1beta1.json
index 73bd6a2d246..eac96f0c51e 100644
--- a/googleapiclient/discovery_cache/documents/serviceconsumermanagement.v1beta1.json
+++ b/googleapiclient/discovery_cache/documents/serviceconsumermanagement.v1beta1.json
@@ -500,7 +500,7 @@
       }
     }
   },
-  "revision": "20211105",
+  "revision": "20211112",
   "rootUrl": "https://serviceconsumermanagement.googleapis.com/",
   "schemas": {
     "Api": {
diff --git a/googleapiclient/discovery_cache/documents/servicecontrol.v1.json b/googleapiclient/discovery_cache/documents/servicecontrol.v1.json
index 43a0ac4c256..2b1425aef95 100644
--- a/googleapiclient/discovery_cache/documents/servicecontrol.v1.json
+++ b/googleapiclient/discovery_cache/documents/servicecontrol.v1.json
@@ -197,7 +197,7 @@
       }
     }
   },
-  "revision": "20211022",
+  "revision": "20211029",
   "rootUrl": "https://servicecontrol.googleapis.com/",
   "schemas": {
     "AllocateInfo": {
diff --git a/googleapiclient/discovery_cache/documents/servicecontrol.v2.json b/googleapiclient/discovery_cache/documents/servicecontrol.v2.json
index 6fad75727ba..62d272ce9bc 100644
--- a/googleapiclient/discovery_cache/documents/servicecontrol.v2.json
+++ b/googleapiclient/discovery_cache/documents/servicecontrol.v2.json
@@ -169,7 +169,7 @@
       }
     }
   },
-  "revision": "20211022",
+  "revision": "20211029",
   "rootUrl": "https://servicecontrol.googleapis.com/",
   "schemas": {
     "Api": {
diff --git a/googleapiclient/discovery_cache/documents/servicedirectory.v1.json b/googleapiclient/discovery_cache/documents/servicedirectory.v1.json
index cae44dff380..b4438b467c5 100644
--- a/googleapiclient/discovery_cache/documents/servicedirectory.v1.json
+++ b/googleapiclient/discovery_cache/documents/servicedirectory.v1.json
@@ -883,7 +883,7 @@
       }
     }
   },
-  "revision": "20211027",
+  "revision": "20211103",
   "rootUrl": "https://servicedirectory.googleapis.com/",
   "schemas": {
     "Binding": {
@@ -980,7 +980,7 @@
       "id": "GetPolicyOptions",
       "properties": {
         "requestedPolicyVersion": {
-          "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+          "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
           "format": "int32",
           "type": "integer"
         }
diff --git a/googleapiclient/discovery_cache/documents/servicedirectory.v1beta1.json b/googleapiclient/discovery_cache/documents/servicedirectory.v1beta1.json
index 22ea11cae2c..9ccaf593879 100644
--- a/googleapiclient/discovery_cache/documents/servicedirectory.v1beta1.json
+++ b/googleapiclient/discovery_cache/documents/servicedirectory.v1beta1.json
@@ -883,7 +883,7 @@
       }
     }
   },
-  "revision": "20211027",
+  "revision": "20211103",
   "rootUrl": "https://servicedirectory.googleapis.com/",
   "schemas": {
     "Binding": {
@@ -996,7 +996,7 @@
       "id": "GetPolicyOptions",
       "properties": {
         "requestedPolicyVersion": {
-          "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+          "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
           "format": "int32",
           "type": "integer"
         }
diff --git a/googleapiclient/discovery_cache/documents/servicemanagement.v1.json b/googleapiclient/discovery_cache/documents/servicemanagement.v1.json
index 16dd3b8c98c..0cff75570cd 100644
--- a/googleapiclient/discovery_cache/documents/servicemanagement.v1.json
+++ b/googleapiclient/discovery_cache/documents/servicemanagement.v1.json
@@ -829,7 +829,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211105",
   "rootUrl": "https://servicemanagement.googleapis.com/",
   "schemas": {
     "Advice": {
@@ -1783,7 +1783,7 @@
       "id": "GetPolicyOptions",
       "properties": {
         "requestedPolicyVersion": {
-          "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+          "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
           "format": "int32",
           "type": "integer"
         }
diff --git a/googleapiclient/discovery_cache/documents/servicenetworking.v1.json b/googleapiclient/discovery_cache/documents/servicenetworking.v1.json
index 65638caf1c0..434ace352ad 100644
--- a/googleapiclient/discovery_cache/documents/servicenetworking.v1.json
+++ b/googleapiclient/discovery_cache/documents/servicenetworking.v1.json
@@ -860,7 +860,7 @@
       }
     }
   },
-  "revision": "20211103",
+  "revision": "20211112",
   "rootUrl": "https://servicenetworking.googleapis.com/",
   "schemas": {
     "AddDnsRecordSetMetadata": {
diff --git a/googleapiclient/discovery_cache/documents/servicenetworking.v1beta.json b/googleapiclient/discovery_cache/documents/servicenetworking.v1beta.json
index 869d9153d03..3335da91388 100644
--- a/googleapiclient/discovery_cache/documents/servicenetworking.v1beta.json
+++ b/googleapiclient/discovery_cache/documents/servicenetworking.v1beta.json
@@ -307,7 +307,7 @@
       }
     }
   },
-  "revision": "20211103",
+  "revision": "20211112",
   "rootUrl": "https://servicenetworking.googleapis.com/",
   "schemas": {
     "AddDnsRecordSetMetadata": {
diff --git a/googleapiclient/discovery_cache/documents/serviceusage.v1.json b/googleapiclient/discovery_cache/documents/serviceusage.v1.json
index f4116137017..898f8ffb2c2 100644
--- a/googleapiclient/discovery_cache/documents/serviceusage.v1.json
+++ b/googleapiclient/discovery_cache/documents/serviceusage.v1.json
@@ -426,7 +426,7 @@
       }
     }
   },
-  "revision": "20211105",
+  "revision": "20211112",
   "rootUrl": "https://serviceusage.googleapis.com/",
   "schemas": {
     "AdminQuotaPolicy": {
diff --git a/googleapiclient/discovery_cache/documents/serviceusage.v1beta1.json b/googleapiclient/discovery_cache/documents/serviceusage.v1beta1.json
index 51180ded87d..f8e7d5d158e 100644
--- a/googleapiclient/discovery_cache/documents/serviceusage.v1beta1.json
+++ b/googleapiclient/discovery_cache/documents/serviceusage.v1beta1.json
@@ -959,7 +959,7 @@
       }
     }
   },
-  "revision": "20211105",
+  "revision": "20211112",
   "rootUrl": "https://serviceusage.googleapis.com/",
   "schemas": {
     "AdminQuotaPolicy": {
diff --git a/googleapiclient/discovery_cache/documents/sheets.v4.json b/googleapiclient/discovery_cache/documents/sheets.v4.json
index 6f03d360e44..8e9d4436659 100644
--- a/googleapiclient/discovery_cache/documents/sheets.v4.json
+++ b/googleapiclient/discovery_cache/documents/sheets.v4.json
@@ -870,7 +870,7 @@
       }
     }
   },
-  "revision": "20211103",
+  "revision": "20211108",
   "rootUrl": "https://sheets.googleapis.com/",
   "schemas": {
     "AddBandingRequest": {
diff --git a/googleapiclient/discovery_cache/documents/slides.v1.json b/googleapiclient/discovery_cache/documents/slides.v1.json
index 4de06cc6636..a3386b0d7d7 100644
--- a/googleapiclient/discovery_cache/documents/slides.v1.json
+++ b/googleapiclient/discovery_cache/documents/slides.v1.json
@@ -313,7 +313,7 @@
       }
     }
   },
-  "revision": "20211102",
+  "revision": "20211108",
   "rootUrl": "https://slides.googleapis.com/",
   "schemas": {
     "AffineTransform": {
diff --git a/googleapiclient/discovery_cache/documents/smartdevicemanagement.v1.json b/googleapiclient/discovery_cache/documents/smartdevicemanagement.v1.json
index cabd8c79a04..9de232923c1 100644
--- a/googleapiclient/discovery_cache/documents/smartdevicemanagement.v1.json
+++ b/googleapiclient/discovery_cache/documents/smartdevicemanagement.v1.json
@@ -355,7 +355,7 @@
       }
     }
   },
-  "revision": "20211025",
+  "revision": "20211105",
   "rootUrl": "https://smartdevicemanagement.googleapis.com/",
   "schemas": {
     "GoogleHomeEnterpriseSdmV1Device": {
diff --git a/googleapiclient/discovery_cache/documents/speech.v1.json b/googleapiclient/discovery_cache/documents/speech.v1.json
index 5e0f8b82001..f7f183cedd6 100644
--- a/googleapiclient/discovery_cache/documents/speech.v1.json
+++ b/googleapiclient/discovery_cache/documents/speech.v1.json
@@ -171,6 +171,318 @@
         }
       }
     },
+    "projects": {
+      "resources": {
+        "locations": {
+          "resources": {
+            "customClasses": {
+              "methods": {
+                "create": {
+                  "description": "Create a custom class.",
+                  "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/customClasses",
+                  "httpMethod": "POST",
+                  "id": "speech.projects.locations.customClasses.create",
+                  "parameterOrder": [
+                    "parent"
+                  ],
+                  "parameters": {
+                    "parent": {
+                      "description": "Required. The parent resource where this custom class will be created. Format: {api_version}/projects/{project}/locations/{location}/customClasses",
+                      "location": "path",
+                      "pattern": "^projects/[^/]+/locations/[^/]+$",
+                      "required": true,
+                      "type": "string"
+                    }
+                  },
+                  "path": "v1/{+parent}/customClasses",
+                  "request": {
+                    "$ref": "CreateCustomClassRequest"
+                  },
+                  "response": {
+                    "$ref": "CustomClass"
+                  },
+                  "scopes": [
+                    "https://www.googleapis.com/auth/cloud-platform"
+                  ]
+                },
+                "delete": {
+                  "description": "Delete a custom class.",
+                  "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/customClasses/{customClassesId}",
+                  "httpMethod": "DELETE",
+                  "id": "speech.projects.locations.customClasses.delete",
+                  "parameterOrder": [
+                    "name"
+                  ],
+                  "parameters": {
+                    "name": {
+                      "description": "Required. The name of the custom class to delete. Format: {api_version}/projects/{project}/locations/{location}/customClasses/{custom_class}",
+                      "location": "path",
+                      "pattern": "^projects/[^/]+/locations/[^/]+/customClasses/[^/]+$",
+                      "required": true,
+                      "type": "string"
+                    }
+                  },
+                  "path": "v1/{+name}",
+                  "response": {
+                    "$ref": "Empty"
+                  },
+                  "scopes": [
+                    "https://www.googleapis.com/auth/cloud-platform"
+                  ]
+                },
+                "get": {
+                  "description": "Get a custom class.",
+                  "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/customClasses/{customClassesId}",
+                  "httpMethod": "GET",
+                  "id": "speech.projects.locations.customClasses.get",
+                  "parameterOrder": [
+                    "name"
+                  ],
+                  "parameters": {
+                    "name": {
+                      "description": "Required. The name of the custom class to retrieve. Format: {api_version}/projects/{project}/locations/{location}/customClasses/{custom_class}",
+                      "location": "path",
+                      "pattern": "^projects/[^/]+/locations/[^/]+/customClasses/[^/]+$",
+                      "required": true,
+                      "type": "string"
+                    }
+                  },
+                  "path": "v1/{+name}",
+                  "response": {
+                    "$ref": "CustomClass"
+                  },
+                  "scopes": [
+                    "https://www.googleapis.com/auth/cloud-platform"
+                  ]
+                },
+                "list": {
+                  "description": "List custom classes.",
+                  "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/customClasses",
