diff --git a/google-cloud-security-private-ca/src/main/java/com/google/cloud/security/privateca/v1/CertificateAuthorityServiceClient.java b/google-cloud-security-private-ca/src/main/java/com/google/cloud/security/privateca/v1/CertificateAuthorityServiceClient.java index 8c15715d..b62ac85a 100644 --- a/google-cloud-security-private-ca/src/main/java/com/google/cloud/security/privateca/v1/CertificateAuthorityServiceClient.java +++ b/google-cloud-security-private-ca/src/main/java/com/google/cloud/security/privateca/v1/CertificateAuthorityServiceClient.java @@ -203,8 +203,8 @@ public final OperationsClient getOperationsClient() { * @param certificateId Optional. It must be unique within a location and match the regular * expression `[a-zA-Z0-9_-]{1,63}`. This field is required when using a * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the - * Enterprise [CaPool.Tier][google.cloud.security.privateca.v1.CaPool.Tier], but is optional - * and its value is ignored otherwise. + * Enterprise [CertificateAuthority.Tier][], but is optional and its value is ignored + * otherwise. * @throws com.google.api