+                  "httpMethod": "GET",
+                  "id": "speech.projects.locations.customClasses.list",
+                  "parameterOrder": [
+                    "parent"
+                  ],
+                  "parameters": {
+                    "pageSize": {
+                      "description": "The maximum number of custom classes to return. The service may return fewer than this value. If unspecified, at most 50 custom classes will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.",
+                      "format": "int32",
+                      "location": "query",
+                      "type": "integer"
+                    },
+                    "pageToken": {
+                      "description": "A page token, received from a previous `ListCustomClass` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListCustomClass` must match the call that provided the page token.",
+                      "location": "query",
+                      "type": "string"
+                    },
+                    "parent": {
+                      "description": "Required. The parent, which owns this collection of custom classes. Format: {api_version}/projects/{project}/locations/{location}/customClasses",
+                      "location": "path",
+                      "pattern": "^projects/[^/]+/locations/[^/]+$",
+                      "required": true,
+                      "type": "string"
+                    }
+                  },
+                  "path": "v1/{+parent}/customClasses",
+                  "response": {
+                    "$ref": "ListCustomClassesResponse"
+                  },
+                  "scopes": [
+                    "https://www.googleapis.com/auth/cloud-platform"
+                  ]
+                },
+                "patch": {
+                  "description": "Update a custom class.",
+                  "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/customClasses/{customClassesId}",
+                  "httpMethod": "PATCH",
+                  "id": "speech.projects.locations.customClasses.patch",
+                  "parameterOrder": [
+                    "name"
+                  ],
+                  "parameters": {
+                    "name": {
+                      "description": "The resource name of the custom class.",
+                      "location": "path",
+                      "pattern": "^projects/[^/]+/locations/[^/]+/customClasses/[^/]+$",
+                      "required": true,
+                      "type": "string"
+                    },
+                    "updateMask": {
+                      "description": "The list of fields to be updated.",
+                      "format": "google-fieldmask",
+                      "location": "query",
+                      "type": "string"
+                    }
+                  },
+                  "path": "v1/{+name}",
+                  "request": {
+                    "$ref": "CustomClass"
+                  },
+                  "response": {
+                    "$ref": "CustomClass"
+                  },
+                  "scopes": [
+                    "https://www.googleapis.com/auth/cloud-platform"
+                  ]
+                }
+              }
+            },
+            "phraseSets": {
+              "methods": {
+                "create": {
+                  "description": "Create a set of phrase hints. Each item in the set can be a single word or a multi-word phrase. The items in the PhraseSet are favored by the recognition model when you send a call that includes the PhraseSet.",
+                  "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/phraseSets",
+                  "httpMethod": "POST",
+                  "id": "speech.projects.locations.phraseSets.create",
+                  "parameterOrder": [
+                    "parent"
+                  ],
+                  "parameters": {
+                    "parent": {
+                      "description": "Required. The parent resource where this phrase set will be created. Format: {api_version}/projects/{project}/locations/{location}/phraseSets",
+                      "location": "path",
+                      "pattern": "^projects/[^/]+/locations/[^/]+$",
+                      "required": true,
+                      "type": "string"
+                    }
+                  },
+                  "path": "v1/{+parent}/phraseSets",
+                  "request": {
+                    "$ref": "CreatePhraseSetRequest"
+                  },
+                  "response": {
+                    "$ref": "PhraseSet"
+                  },
+                  "scopes": [
+                    "https://www.googleapis.com/auth/cloud-platform"
+                  ]
+                },
+                "delete": {
+                  "description": "Delete a phrase set.",
+                  "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/phraseSets/{phraseSetsId}",
+                  "httpMethod": "DELETE",
+                  "id": "speech.projects.locations.phraseSets.delete",
+                  "parameterOrder": [
+                    "name"
+                  ],
+                  "parameters": {
+                    "name": {
+                      "description": "Required. The name of the phrase set to delete. Format: {api_version}/projects/{project}/locations/{location}/phraseSets/{phrase_set}",
+                      "location": "path",
+                      "pattern": "^projects/[^/]+/locations/[^/]+/phraseSets/[^/]+$",
+                      "required": true,
+                      "type": "string"
+                    }
+                  },
+                  "path": "v1/{+name}",
+                  "response": {
+                    "$ref": "Empty"
+                  },
+                  "scopes": [
+                    "https://www.googleapis.com/auth/cloud-platform"
+                  ]
+                },
+                "get": {
+                  "description": "Get a phrase set.",
+                  "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/phraseSets/{phraseSetsId}",
+                  "httpMethod": "GET",
+                  "id": "speech.projects.locations.phraseSets.get",
+                  "parameterOrder": [
+                    "name"
+                  ],
+                  "parameters": {
+                    "name": {
+                      "description": "Required. The name of the phrase set to retrieve. Format: {api_version}/projects/{project}/locations/{location}/phraseSets/{phrase_set}",
+                      "location": "path",
+                      "pattern": "^projects/[^/]+/locations/[^/]+/phraseSets/[^/]+$",
+                      "required": true,
+                      "type": "string"
+                    }
+                  },
+                  "path": "v1/{+name}",
+                  "response": {
+                    "$ref": "PhraseSet"
+                  },
+                  "scopes": [
+                    "https://www.googleapis.com/auth/cloud-platform"
+                  ]
+                },
+                "list": {
+                  "description": "List phrase sets.",
+                  "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/phraseSets",
+                  "httpMethod": "GET",
+                  "id": "speech.projects.locations.phraseSets.list",
+                  "parameterOrder": [
+                    "parent"
+                  ],
+                  "parameters": {
+                    "pageSize": {
+                      "description": "The maximum number of phrase sets to return. The service may return fewer than this value. If unspecified, at most 50 phrase sets will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.",
+                      "format": "int32",
+                      "location": "query",
+                      "type": "integer"
+                    },
+                    "pageToken": {
+                      "description": "A page token, received from a previous `ListPhraseSet` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListPhraseSet` must match the call that provided the page token.",
+                      "location": "query",
+                      "type": "string"
+                    },
+                    "parent": {
+                      "description": "Required. The parent, which owns this collection of phrase set. Format: projects/{project}/locations/{location}",
+                      "location": "path",
+                      "pattern": "^projects/[^/]+/locations/[^/]+$",
+                      "required": true,
+                      "type": "string"
+                    }
+                  },
+                  "path": "v1/{+parent}/phraseSets",
+                  "response": {
+                    "$ref": "ListPhraseSetResponse"
+                  },
+                  "scopes": [
+                    "https://www.googleapis.com/auth/cloud-platform"
+                  ]
+                },
+                "patch": {
+                  "description": "Update a phrase set.",
+                  "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/phraseSets/{phraseSetsId}",
+                  "httpMethod": "PATCH",
+                  "id": "speech.projects.locations.phraseSets.patch",
+                  "parameterOrder": [
+                    "name"
+                  ],
+                  "parameters": {
+                    "name": {
+                      "description": "The resource name of the phrase set.",
+                      "location": "path",
+                      "pattern": "^projects/[^/]+/locations/[^/]+/phraseSets/[^/]+$",
+                      "required": true,
+                      "type": "string"
+                    },
+                    "updateMask": {
+                      "description": "The list of fields to be updated.",
+                      "format": "google-fieldmask",
+                      "location": "query",
+                      "type": "string"
+                    }
+                  },
+                  "path": "v1/{+name}",
+                  "request": {
+                    "$ref": "PhraseSet"
+                  },
+                  "response": {
+                    "$ref": "PhraseSet"
+                  },
+                  "scopes": [
+                    "https://www.googleapis.com/auth/cloud-platform"
+                  ]
+                }
+              }
+            }
+          }
+        }
+      }
+    },
     "speech": {
       "methods": {
         "longrunningrecognize": {
@@ -212,9 +524,96 @@
       }
     }
   },
-  "revision": "20211021",
+  "revision": "20211104",
   "rootUrl": "https://speech.googleapis.com/",
   "schemas": {
+    "ClassItem": {
+      "description": "An item of the class.",
+      "id": "ClassItem",
+      "properties": {
+        "value": {
+          "description": "The class item's value.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "CreateCustomClassRequest": {
+      "description": "Message sent by the client for the `CreateCustomClass` method.",
+      "id": "CreateCustomClassRequest",
+      "properties": {
+        "customClass": {
+          "$ref": "CustomClass",
+          "description": "Required. The custom class to create."
+        },
+        "customClassId": {
+          "description": "Required. The ID to use for the custom class, which will become the final component of the custom class' resource name. This value should be 4-63 characters, and valid characters are /a-z-/.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "CreatePhraseSetRequest": {
+      "description": "Message sent by the client for the `CreatePhraseSet` method.",
+      "id": "CreatePhraseSetRequest",
+      "properties": {
+        "phraseSet": {
+          "$ref": "PhraseSet",
+          "description": "Required. The phrase set to create."
+        },
+        "phraseSetId": {
+          "description": "Required. The ID to use for the phrase set, which will become the final component of the phrase set's resource name. This value should be 4-63 characters, and valid characters are /a-z-/.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "CustomClass": {
+      "description": "A set of words or phrases that represents a common concept likely to appear in your audio, for example a list of passenger ship names. CustomClass items can be substituted into placeholders that you set in PhraseSet phrases.",
+      "id": "CustomClass",
+      "properties": {
+        "customClassId": {
+          "description": "If this custom class is a resource, the custom_class_id is the resource id of the CustomClass. Case sensitive.",
+          "type": "string"
+        },
+        "items": {
+          "description": "A collection of class items.",
+          "items": {
+            "$ref": "ClassItem"
+          },
+          "type": "array"
+        },
+        "name": {
+          "description": "The resource name of the custom class.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "Empty": {
+      "description": "A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for `Empty` is empty JSON object `{}`.",
+      "id": "Empty",
+      "properties": {},
+      "type": "object"
+    },
+    "ListCustomClassesResponse": {
+      "description": "Message returned to the client by the `ListCustomClasses` method.",
+      "id": "ListCustomClassesResponse",
+      "properties": {
+        "customClasses": {
+          "description": "The custom classes.",
+          "items": {
+            "$ref": "CustomClass"
+          },
+          "type": "array"
+        },
+        "nextPageToken": {
+          "description": "A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
     "ListOperationsResponse": {
       "description": "The response message for Operations.ListOperations.",
       "id": "ListOperationsResponse",
@@ -233,6 +632,24 @@
       },
       "type": "object"
     },
+    "ListPhraseSetResponse": {
+      "description": "Message returned to the client by the `ListPhraseSet` method.",
+      "id": "ListPhraseSetResponse",
+      "properties": {
+        "nextPageToken": {
+          "description": "A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.",
+          "type": "string"
+        },
+        "phraseSets": {
+          "description": "The phrase set.",
+          "items": {
+            "$ref": "PhraseSet"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
     "LongRunningRecognizeMetadata": {
       "description": "Describes the progress of a long-running `LongRunningRecognize` call. It is included in the `metadata` field of the `Operation` returned by the `GetOperation` call of the `google::longrunning::Operations` service.",
       "id": "LongRunningRecognizeMetadata",
@@ -341,6 +758,45 @@
       },
       "type": "object"
     },
+    "Phrase": {
+      "description": "A phrases containing words and phrase \"hints\" so that the speech recognition is more likely to recognize them. This can be used to improve the accuracy for specific words and phrases, for example, if specific commands are typically spoken by the user. This can also be used to add additional words to the vocabulary of the recognizer. See [usage limits](https://cloud.google.com/speech-to-text/quotas#content). List items can also include pre-built or custom classes containing groups of words that represent common concepts that occur in natural language. For example, rather than providing a phrase hint for every month of the year (e.g. \"i was born in january\", \"i was born in febuary\", ...), use the pre-built `$MONTH` class improves the likelihood of correctly transcribing audio that includes months (e.g. \"i was born in $month\"). To refer to pre-built classes, use the class' symbol prepended with `$` e.g. `$MONTH`. To refer to custom classes that were defined inline in the request, set the class's `custom_class_id` to a string unique to all class resources and inline classes. Then use the class' id wrapped in $`{...}` e.g. \"${my-months}\". To refer to custom classes resources, use the class' id wrapped in `${}` (e.g. `${my-months}`).",
+      "id": "Phrase",
+      "properties": {
+        "boost": {
+          "description": "Hint Boost. Overrides the boost set at the phrase set level. Positive value will increase the probability that a specific phrase will be recognized over other similar sounding phrases. The higher the boost, the higher the chance of false positive recognition as well. Negative boost will simply be ignored. Though `boost` can accept a wide range of positive values, most use cases are best served with values between 0 and 20. We recommend using a binary search approach to finding the optimal value for your use case. Speech recognition will skip PhraseSets with a boost value of 0.",
+          "format": "float",
+          "type": "number"
+        },
+        "value": {
+          "description": "The phrase itself.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "PhraseSet": {
+      "description": "Provides \"hints\" to the speech recognizer to favor specific words and phrases in the results.",
+      "id": "PhraseSet",
+      "properties": {
+        "boost": {
+          "description": "Hint Boost. Positive value will increase the probability that a specific phrase will be recognized over other similar sounding phrases. The higher the boost, the higher the chance of false positive recognition as well. Negative boost values would correspond to anti-biasing. Anti-biasing is not enabled, so negative boost will simply be ignored. Though `boost` can accept a wide range of positive values, most use cases are best served with values between 0 (exclusive) and 20. We recommend using a binary search approach to finding the optimal value for your use case. Speech recognition will skip PhraseSets with a boost value of 0.",
+          "format": "float",
+          "type": "number"
+        },
+        "name": {
+          "description": "The resource name of the phrase set.",
+          "type": "string"
+        },
+        "phrases": {
+          "description": "A list of word and phrases.",
+          "items": {
+            "$ref": "Phrase"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
     "RecognitionAudio": {
       "description": "Contains audio data in the encoding specified in the `RecognitionConfig`. Either `content` or `uri` must be supplied. Supplying both or neither returns google.rpc.Code.INVALID_ARGUMENT. See [content limits](https://cloud.google.com/speech-to-text/quotas#content).",
       "id": "RecognitionAudio",
@@ -361,6 +817,10 @@
       "description": "Provides information to the recognizer that specifies how to process the request.",
       "id": "RecognitionConfig",
       "properties": {
+        "adaptation": {
+          "$ref": "SpeechAdaptation",
+          "description": "Speech adaptation configuration improves the accuracy of speech recognition. For more information, see the [speech adaptation](https://cloud.google.com/speech-to-text/docs/adaptation) documentation. When speech adaptation is set it supersedes the `speech_contexts` field."
+        },
         "alternativeLanguageCodes": {
           "description": "A list of up to 3 additional [BCP-47](https://www.rfc-editor.org/rfc/bcp/bcp47.txt) language tags, listing possible alternative languages of the supplied audio. See [Language Support](https://cloud.google.com/speech-to-text/docs/languages) for a list of the currently supported language codes. If alternative languages are listed, recognition result will contain recognition in the most likely language detected including the main language_code. The recognition result will include the language tag of the language detected in the audio. Note: This feature is only supported for Voice Command and Voice Search use cases and performance may vary for other use cases (e.g., phone call transcription).",
           "items": {
@@ -423,7 +883,7 @@
             "Adaptive Multi-Rate Wideband codec. `sample_rate_hertz` must be 16000.",
             "Opus encoded audio frames in Ogg container ([OggOpus](https://wiki.xiph.org/OggOpus)). `sample_rate_hertz` must be one of 8000, 12000, 16000, 24000, or 48000.",
             "Although the use of lossy encodings is not recommended, if a very low bitrate encoding is required, `OGG_OPUS` is highly preferred over Speex encoding. The [Speex](https://speex.org/) encoding supported by Cloud Speech API has a header byte in each block, as in MIME type `audio/x-speex-with-header-byte`. It is a variant of the RTP Speex encoding defined in [RFC 5574](https://tools.ietf.org/html/rfc5574). The stream is a sequence of blocks, one block per RTP packet. Each block starts with a byte containing the length of the block, in bytes, followed by one or more frames of Speex data, padded to an integral number of bytes (octets) as specified in RFC 5574. In other words, each RTP header is replaced with a single byte containing the block length. Only Speex wideband is supported. `sample_rate_hertz` must be 16000.",
-            "Opus encoded audio frames in WebM container ([OggOpus](https://wiki.xiph.org/OggOpus)). This is a Beta features and only available in v1p1beta1. `sample_rate_hertz` must be one of 8000, 12000, 16000, 24000, or 48000."
+            "Opus encoded audio frames in WebM container ([OggOpus](https://wiki.xiph.org/OggOpus)). `sample_rate_hertz` must be one of 8000, 12000, 16000, 24000, or 48000."
           ],
           "type": "string"
         },
@@ -630,10 +1090,43 @@
       },
       "type": "object"
     },
+    "SpeechAdaptation": {
+      "description": "Speech adaptation configuration.",
+      "id": "SpeechAdaptation",
+      "properties": {
+        "customClasses": {
+          "description": "A collection of custom classes. To specify the classes inline, leave the class' `name` blank and fill in the rest of its fields, giving it a unique `custom_class_id`. Refer to the inline defined class in phrase hints by its `custom_class_id`.",
+          "items": {
+            "$ref": "CustomClass"
+          },
+          "type": "array"
+        },
+        "phraseSetReferences": {
+          "description": "A collection of phrase set resource names to use.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "phraseSets": {
+          "description": "A collection of phrase sets. To specify the hints inline, leave the phrase set's `name` blank and fill in the rest of its fields. Any phrase set can use any custom class.",
+          "items": {
+            "$ref": "PhraseSet"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
     "SpeechContext": {
       "description": "Provides \"hints\" to the speech recognizer to favor specific words and phrases in the results.",
       "id": "SpeechContext",
       "properties": {
+        "boost": {
+          "description": "Hint Boost. Positive value will increase the probability that a specific phrase will be recognized over other similar sounding phrases. The higher the boost, the higher the chance of false positive recognition as well. Negative boost values would correspond to anti-biasing. Anti-biasing is not enabled, so negative boost will simply be ignored. Though `boost` can accept a wide range of positive values, most use cases are best served with values between 0 and 20. We recommend using a binary search approach to finding the optimal value for your use case.",
+          "format": "float",
+          "type": "number"
+        },
         "phrases": {
           "description": "A list of strings containing words and phrases \"hints\" so that the speech recognition is more likely to recognize them. This can be used to improve the accuracy for specific words and phrases, for example, if specific commands are typically spoken by the user. This can also be used to add additional words to the vocabulary of the recognizer. See [usage limits](https://cloud.google.com/speech-to-text/quotas#content). List items can also be set to classes for groups of words that represent common concepts that occur in natural language. For example, rather than providing phrase hints for every month of the year, using the $MONTH class improves the likelihood of correctly transcribing audio that includes months.",
           "items": {
@@ -687,6 +1180,11 @@
           "description": "Output only. The [BCP-47](https://www.rfc-editor.org/rfc/bcp/bcp47.txt) language tag of the language in this result. This language code was detected to have the most likelihood of being spoken in the audio.",
           "readOnly": true,
           "type": "string"
+        },
+        "resultEndTime": {
+          "description": "Time offset of the end of this result relative to the beginning of the audio.",
+          "format": "google-duration",
+          "type": "string"
         }
       },
       "type": "object"
diff --git a/googleapiclient/discovery_cache/documents/speech.v1p1beta1.json b/googleapiclient/discovery_cache/documents/speech.v1p1beta1.json
index df9c9498594..dccdc8df99b 100644
--- a/googleapiclient/discovery_cache/documents/speech.v1p1beta1.json
+++ b/googleapiclient/discovery_cache/documents/speech.v1p1beta1.json
@@ -524,7 +524,7 @@
       }
     }
   },
-  "revision": "20211021",
+  "revision": "20211104",
   "rootUrl": "https://speech.googleapis.com/",
   "schemas": {
     "ClassItem": {
@@ -787,7 +787,7 @@
       "id": "Phrase",
       "properties": {
         "boost": {
-          "description": "Hint Boost. Overrides the boost set at the phrase set level. Positive value will increase the probability that a specific phrase will be recognized over other similar sounding phrases. The higher the boost, the higher the chance of false positive recognition as well. Negative boost values would correspond to anti-biasing. Anti-biasing is not enabled, so negative boost will simply be ignored. Though `boost` can accept a wide range of positive values, most use cases are best served with values between 0 and 20. We recommend using a binary search approach to finding the optimal value for your use case. Speech recognition will skip PhraseSets with a boost value of 0.",
+          "description": "Hint Boost. Overrides the boost set at the phrase set level. Positive value will increase the probability that a specific phrase will be recognized over other similar sounding phrases. The higher the boost, the higher the chance of false positive recognition as well. Negative boost will simply be ignored. Though `boost` can accept a wide range of positive values, most use cases are best served with values between 0 and 20. We recommend using a binary search approach to finding the optimal value for your use case. Speech recognition will skip PhraseSets with a boost value of 0.",
           "format": "float",
           "type": "number"
         },
@@ -843,7 +843,7 @@
       "properties": {
         "adaptation": {
           "$ref": "SpeechAdaptation",
-          "description": "Speech adaptation configuration improves the accuracy of speech recognition. When speech adaptation is set it supersedes the `speech_contexts` field. For more information, see the [speech adaptation](https://cloud.google.com/speech-to-text/docs/adaptation) documentation."
+          "description": "Speech adaptation configuration improves the accuracy of speech recognition. For more information, see the [speech adaptation](https://cloud.google.com/speech-to-text/docs/adaptation) documentation. When speech adaptation is set it supersedes the `speech_contexts` field."
         },
         "alternativeLanguageCodes": {
           "description": "A list of up to 3 additional [BCP-47](https://www.rfc-editor.org/rfc/bcp/bcp47.txt) language tags, listing possible alternative languages of the supplied audio. See [Language Support](https://cloud.google.com/speech-to-text/docs/languages) for a list of the currently supported language codes. If alternative languages are listed, recognition result will contain recognition in the most likely language detected including the main language_code. The recognition result will include the language tag of the language detected in the audio. Note: This feature is only supported for Voice Command and Voice Search use cases and performance may vary for other use cases (e.g., phone call transcription).",
@@ -918,7 +918,7 @@
             "Opus encoded audio frames in Ogg container ([OggOpus](https://wiki.xiph.org/OggOpus)). `sample_rate_hertz` must be one of 8000, 12000, 16000, 24000, or 48000.",
             "Although the use of lossy encodings is not recommended, if a very low bitrate encoding is required, `OGG_OPUS` is highly preferred over Speex encoding. The [Speex](https://speex.org/) encoding supported by Cloud Speech API has a header byte in each block, as in MIME type `audio/x-speex-with-header-byte`. It is a variant of the RTP Speex encoding defined in [RFC 5574](https://tools.ietf.org/html/rfc5574). The stream is a sequence of blocks, one block per RTP packet. Each block starts with a byte containing the length of the block, in bytes, followed by one or more frames of Speex data, padded to an integral number of bytes (octets) as specified in RFC 5574. In other words, each RTP header is replaced with a single byte containing the block length. Only Speex wideband is supported. `sample_rate_hertz` must be 16000.",
             "MP3 audio. MP3 encoding is a Beta feature and only available in v1p1beta1. Support all standard MP3 bitrates (which range from 32-320 kbps). When using this encoding, `sample_rate_hertz` has to match the sample rate of the file being used.",
-            "Opus encoded audio frames in WebM container ([OggOpus](https://wiki.xiph.org/OggOpus)). This is a Beta features and only available in v1p1beta1. `sample_rate_hertz` must be one of 8000, 12000, 16000, 24000, or 48000."
+            "Opus encoded audio frames in WebM container ([OggOpus](https://wiki.xiph.org/OggOpus)). `sample_rate_hertz` must be one of 8000, 12000, 16000, 24000, or 48000."
           ],
           "type": "string"
         },
@@ -1224,6 +1224,11 @@
           "description": "Output only. The [BCP-47](https://www.rfc-editor.org/rfc/bcp/bcp47.txt) language tag of the language in this result. This language code was detected to have the most likelihood of being spoken in the audio.",
           "readOnly": true,
           "type": "string"
+        },
+        "resultEndTime": {
+          "description": "Time offset of the end of this result relative to the beginning of the audio.",
+          "format": "google-duration",
+          "type": "string"
         }
       },
       "type": "object"
diff --git a/googleapiclient/discovery_cache/documents/speech.v2beta1.json b/googleapiclient/discovery_cache/documents/speech.v2beta1.json
index be279baadb5..eb3618ab0c7 100644
--- a/googleapiclient/discovery_cache/documents/speech.v2beta1.json
+++ b/googleapiclient/discovery_cache/documents/speech.v2beta1.json
@@ -184,7 +184,7 @@
       }
     }
   },
-  "revision": "20211021",
+  "revision": "20211104",
   "rootUrl": "https://speech.googleapis.com/",
   "schemas": {
     "ListOperationsResponse": {
diff --git a/googleapiclient/discovery_cache/documents/sqladmin.v1.json b/googleapiclient/discovery_cache/documents/sqladmin.v1.json
index 34b9ec5a6d0..7a1bf1898a5 100644
--- a/googleapiclient/discovery_cache/documents/sqladmin.v1.json
+++ b/googleapiclient/discovery_cache/documents/sqladmin.v1.json
@@ -1877,7 +1877,7 @@
       }
     }
   },
-  "revision": "20211023",
+  "revision": "20211110",
   "rootUrl": "https://sqladmin.googleapis.com/",
   "schemas": {
     "AclEntry": {
@@ -2243,7 +2243,10 @@
             "POSTGRES_10",
             "POSTGRES_12",
             "MYSQL_8_0",
+            "MYSQL_8_0_18",
+            "MYSQL_8_0_26",
             "POSTGRES_13",
+            "POSTGRES_14",
             "SQLSERVER_2019_STANDARD",
             "SQLSERVER_2019_ENTERPRISE",
             "SQLSERVER_2019_EXPRESS",
@@ -2264,7 +2267,10 @@
             "The database version is PostgreSQL 10.",
             "The database version is PostgreSQL 12.",
             "The database version is MySQL 8.",
+            "The database major version is MySQL 8.0 and the minor version is 18.",
+            "The database major version is MySQL 8.0 and the minor version is 26.",
             "The database version is PostgreSQL 13.",
+            "The database version is PostgreSQL 14.",
             "The database version is SQL Server 2019 Standard.",
             "The database version is SQL Server 2019 Enterprise.",
             "The database version is SQL Server 2019 Express.",
@@ -2386,6 +2392,11 @@
           "format": "int64",
           "type": "string"
         },
+        "databaseInstalledVersion": {
+          "description": "Output only. The databaseInstalledVersion stores the current fully resolved database version running on the instance including minor version such as MYSQL_5_6_50",
+          "readOnly": true,
+          "type": "string"
+        },
         "databaseVersion": {
           "description": "The database engine type and version. The **databaseVersion** field cannot be changed after instance creation.",
           "enum": [
@@ -2403,7 +2414,10 @@
             "POSTGRES_10",
             "POSTGRES_12",
             "MYSQL_8_0",
+            "MYSQL_8_0_18",
+            "MYSQL_8_0_26",
             "POSTGRES_13",
+            "POSTGRES_14",
             "SQLSERVER_2019_STANDARD",
             "SQLSERVER_2019_ENTERPRISE",
             "SQLSERVER_2019_EXPRESS",
@@ -2424,7 +2438,10 @@
             "The database version is PostgreSQL 10.",
             "The database version is PostgreSQL 12.",
             "The database version is MySQL 8.",
+            "The database major version is MySQL 8.0 and the minor version is 18.",
+            "The database major version is MySQL 8.0 and the minor version is 26.",
             "The database version is PostgreSQL 13.",
+            "The database version is PostgreSQL 14.",
             "The database version is SQL Server 2019 Standard.",
             "The database version is SQL Server 2019 Enterprise.",
             "The database version is SQL Server 2019 Express.",
@@ -2463,7 +2480,7 @@
           "type": "string"
         },
         "instanceType": {
-          "description": "The instance type. This can be one of the following: * **CLOUD_SQL_INSTANCE**: A Cloud SQL instance that is not replicating from a primary instance. * **ON_PREMISES_INSTANCE**: An instance running on the customer's premises. * **READ_REPLICA_INSTANCE**: A Cloud SQL instance configured as a read-replica.",
+          "description": "The instance type.",
           "enum": [
             "SQL_INSTANCE_TYPE_UNSPECIFIED",
             "CLOUD_SQL_INSTANCE",
@@ -2472,7 +2489,7 @@
           ],
           "enumDescriptions": [
             "This is an unknown Cloud SQL instance type.",
-            "A regular Cloud SQL instance.",
+            "A regular Cloud SQL instance that is not replicating from a primary instance.",
             "An instance running on the customer's premises that is not managed by Cloud SQL.",
             "A Cloud SQL instance acting as a read-replica."
           ],
@@ -2585,7 +2602,7 @@
             "The instance is being created.",
             "The instance is down for maintenance.",
             "The creation of the instance failed or a fatal error occurred during maintenance.",
-            "The instance is under maintenance operations and the database is available."
+            "Deprecated"
           ],
           "type": "string"
         },
@@ -2784,14 +2801,14 @@
           "type": "object"
         },
         "databases": {
-          "description": "Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.",
+          "description": "Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.",
           "items": {
             "type": "string"
           },
           "type": "array"
         },
         "fileType": {
-          "description": "The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.",
+          "description": "The file type for the specified uri.",
           "enum": [
             "SQL_FILE_TYPE_UNSPECIFIED",
             "SQL",
@@ -2821,7 +2838,7 @@
               "description": "Options for exporting from MySQL.",
               "properties": {
                 "masterData": {
-                  "description": "Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.",
+                  "description": "Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.",
                   "format": "int32",
                   "type": "integer"
                 }
@@ -2902,7 +2919,10 @@
               "POSTGRES_10",
               "POSTGRES_12",
               "MYSQL_8_0",
+              "MYSQL_8_0_18",
+              "MYSQL_8_0_26",
               "POSTGRES_13",
+              "POSTGRES_14",
               "SQLSERVER_2019_STANDARD",
               "SQLSERVER_2019_ENTERPRISE",
               "SQLSERVER_2019_EXPRESS",
@@ -2923,7 +2943,10 @@
               "The database version is PostgreSQL 10.",
               "The database version is PostgreSQL 12.",
               "The database version is MySQL 8.",
+              "The database major version is MySQL 8.0 and the minor version is 18.",
+              "The database major version is MySQL 8.0 and the minor version is 26.",
               "The database version is PostgreSQL 13.",
+              "The database version is PostgreSQL 14.",
               "The database version is SQL Server 2019 Standard.",
               "The database version is SQL Server 2019 Enterprise.",
               "The database version is SQL Server 2019 Express.",
@@ -3326,7 +3349,7 @@
       "id": "IpConfiguration",
       "properties": {
         "allocatedIpRange": {
-          "description": "The name of the allocated ip range for the private ip CloudSQL instance. For example: \"google-managed-services-default\". If set, the instance ip will be created in the allocated range. The range name must comply with [RFC 1035](https://tools.ietf.org/html/rfc1035). Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?.` Reserved for future use.",
+          "description": "The name of the allocated ip range for the private ip CloudSQL instance. For example: \"google-managed-services-default\". If set, the instance ip will be created in the allocated range. The range name must comply with [RFC 1035](https://tools.ietf.org/html/rfc1035). Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?.`",
           "type": "string"
         },
         "authorizedNetworks": {
@@ -3679,7 +3702,7 @@
           "type": "string"
         },
         "status": {
-          "description": "The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**",
+          "description": "The status of an operation.",
           "enum": [
             "SQL_OPERATION_STATUS_UNSPECIFIED",
             "PENDING",
@@ -3771,6 +3794,60 @@
       },
       "type": "object"
     },
+    "PasswordStatus": {
+      "description": "Read-only password status.",
+      "id": "PasswordStatus",
+      "properties": {
+        "locked": {
+          "description": "If true, user does not have login privileges.",
+          "type": "boolean"
+        },
+        "passwordExpirationTime": {
+          "description": "The expiration time of the current password.",
+          "format": "google-datetime",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "PasswordValidationPolicy": {
+      "description": "Database instance local user password validation policy",
+      "id": "PasswordValidationPolicy",
+      "properties": {
+        "complexity": {
+          "description": "The complexity of the password.",
+          "enum": [
+            "COMPLEXITY_UNSPECIFIED",
+            "COMPLEXITY_DEFAULT"
+          ],
+          "enumDescriptions": [
+            "Complexity check is not specified.",
+            "A combination of lowercase, uppercase, numeric, and non-alphanumeric characters."
+          ],
+          "type": "string"
+        },
+        "disallowUsernameSubstring": {
+          "description": "Disallow username as a part of the password.",
+          "type": "boolean"
+        },
+        "minLength": {
+          "description": "Minimum number of characters allowed.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "passwordChangeInterval": {
+          "description": "Minimum interval after which the password can be changed.",
+          "format": "google-duration",
+          "type": "string"
+        },
+        "reuseInterval": {
+          "description": "Number of previous passwords that cannot be reused.",
+          "format": "int32",
+          "type": "integer"
+        }
+      },
+      "type": "object"
+    },
     "ReplicaConfiguration": {
       "description": "Read-replica configuration for connecting to the primary instance.",
       "id": "ReplicaConfiguration",
@@ -3972,6 +4049,10 @@
           "$ref": "MaintenanceWindow",
           "description": "The maintenance window for this instance. This specifies when the instance can be restarted for maintenance purposes."
         },
+        "passwordValidationPolicy": {
+          "$ref": "PasswordValidationPolicy",
+          "description": "The local user password validation policy of the instance."
+        },
         "pricingPlan": {
           "description": "The pricing plan for this instance. This can be either **PER_USE** or **PACKAGE**. Only **PER_USE** is supported for Second Generation instances.",
           "enum": [
@@ -4535,7 +4616,7 @@
           "type": "string"
         },
         "host": {
-          "description": "The host name from which the user can connect. For **insert** operations, host defaults to an empty string. For **update** operations, host is specified as part of the request URL. The host name cannot be updated after insertion.",
+          "description": "Optional. The host name from which the user can connect. For **insert** operations, host defaults to an empty string. For **update** operations, host is specified as part of the request URL. The host name cannot be updated after insertion. For a MySQL instance, it's required; for a PostgreSQL or SQL Server instance, it's optional.",
           "type": "string"
         },
         "instance": {
@@ -4554,6 +4635,10 @@
           "description": "The password for the user.",
           "type": "string"
         },
+        "passwordPolicy": {
+          "$ref": "UserPasswordValidationPolicy",
+          "description": "User level password validation policy."
+        },
         "project": {
           "description": "The project ID of the project containing the Cloud SQL database. The Google apps domain is prefixed if applicable. Can be omitted for **update** since it is already specified on the URL.",
           "type": "string"
@@ -4578,6 +4663,32 @@
       },
       "type": "object"
     },
+    "UserPasswordValidationPolicy": {
+      "description": "User level password validation policy.",
+      "id": "UserPasswordValidationPolicy",
+      "properties": {
+        "allowedFailedAttempts": {
+          "description": "Number of failed login attempts allowed before user get locked.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "enableFailedAttemptsCheck": {
+          "description": "If true, failed login attempts check will be enabled.",
+          "type": "boolean"
+        },
+        "passwordExpirationDuration": {
+          "description": "Expiration duration after password is updated.",
+          "format": "google-duration",
+          "type": "string"
+        },
+        "status": {
+          "$ref": "PasswordStatus",
+          "description": "Output only. Read-only password status.",
+          "readOnly": true
+        }
+      },
+      "type": "object"
+    },
     "UsersListResponse": {
       "description": "User list response.",
       "id": "UsersListResponse",
diff --git a/googleapiclient/discovery_cache/documents/sqladmin.v1beta4.json b/googleapiclient/discovery_cache/documents/sqladmin.v1beta4.json
index 24896588fc0..de6bfc4d153 100644
--- a/googleapiclient/discovery_cache/documents/sqladmin.v1beta4.json
+++ b/googleapiclient/discovery_cache/documents/sqladmin.v1beta4.json
@@ -1877,7 +1877,7 @@
       }
     }
   },
-  "revision": "20211023",
+  "revision": "20211110",
   "rootUrl": "https://sqladmin.googleapis.com/",
   "schemas": {
     "AclEntry": {
@@ -2243,7 +2243,10 @@
             "POSTGRES_10",
             "POSTGRES_12",
             "MYSQL_8_0",
+            "MYSQL_8_0_18",
+            "MYSQL_8_0_26",
             "POSTGRES_13",
+            "POSTGRES_14",
             "SQLSERVER_2019_STANDARD",
             "SQLSERVER_2019_ENTERPRISE",
             "SQLSERVER_2019_EXPRESS",
@@ -2264,7 +2267,10 @@
             "The database version is PostgreSQL 10.",
             "The database version is PostgreSQL 12.",
             "The database version is MySQL 8.",
+            "The database major version is MySQL 8.0 and the minor version is 18.",
+            "The database major version is MySQL 8.0 and the minor version is 26.",
             "The database version is PostgreSQL 13.",
+            "The database version is PostgreSQL 14.",
             "The database version is SQL Server 2019 Standard.",
             "The database version is SQL Server 2019 Enterprise.",
             "The database version is SQL Server 2019 Express.",
@@ -2386,6 +2392,11 @@
           "format": "int64",
           "type": "string"
         },
+        "databaseInstalledVersion": {
+          "description": "Output only. The databaseInstalledVersion stores the current fully resolved database version running on the instance including minor version such as MYSQL_5_6_50",
+          "readOnly": true,
+          "type": "string"
+        },
         "databaseVersion": {
           "description": "The database engine type and version. The **databaseVersion** field cannot be changed after instance creation.",
           "enum": [
@@ -2403,7 +2414,10 @@
             "POSTGRES_10",
             "POSTGRES_12",
             "MYSQL_8_0",
+            "MYSQL_8_0_18",
+            "MYSQL_8_0_26",
             "POSTGRES_13",
+            "POSTGRES_14",
             "SQLSERVER_2019_STANDARD",
             "SQLSERVER_2019_ENTERPRISE",
             "SQLSERVER_2019_EXPRESS",
@@ -2424,7 +2438,10 @@
             "The database version is PostgreSQL 10.",
             "The database version is PostgreSQL 12.",
             "The database version is MySQL 8.",
+            "The database major version is MySQL 8.0 and the minor version is 18.",
+            "The database major version is MySQL 8.0 and the minor version is 26.",
             "The database version is PostgreSQL 13.",
+            "The database version is PostgreSQL 14.",
             "The database version is SQL Server 2019 Standard.",
             "The database version is SQL Server 2019 Enterprise.",
             "The database version is SQL Server 2019 Express.",
@@ -2463,7 +2480,7 @@
           "type": "string"
         },
         "instanceType": {
-          "description": "The instance type. This can be one of the following: * **CLOUD_SQL_INSTANCE**: A Cloud SQL instance that is not replicating from a primary instance. * **ON_PREMISES_INSTANCE**: An instance running on the customer's premises. * **READ_REPLICA_INSTANCE**: A Cloud SQL instance configured as a read-replica.",
+          "description": "The instance type.",
           "enum": [
             "SQL_INSTANCE_TYPE_UNSPECIFIED",
             "CLOUD_SQL_INSTANCE",
@@ -2472,7 +2489,7 @@
           ],
           "enumDescriptions": [
             "This is an unknown Cloud SQL instance type.",
-            "A regular Cloud SQL instance.",
+            "A regular Cloud SQL instance that is not replicating from a primary instance.",
             "An instance running on the customer's premises that is not managed by Cloud SQL.",
             "A Cloud SQL instance acting as a read-replica."
           ],
@@ -2585,7 +2602,7 @@
             "The instance is being created.",
             "The instance is down for maintenance.",
             "The creation of the instance failed or a fatal error occurred during maintenance.",
-            "The instance is under maintenance operations and the database is available."
+            "Deprecated"
           ],
           "type": "string"
         },
@@ -2784,14 +2801,14 @@
           "type": "object"
         },
         "databases": {
-          "description": "Databases to be exported. * **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. * **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. * **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.",
+          "description": "Databases to be exported. **MySQL instances:** If **fileType** is **SQL** and no database is specified, all databases are exported, except for the **mysql** system database. If **fileType** is **CSV**, you can specify one database, either by using this property or by using the **csvExportOptions.selectQuery** property, which takes precedence over this property. **PostgreSQL instances:** You must specify one database to be exported. If **fileType** is **CSV**, this database must match the one specified in the **csvExportOptions.selectQuery** property. **SQL Server instances:** You must specify one database to be exported, and the **fileType** must be **BAK**.",
           "items": {
             "type": "string"
           },
           "type": "array"
         },
         "fileType": {
-          "description": "The file type for the specified uri. * **SQL**: The file contains SQL statements. * **CSV**: The file contains CSV data. * **BAK**: The file contains backup data for a SQL Server instance.",
+          "description": "The file type for the specified uri.",
           "enum": [
             "SQL_FILE_TYPE_UNSPECIFIED",
             "SQL",
@@ -2821,7 +2838,7 @@
               "description": "Options for exporting from MySQL.",
               "properties": {
                 "masterData": {
-                  "description": "Option to include SQL statement required to set up replication. * If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. * If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. * If set to any value other than **1**, --set-gtid-purged is set to OFF.",
+                  "description": "Option to include SQL statement required to set up replication. If set to **1**, the dump file includes a CHANGE MASTER TO statement with the binary log coordinates, and --set-gtid-purged is set to ON. If set to **2**, the CHANGE MASTER TO statement is written as a SQL comment and has no effect. If set to any value other than **1**, --set-gtid-purged is set to OFF.",
                   "format": "int32",
                   "type": "integer"
                 }
@@ -2902,7 +2919,10 @@
               "POSTGRES_10",
               "POSTGRES_12",
               "MYSQL_8_0",
+              "MYSQL_8_0_18",
+              "MYSQL_8_0_26",
               "POSTGRES_13",
+              "POSTGRES_14",
               "SQLSERVER_2019_STANDARD",
               "SQLSERVER_2019_ENTERPRISE",
               "SQLSERVER_2019_EXPRESS",
@@ -2923,7 +2943,10 @@
               "The database version is PostgreSQL 10.",
               "The database version is PostgreSQL 12.",
               "The database version is MySQL 8.",
+              "The database major version is MySQL 8.0 and the minor version is 18.",
+              "The database major version is MySQL 8.0 and the minor version is 26.",
               "The database version is PostgreSQL 13.",
+              "The database version is PostgreSQL 14.",
               "The database version is SQL Server 2019 Standard.",
               "The database version is SQL Server 2019 Enterprise.",
               "The database version is SQL Server 2019 Express.",
@@ -3326,7 +3349,7 @@
       "id": "IpConfiguration",
       "properties": {
         "allocatedIpRange": {
-          "description": "The name of the allocated ip range for the private ip CloudSQL instance. For example: \"google-managed-services-default\". If set, the instance ip will be created in the allocated range. The range name must comply with [RFC 1035](https://tools.ietf.org/html/rfc1035). Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?.` Reserved for future use.",
+          "description": "The name of the allocated ip range for the private ip CloudSQL instance. For example: \"google-managed-services-default\". If set, the instance ip will be created in the allocated range. The range name must comply with [RFC 1035](https://tools.ietf.org/html/rfc1035). Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?.`",
           "type": "string"
         },
         "authorizedNetworks": {
@@ -3679,7 +3702,7 @@
           "type": "string"
         },
         "status": {
-          "description": "The status of an operation. Valid values are: * **PENDING** * **RUNNING** * **DONE** * **SQL_OPERATION_STATUS_UNSPECIFIED**",
+          "description": "The status of an operation.",
           "enum": [
             "SQL_OPERATION_STATUS_UNSPECIFIED",
             "PENDING",
@@ -3771,6 +3794,60 @@
       },
       "type": "object"
     },
+    "PasswordStatus": {
+      "description": "Read-only password status.",
+      "id": "PasswordStatus",
+      "properties": {
+        "locked": {
+          "description": "If true, user does not have login privileges.",
+          "type": "boolean"
+        },
+        "passwordExpirationTime": {
+          "description": "The expiration time of the current password.",
+          "format": "google-datetime",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "PasswordValidationPolicy": {
+      "description": "Database instance local user password validation policy",
+      "id": "PasswordValidationPolicy",
+      "properties": {
+        "complexity": {
+          "description": "The complexity of the password.",
+          "enum": [
+            "COMPLEXITY_UNSPECIFIED",
+            "COMPLEXITY_DEFAULT"
+          ],
+          "enumDescriptions": [
+            "Complexity check is not specified.",
+            "A combination of lowercase, uppercase, numeric, and non-alphanumeric characters."
+          ],
+          "type": "string"
+        },
+        "disallowUsernameSubstring": {
+          "description": "Disallow username as a part of the password.",
+          "type": "boolean"
+        },
+        "minLength": {
+          "description": "Minimum number of characters allowed.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "passwordChangeInterval": {
+          "description": "Minimum interval after which the password can be changed.",
+          "format": "google-duration",
+          "type": "string"
+        },
+        "reuseInterval": {
+          "description": "Number of previous passwords that cannot be reused.",
+          "format": "int32",
+          "type": "integer"
+        }
+      },
+      "type": "object"
+    },
     "ReplicaConfiguration": {
       "description": "Read-replica configuration for connecting to the primary instance.",
       "id": "ReplicaConfiguration",
@@ -3972,6 +4049,10 @@
           "$ref": "MaintenanceWindow",
           "description": "The maintenance window for this instance. This specifies when the instance can be restarted for maintenance purposes."
         },
+        "passwordValidationPolicy": {
+          "$ref": "PasswordValidationPolicy",
+          "description": "The local user password validation policy of the instance."
+        },
         "pricingPlan": {
           "description": "The pricing plan for this instance. This can be either **PER_USE** or **PACKAGE**. Only **PER_USE** is supported for Second Generation instances.",
           "enum": [
@@ -4533,7 +4614,7 @@
           "type": "string"
         },
         "host": {
-          "description": "The host name from which the user can connect. For *insert* operations, host defaults to an empty string. For *update* operations, host is specified as part of the request URL. The host name cannot be updated after insertion.",
+          "description": "Optional. The host name from which the user can connect. For **insert** operations, host defaults to an empty string. For **update** operations, host is specified as part of the request URL. The host name cannot be updated after insertion. For a MySQL instance, it's required; for a PostgreSQL or SQL Server instance, it's optional.",
           "type": "string"
         },
         "instance": {
@@ -4545,13 +4626,17 @@
           "type": "string"
         },
         "name": {
-          "description": "The name of the user in the Cloud SQL instance. Can be omitted for *update* since it is already specified in the URL.",
+          "description": "The name of the user in the Cloud SQL instance. Can be omitted for **update** since it is already specified in the URL.",
           "type": "string"
         },
         "password": {
           "description": "The password for the user.",
           "type": "string"
         },
+        "passwordPolicy": {
+          "$ref": "UserPasswordValidationPolicy",
+          "description": "User level password validation policy."
+        },
         "project": {
           "description": "The project ID of the project containing the Cloud SQL database. The Google apps domain is prefixed if applicable. Can be omitted for *update* since it is already specified on the URL.",
           "type": "string"
@@ -4576,6 +4661,32 @@
       },
       "type": "object"
     },
+    "UserPasswordValidationPolicy": {
+      "description": "User level password validation policy.",
+      "id": "UserPasswordValidationPolicy",
+      "properties": {
+        "allowedFailedAttempts": {
+          "description": "Number of failed login attempts allowed before user get locked.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "enableFailedAttemptsCheck": {
+          "description": "If true, failed login attempts check will be enabled.",
+          "type": "boolean"
+        },
+        "passwordExpirationDuration": {
+          "description": "Expiration duration after password is updated.",
+          "format": "google-duration",
+          "type": "string"
+        },
+        "status": {
+          "$ref": "PasswordStatus",
+          "description": "Output only. Read-only password status.",
+          "readOnly": true
+        }
+      },
+      "type": "object"
+    },
     "UsersListResponse": {
       "description": "User list response.",
       "id": "UsersListResponse",
diff --git a/googleapiclient/discovery_cache/documents/storage.v1.json b/googleapiclient/discovery_cache/documents/storage.v1.json
index 9cdee6aeec1..5c624955370 100644
--- a/googleapiclient/discovery_cache/documents/storage.v1.json
+++ b/googleapiclient/discovery_cache/documents/storage.v1.json
@@ -26,7 +26,7 @@
   "description": "Stores and retrieves potentially large, immutable data objects.",
   "discoveryVersion": "v1",
   "documentationLink": "https://developers.google.com/storage/docs/json_api/",
-  "etag": "\"32383235363935393932373334363133333630\"",
+  "etag": "\"3135373738373630333430383239313231313330\"",
   "icons": {
     "x16": "https://www.google.com/images/icons/product/cloud_storage-16.png",
     "x32": "https://www.google.com/images/icons/product/cloud_storage-32.png"
@@ -3230,7 +3230,7 @@
       }
     }
   },
-  "revision": "20211104",
+  "revision": "20211113",
   "rootUrl": "https://storage.googleapis.com/",
   "schemas": {
     "Bucket": {
diff --git a/googleapiclient/discovery_cache/documents/storagetransfer.v1.json b/googleapiclient/discovery_cache/documents/storagetransfer.v1.json
index 373e16eb33b..35e3c50860e 100644
--- a/googleapiclient/discovery_cache/documents/storagetransfer.v1.json
+++ b/googleapiclient/discovery_cache/documents/storagetransfer.v1.json
@@ -600,7 +600,7 @@
       }
     }
   },
-  "revision": "20211105",
+  "revision": "20211108",
   "rootUrl": "https://storagetransfer.googleapis.com/",
   "schemas": {
     "AgentPool": {
diff --git a/googleapiclient/discovery_cache/documents/streetviewpublish.v1.json b/googleapiclient/discovery_cache/documents/streetviewpublish.v1.json
index 7628dcf0ff5..2af067690a5 100644
--- a/googleapiclient/discovery_cache/documents/streetviewpublish.v1.json
+++ b/googleapiclient/discovery_cache/documents/streetviewpublish.v1.json
@@ -272,7 +272,7 @@
           "parameterOrder": [],
           "parameters": {
             "languageCode": {
-              "description": "The BCP-47 language code, such as \"en-US\" or \"sr-Latn\". For more information, see http://www.unicode.org/reports/tr35/#Unicode_locale_identifier. If language_code is unspecified, the user's language preference for Google services is used.",
+              "description": "Optional. The BCP-47 language code, such as \"en-US\" or \"sr-Latn\". For more information, see http://www.unicode.org/reports/tr35/#Unicode_locale_identifier. If language_code is unspecified, the user's language preference for Google services is used.",
               "location": "query",
               "type": "string"
             },
@@ -375,7 +375,7 @@
       }
     }
   },
-  "revision": "20211105",
+  "revision": "20211112",
   "rootUrl": "https://streetviewpublish.googleapis.com/",
   "schemas": {
     "BatchDeletePhotosRequest": {
diff --git a/googleapiclient/discovery_cache/documents/sts.v1.json b/googleapiclient/discovery_cache/documents/sts.v1.json
index 4c42e07ff62..b043a91d858 100644
--- a/googleapiclient/discovery_cache/documents/sts.v1.json
+++ b/googleapiclient/discovery_cache/documents/sts.v1.json
@@ -114,7 +114,7 @@
           }
         },
         "token": {
-          "description": "Exchanges a credential for a Google OAuth 2.0 access token. The token asserts an external identity within a workload identity pool, or it applies a Credential Access Boundary to a Google access token. When you call this method, do not send the `Authorization` HTTP header in the request. This method does not require the `Authorization` header, and using the header can cause the request to fail.",
+          "description": "Exchanges a credential for a Google OAuth 2.0 access token. The token asserts an external identity within an identity pool, or it applies a Credential Access Boundary to a Google access token. When you call this method, do not send the `Authorization` HTTP header in the request. This method does not require the `Authorization` header, and using the header can cause the request to fail.",
           "flatPath": "v1/token",
           "httpMethod": "POST",
           "id": "sts.token",
@@ -131,7 +131,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211105",
   "rootUrl": "https://sts.googleapis.com/",
   "schemas": {
     "GoogleIamV1Binding": {
diff --git a/googleapiclient/discovery_cache/documents/sts.v1beta.json b/googleapiclient/discovery_cache/documents/sts.v1beta.json
index f0659455600..35bcda6a485 100644
--- a/googleapiclient/discovery_cache/documents/sts.v1beta.json
+++ b/googleapiclient/discovery_cache/documents/sts.v1beta.json
@@ -116,7 +116,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211105",
   "rootUrl": "https://sts.googleapis.com/",
   "schemas": {
     "GoogleIamV1Binding": {
diff --git a/googleapiclient/discovery_cache/documents/tagmanager.v1.json b/googleapiclient/discovery_cache/documents/tagmanager.v1.json
index f1777b61410..bcf47d06a4a 100644
--- a/googleapiclient/discovery_cache/documents/tagmanager.v1.json
+++ b/googleapiclient/discovery_cache/documents/tagmanager.v1.json
@@ -1932,7 +1932,7 @@
       }
     }
   },
-  "revision": "20211103",
+  "revision": "20211110",
   "rootUrl": "https://tagmanager.googleapis.com/",
   "schemas": {
     "Account": {
diff --git a/googleapiclient/discovery_cache/documents/tagmanager.v2.json b/googleapiclient/discovery_cache/documents/tagmanager.v2.json
index 998b74df437..fb2b616228d 100644
--- a/googleapiclient/discovery_cache/documents/tagmanager.v2.json
+++ b/googleapiclient/discovery_cache/documents/tagmanager.v2.json
@@ -3317,7 +3317,7 @@
       }
     }
   },
-  "revision": "20211103",
+  "revision": "20211110",
   "rootUrl": "https://tagmanager.googleapis.com/",
   "schemas": {
     "Account": {
diff --git a/googleapiclient/discovery_cache/documents/tasks.v1.json b/googleapiclient/discovery_cache/documents/tasks.v1.json
index 63327625d4c..f1d029313d3 100644
--- a/googleapiclient/discovery_cache/documents/tasks.v1.json
+++ b/googleapiclient/discovery_cache/documents/tasks.v1.json
@@ -566,7 +566,7 @@
       }
     }
   },
-  "revision": "20211105",
+  "revision": "20211112",
   "rootUrl": "https://tasks.googleapis.com/",
   "schemas": {
     "Task": {
diff --git a/googleapiclient/discovery_cache/documents/testing.v1.json b/googleapiclient/discovery_cache/documents/testing.v1.json
index 32a2011a244..02a0741a003 100644
--- a/googleapiclient/discovery_cache/documents/testing.v1.json
+++ b/googleapiclient/discovery_cache/documents/testing.v1.json
@@ -282,7 +282,7 @@
       }
     }
   },
-  "revision": "20211025",
+  "revision": "20211104",
   "rootUrl": "https://testing.googleapis.com/",
   "schemas": {
     "Account": {
diff --git a/googleapiclient/discovery_cache/documents/texttospeech.v1.json b/googleapiclient/discovery_cache/documents/texttospeech.v1.json
index 446bb2d5e20..2f2d15e14a1 100644
--- a/googleapiclient/discovery_cache/documents/texttospeech.v1.json
+++ b/googleapiclient/discovery_cache/documents/texttospeech.v1.json
@@ -181,7 +181,7 @@
           "parameterOrder": [],
           "parameters": {
             "languageCode": {
-              "description": "Optional. Recommended. [BCP-47](https://www.rfc-editor.org/rfc/bcp/bcp47.txt) language tag. If not specified, the API will return all supported voices. If specified, the ListVoices call will only return voices that can be used to synthesize this language_code. E.g. when specifying \"en-NZ\", you will get supported \"en-NZ\" voices; when specifying \"no\", you will get supported \"no-\\*\" (Norwegian) and \"nb-\\*\" (Norwegian Bokmal) voices; specifying \"zh\" will also get supported \"cmn-\\*\" voices; specifying \"zh-hk\" will also get supported \"yue-hk\" voices.",
+              "description": "Optional. Recommended. [BCP-47](https://www.rfc-editor.org/rfc/bcp/bcp47.txt) language tag. If not specified, the API will return all supported voices. If specified, the ListVoices call will only return voices that can be used to synthesize this language_code. E.g. when specifying `\"en-NZ\"`, you will get supported `\"en-NZ\"` voices; when specifying `\"no\"`, you will get supported `\"no-\\*\"` (Norwegian) and `\"nb-\\*\"` (Norwegian Bokmal) voices; specifying `\"zh\"` will also get supported `\"cmn-\\*\"` voices; specifying `\"zh-hk\"` will also get supported `\"yue-hk\"` voices.",
               "location": "query",
               "type": "string"
             }
@@ -197,7 +197,7 @@
       }
     }
   },
-  "revision": "20211022",
+  "revision": "20211105",
   "rootUrl": "https://texttospeech.googleapis.com/",
   "schemas": {
     "AudioConfig": {
diff --git a/googleapiclient/discovery_cache/documents/texttospeech.v1beta1.json b/googleapiclient/discovery_cache/documents/texttospeech.v1beta1.json
index 9506584c9e1..4edae63335e 100644
--- a/googleapiclient/discovery_cache/documents/texttospeech.v1beta1.json
+++ b/googleapiclient/discovery_cache/documents/texttospeech.v1beta1.json
@@ -137,7 +137,7 @@
           "parameterOrder": [],
           "parameters": {
             "languageCode": {
-              "description": "Optional. Recommended. [BCP-47](https://www.rfc-editor.org/rfc/bcp/bcp47.txt) language tag. If not specified, the API will return all supported voices. If specified, the ListVoices call will only return voices that can be used to synthesize this language_code. E.g. when specifying \"en-NZ\", you will get supported \"en-NZ\" voices; when specifying \"no\", you will get supported \"no-\\*\" (Norwegian) and \"nb-\\*\" (Norwegian Bokmal) voices; specifying \"zh\" will also get supported \"cmn-\\*\" voices; specifying \"zh-hk\" will also get supported \"yue-hk\" voices.",
+              "description": "Optional. Recommended. [BCP-47](https://www.rfc-editor.org/rfc/bcp/bcp47.txt) language tag. If not specified, the API will return all supported voices. If specified, the ListVoices call will only return voices that can be used to synthesize this language_code. E.g. when specifying `\"en-NZ\"`, you will get supported `\"en-NZ\"` voices; when specifying `\"no\"`, you will get supported `\"no-\\*\"` (Norwegian) and `\"nb-\\*\"` (Norwegian Bokmal) voices; specifying `\"zh\"` will also get supported `\"cmn-\\*\"` voices; specifying `\"zh-hk\"` will also get supported `\"yue-hk\"` voices.",
               "location": "query",
               "type": "string"
             }
@@ -153,7 +153,7 @@
       }
     }
   },
-  "revision": "20211022",
+  "revision": "20211105",
   "rootUrl": "https://texttospeech.googleapis.com/",
   "schemas": {
     "AudioConfig": {
diff --git a/googleapiclient/discovery_cache/documents/toolresults.v1beta3.json b/googleapiclient/discovery_cache/documents/toolresults.v1beta3.json
index 3febd56de8f..d5feb7d637d 100644
--- a/googleapiclient/discovery_cache/documents/toolresults.v1beta3.json
+++ b/googleapiclient/discovery_cache/documents/toolresults.v1beta3.json
@@ -1463,7 +1463,7 @@
       }
     }
   },
-  "revision": "20211106",
+  "revision": "20211115",
   "rootUrl": "https://toolresults.googleapis.com/",
   "schemas": {
     "ANR": {
diff --git a/googleapiclient/discovery_cache/documents/tpu.v1.json b/googleapiclient/discovery_cache/documents/tpu.v1.json
index c66af9aa81b..031574f0822 100644
--- a/googleapiclient/discovery_cache/documents/tpu.v1.json
+++ b/googleapiclient/discovery_cache/documents/tpu.v1.json
@@ -659,7 +659,7 @@
       }
     }
   },
-  "revision": "20211101",
+  "revision": "20211108",
   "rootUrl": "https://tpu.googleapis.com/",
   "schemas": {
     "AcceleratorType": {
diff --git a/googleapiclient/discovery_cache/documents/tpu.v1alpha1.json b/googleapiclient/discovery_cache/documents/tpu.v1alpha1.json
index 7136ef4da35..6e84388331b 100644
--- a/googleapiclient/discovery_cache/documents/tpu.v1alpha1.json
+++ b/googleapiclient/discovery_cache/documents/tpu.v1alpha1.json
@@ -669,7 +669,7 @@
       }
     }
   },
-  "revision": "20211101",
+  "revision": "20211108",
   "rootUrl": "https://tpu.googleapis.com/",
   "schemas": {
     "AcceleratorType": {
diff --git a/googleapiclient/discovery_cache/documents/tpu.v2alpha1.json b/googleapiclient/discovery_cache/documents/tpu.v2alpha1.json
index d0ef42c79e3..5dfeea62be5 100644
--- a/googleapiclient/discovery_cache/documents/tpu.v2alpha1.json
+++ b/googleapiclient/discovery_cache/documents/tpu.v2alpha1.json
@@ -721,7 +721,7 @@
       }
     }
   },
-  "revision": "20211101",
+  "revision": "20211108",
   "rootUrl": "https://tpu.googleapis.com/",
   "schemas": {
     "AcceleratorType": {
@@ -1028,6 +1028,10 @@
       "description": "Network related configurations.",
       "id": "NetworkConfig",
       "properties": {
+        "canIpForward": {
+          "description": "Allows the TPU node to send and receive packets with non-matching destination or source IPs. This is required if you plan to use the TPU workers to forward routes.",
+          "type": "boolean"
+        },
         "enableExternalIps": {
           "description": "Indicates that external IP addresses would be associated with the TPU workers. If set to false, the specified subnetwork or network should have Private Google Access enabled.",
           "type": "boolean"
diff --git a/googleapiclient/discovery_cache/documents/translate.v3.json b/googleapiclient/discovery_cache/documents/translate.v3.json
index 51b1106eeec..c555f8a75e7 100644
--- a/googleapiclient/discovery_cache/documents/translate.v3.json
+++ b/googleapiclient/discovery_cache/documents/translate.v3.json
@@ -744,7 +744,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211105",
   "rootUrl": "https://translation.googleapis.com/",
   "schemas": {
     "BatchDocumentInputConfig": {
diff --git a/googleapiclient/discovery_cache/documents/translate.v3beta1.json b/googleapiclient/discovery_cache/documents/translate.v3beta1.json
index 8ee16493cc0..1c1ab69f11f 100644
--- a/googleapiclient/discovery_cache/documents/translate.v3beta1.json
+++ b/googleapiclient/discovery_cache/documents/translate.v3beta1.json
@@ -744,7 +744,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211105",
   "rootUrl": "https://translation.googleapis.com/",
   "schemas": {
     "BatchDocumentInputConfig": {
diff --git a/googleapiclient/discovery_cache/documents/versionhistory.v1.json b/googleapiclient/discovery_cache/documents/versionhistory.v1.json
index d68223058da..4612aa4bcb7 100644
--- a/googleapiclient/discovery_cache/documents/versionhistory.v1.json
+++ b/googleapiclient/discovery_cache/documents/versionhistory.v1.json
@@ -271,7 +271,7 @@
       }
     }
   },
-  "revision": "20211108",
+  "revision": "20211115",
   "rootUrl": "https://versionhistory.googleapis.com/",
   "schemas": {
     "Channel": {
diff --git a/googleapiclient/discovery_cache/documents/videointelligence.v1.json b/googleapiclient/discovery_cache/documents/videointelligence.v1.json
index 323f4049fe3..7ee26a985d7 100644
--- a/googleapiclient/discovery_cache/documents/videointelligence.v1.json
+++ b/googleapiclient/discovery_cache/documents/videointelligence.v1.json
@@ -350,7 +350,7 @@
       }
     }
   },
-  "revision": "20211021",
+  "revision": "20211104",
   "rootUrl": "https://videointelligence.googleapis.com/",
   "schemas": {
     "GoogleCloudVideointelligenceV1_AnnotateVideoProgress": {
diff --git a/googleapiclient/discovery_cache/documents/videointelligence.v1beta2.json b/googleapiclient/discovery_cache/documents/videointelligence.v1beta2.json
index 415b1037fce..a2194173211 100644
--- a/googleapiclient/discovery_cache/documents/videointelligence.v1beta2.json
+++ b/googleapiclient/discovery_cache/documents/videointelligence.v1beta2.json
@@ -128,7 +128,7 @@
       }
     }
   },
-  "revision": "20211021",
+  "revision": "20211104",
   "rootUrl": "https://videointelligence.googleapis.com/",
   "schemas": {
     "GoogleCloudVideointelligenceV1_AnnotateVideoProgress": {
diff --git a/googleapiclient/discovery_cache/documents/videointelligence.v1p1beta1.json b/googleapiclient/discovery_cache/documents/videointelligence.v1p1beta1.json
index f3c341c88a9..2d5f2d8849f 100644
--- a/googleapiclient/discovery_cache/documents/videointelligence.v1p1beta1.json
+++ b/googleapiclient/discovery_cache/documents/videointelligence.v1p1beta1.json
@@ -128,7 +128,7 @@
       }
     }
   },
-  "revision": "20211021",
+  "revision": "20211104",
   "rootUrl": "https://videointelligence.googleapis.com/",
   "schemas": {
     "GoogleCloudVideointelligenceV1_AnnotateVideoProgress": {
diff --git a/googleapiclient/discovery_cache/documents/videointelligence.v1p2beta1.json b/googleapiclient/discovery_cache/documents/videointelligence.v1p2beta1.json
index de0e7e8300f..ac1bceafc91 100644
--- a/googleapiclient/discovery_cache/documents/videointelligence.v1p2beta1.json
+++ b/googleapiclient/discovery_cache/documents/videointelligence.v1p2beta1.json
@@ -128,7 +128,7 @@
       }
     }
   },
-  "revision": "20211021",
+  "revision": "20211104",
   "rootUrl": "https://videointelligence.googleapis.com/",
   "schemas": {
     "GoogleCloudVideointelligenceV1_AnnotateVideoProgress": {
diff --git a/googleapiclient/discovery_cache/documents/videointelligence.v1p3beta1.json b/googleapiclient/discovery_cache/documents/videointelligence.v1p3beta1.json
index 5005f47ec9b..1cf97a3f241 100644
--- a/googleapiclient/discovery_cache/documents/videointelligence.v1p3beta1.json
+++ b/googleapiclient/discovery_cache/documents/videointelligence.v1p3beta1.json
@@ -128,7 +128,7 @@
       }
     }
   },
-  "revision": "20211021",
+  "revision": "20211104",
   "rootUrl": "https://videointelligence.googleapis.com/",
   "schemas": {
     "GoogleCloudVideointelligenceV1_AnnotateVideoProgress": {
diff --git a/googleapiclient/discovery_cache/documents/vision.v1.json b/googleapiclient/discovery_cache/documents/vision.v1.json
index a9b81c472c2..b4cf0cd2692 100644
--- a/googleapiclient/discovery_cache/documents/vision.v1.json
+++ b/googleapiclient/discovery_cache/documents/vision.v1.json
@@ -1282,7 +1282,7 @@
       }
     }
   },
-  "revision": "20211008",
+  "revision": "20211029",
   "rootUrl": "https://vision.googleapis.com/",
   "schemas": {
     "AddProductToProductSetRequest": {
diff --git a/googleapiclient/discovery_cache/documents/vision.v1p1beta1.json b/googleapiclient/discovery_cache/documents/vision.v1p1beta1.json
index 1fbfa089a8f..7c39590d16d 100644
--- a/googleapiclient/discovery_cache/documents/vision.v1p1beta1.json
+++ b/googleapiclient/discovery_cache/documents/vision.v1p1beta1.json
@@ -449,7 +449,7 @@
       }
     }
   },
-  "revision": "20211008",
+  "revision": "20211029",
   "rootUrl": "https://vision.googleapis.com/",
   "schemas": {
     "AnnotateFileResponse": {
diff --git a/googleapiclient/discovery_cache/documents/vision.v1p2beta1.json b/googleapiclient/discovery_cache/documents/vision.v1p2beta1.json
index dce0984f114..709e09f595b 100644
--- a/googleapiclient/discovery_cache/documents/vision.v1p2beta1.json
+++ b/googleapiclient/discovery_cache/documents/vision.v1p2beta1.json
@@ -449,7 +449,7 @@
       }
     }
   },
-  "revision": "20211008",
+  "revision": "20211029",
   "rootUrl": "https://vision.googleapis.com/",
   "schemas": {
     "AnnotateFileResponse": {
diff --git a/googleapiclient/discovery_cache/documents/vmmigration.v1.json b/googleapiclient/discovery_cache/documents/vmmigration.v1.json
index cf5c8dd47c5..0378c84bc83 100644
--- a/googleapiclient/discovery_cache/documents/vmmigration.v1.json
+++ b/googleapiclient/discovery_cache/documents/vmmigration.v1.json
@@ -1001,6 +1001,21 @@
                           "pattern": "^projects/[^/]+/locations/[^/]+/sources/[^/]+/migratingVms/[^/]+$",
                           "required": true,
                           "type": "string"
+                        },
+                        "view": {
+                          "description": "Optional. The level of details of the migrating VM.",
+                          "enum": [
+                            "MIGRATING_VM_VIEW_UNSPECIFIED",
+                            "MIGRATING_VM_VIEW_BASIC",
+                            "MIGRATING_VM_VIEW_FULL"
+                          ],
+                          "enumDescriptions": [
+                            "View is unspecified. The API will fallback to the default value.",
+                            "Get the migrating VM basic details. The basic details do not include the recent clone jobs and recent cutover jobs lists.",
+                            "Include everything."
+                          ],
+                          "location": "query",
+                          "type": "string"
                         }
                       },
                       "path": "v1/{+name}",
@@ -1047,6 +1062,21 @@
                           "pattern": "^projects/[^/]+/locations/[^/]+/sources/[^/]+$",
                           "required": true,
                           "type": "string"
+                        },
+                        "view": {
+                          "description": "Optional. The level of details of each migrating VM.",
+                          "enum": [
+                            "MIGRATING_VM_VIEW_UNSPECIFIED",
+                            "MIGRATING_VM_VIEW_BASIC",
+                            "MIGRATING_VM_VIEW_FULL"
+                          ],
+                          "enumDescriptions": [
+                            "View is unspecified. The API will fallback to the default value.",
+                            "Get the migrating VM basic details. The basic details do not include the recent clone jobs and recent cutover jobs lists.",
+                            "Include everything."
+                          ],
+                          "location": "query",
+                          "type": "string"
                         }
                       },
                       "path": "v1/{+parent}/migratingVms",
@@ -1828,7 +1858,7 @@
       }
     }
   },
-  "revision": "20211021",
+  "revision": "20211107",
   "rootUrl": "https://vmmigration.googleapis.com/",
   "schemas": {
     "AddGroupMigrationRequest": {
@@ -2808,6 +2838,22 @@
           "$ref": "SchedulePolicy",
           "description": "The replication schedule policy."
         },
+        "recentCloneJobs": {
+          "description": "Output only. The recent clone jobs performed on the migrating VM. This field holds the vm's last completed clone job and the vm's running clone job, if one exists. Note: To have this field populated you need to explicitly request it via the \"view\" parameter of the Get/List request.",
+          "items": {
+            "$ref": "CloneJob"
+          },
+          "readOnly": true,
+          "type": "array"
+        },
+        "recentCutoverJobs": {
+          "description": "Output only. The recent cutover jobs performed on the migrating VM. This field holds the vm's last completed cutover job and the vm's running cutover job, if one exists. Note: To have this field populated you need to explicitly request it via the \"view\" parameter of the Get/List request.",
+          "items": {
+            "$ref": "CutoverJob"
+          },
+          "readOnly": true,
+          "type": "array"
+        },
         "sourceVmId": {
           "description": "The unique ID of the VM in the source. The VM's name in vSphere can be changed, so this is not the VM's name but rather its moRef id. This id is of the form vm-.",
           "type": "string"
diff --git a/googleapiclient/discovery_cache/documents/vmmigration.v1alpha1.json b/googleapiclient/discovery_cache/documents/vmmigration.v1alpha1.json
index 86c33793336..91e376ff626 100644
--- a/googleapiclient/discovery_cache/documents/vmmigration.v1alpha1.json
+++ b/googleapiclient/discovery_cache/documents/vmmigration.v1alpha1.json
@@ -1010,7 +1010,7 @@
                             "MIGRATING_VM_VIEW_FULL"
                           ],
                           "enumDescriptions": [
-                            "The default / unset value. Will fallback to FULL.",
+                            "View is unspecified. The API will fallback to the default value.",
                             "Get the migrating VM basic details. The basic details do not include the recent clone jobs and recent cutover jobs lists.",
                             "Include everything."
                           ],
@@ -1071,7 +1071,7 @@
                             "MIGRATING_VM_VIEW_FULL"
                           ],
                           "enumDescriptions": [
-                            "The default / unset value. Will fallback to FULL.",
+                            "View is unspecified. The API will fallback to the default value.",
                             "Get the migrating VM basic details. The basic details do not include the recent clone jobs and recent cutover jobs lists.",
                             "Include everything."
                           ],
@@ -1858,7 +1858,7 @@
       }
     }
   },
-  "revision": "20211021",
+  "revision": "20211107",
   "rootUrl": "https://vmmigration.googleapis.com/",
   "schemas": {
     "AddGroupMigrationRequest": {
diff --git a/googleapiclient/discovery_cache/documents/webrisk.v1.json b/googleapiclient/discovery_cache/documents/webrisk.v1.json
index f1c38d3aabc..b2837dd11e1 100644
--- a/googleapiclient/discovery_cache/documents/webrisk.v1.json
+++ b/googleapiclient/discovery_cache/documents/webrisk.v1.json
@@ -446,7 +446,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211112",
   "rootUrl": "https://webrisk.googleapis.com/",
   "schemas": {
     "GoogleCloudWebriskV1ComputeThreatListDiffResponse": {
diff --git a/googleapiclient/discovery_cache/documents/websecurityscanner.v1.json b/googleapiclient/discovery_cache/documents/websecurityscanner.v1.json
index aa3f540ae11..514c4032412 100644
--- a/googleapiclient/discovery_cache/documents/websecurityscanner.v1.json
+++ b/googleapiclient/discovery_cache/documents/websecurityscanner.v1.json
@@ -526,7 +526,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211112",
   "rootUrl": "https://websecurityscanner.googleapis.com/",
   "schemas": {
     "Authentication": {
diff --git a/googleapiclient/discovery_cache/documents/websecurityscanner.v1alpha.json b/googleapiclient/discovery_cache/documents/websecurityscanner.v1alpha.json
index 66eb90dc420..3fae0428805 100644
--- a/googleapiclient/discovery_cache/documents/websecurityscanner.v1alpha.json
+++ b/googleapiclient/discovery_cache/documents/websecurityscanner.v1alpha.json
@@ -526,7 +526,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211112",
   "rootUrl": "https://websecurityscanner.googleapis.com/",
   "schemas": {
     "Authentication": {
diff --git a/googleapiclient/discovery_cache/documents/websecurityscanner.v1beta.json b/googleapiclient/discovery_cache/documents/websecurityscanner.v1beta.json
index 789dc42ff24..c0e7b990546 100644
--- a/googleapiclient/discovery_cache/documents/websecurityscanner.v1beta.json
+++ b/googleapiclient/discovery_cache/documents/websecurityscanner.v1beta.json
@@ -526,7 +526,7 @@
       }
     }
   },
-  "revision": "20211029",
+  "revision": "20211112",
   "rootUrl": "https://websecurityscanner.googleapis.com/",
   "schemas": {
     "Authentication": {
diff --git a/googleapiclient/discovery_cache/documents/workflowexecutions.v1.json b/googleapiclient/discovery_cache/documents/workflowexecutions.v1.json
index 51768a7d475..b39ea3bc0c1 100644
--- a/googleapiclient/discovery_cache/documents/workflowexecutions.v1.json
+++ b/googleapiclient/discovery_cache/documents/workflowexecutions.v1.json
@@ -269,7 +269,7 @@
       }
     }
   },
-  "revision": "20211102",
+  "revision": "20211108",
   "rootUrl": "https://workflowexecutions.googleapis.com/",
   "schemas": {
     "CancelExecutionRequest": {
diff --git a/googleapiclient/discovery_cache/documents/workflowexecutions.v1beta.json b/googleapiclient/discovery_cache/documents/workflowexecutions.v1beta.json
index d86e22542d0..2376a0b056c 100644
--- a/googleapiclient/discovery_cache/documents/workflowexecutions.v1beta.json
+++ b/googleapiclient/discovery_cache/documents/workflowexecutions.v1beta.json
@@ -269,7 +269,7 @@
       }
     }
   },
-  "revision": "20211102",
+  "revision": "20211108",
   "rootUrl": "https://workflowexecutions.googleapis.com/",
   "schemas": {
     "CancelExecutionRequest": {
diff --git a/googleapiclient/discovery_cache/documents/workflows.v1.json b/googleapiclient/discovery_cache/documents/workflows.v1.json
index 07bbd80f348..5610aa83d81 100644
--- a/googleapiclient/discovery_cache/documents/workflows.v1.json
+++ b/googleapiclient/discovery_cache/documents/workflows.v1.json
@@ -444,7 +444,7 @@
       }
     }
   },
-  "revision": "20211027",
+  "revision": "20211103",
   "rootUrl": "https://workflows.googleapis.com/",
   "schemas": {
     "Empty": {
diff --git a/googleapiclient/discovery_cache/documents/workflows.v1beta.json b/googleapiclient/discovery_cache/documents/workflows.v1beta.json
index 2b9ee25eab4..95c306ee930 100644
--- a/googleapiclient/discovery_cache/documents/workflows.v1beta.json
+++ b/googleapiclient/discovery_cache/documents/workflows.v1beta.json
@@ -444,7 +444,7 @@
       }
     }
   },
-  "revision": "20211027",
+  "revision": "20211103",
   "rootUrl": "https://workflows.googleapis.com/",
   "schemas": {
     "Empty": {
diff --git a/googleapiclient/discovery_cache/documents/youtube.v3.json b/googleapiclient/discovery_cache/documents/youtube.v3.json
index c0208430ea1..61e375ea344 100644
--- a/googleapiclient/discovery_cache/documents/youtube.v3.json
+++ b/googleapiclient/discovery_cache/documents/youtube.v3.json
@@ -3789,7 +3789,7 @@
       }
     }
   },
-  "revision": "20211106",
+  "revision": "20211114",
   "rootUrl": "https://youtube.googleapis.com/",
   "schemas": {
     "AbuseReport": {
diff --git a/googleapiclient/discovery_cache/documents/youtubeAnalytics.v2.json b/googleapiclient/discovery_cache/documents/youtubeAnalytics.v2.json
index 23218e27364..dfbe12b289f 100644
--- a/googleapiclient/discovery_cache/documents/youtubeAnalytics.v2.json
+++ b/googleapiclient/discovery_cache/documents/youtubeAnalytics.v2.json
@@ -421,7 +421,7 @@
       }
     }
   },
-  "revision": "20211106",
+  "revision": "20211112",
   "rootUrl": "https://youtubeanalytics.googleapis.com/",
   "schemas": {
     "EmptyResponse": {
diff --git a/googleapiclient/discovery_cache/documents/youtubereporting.v1.json b/googleapiclient/discovery_cache/documents/youtubereporting.v1.json
index fcce03b3887..73442d35045 100644
--- a/googleapiclient/discovery_cache/documents/youtubereporting.v1.json
+++ b/googleapiclient/discovery_cache/documents/youtubereporting.v1.json
@@ -411,7 +411,7 @@
       }
     }
   },
-  "revision": "20211106",
+  "revision": "20211112",
   "rootUrl": "https://youtubereporting.googleapis.com/",
   "schemas": {
     "Empty": {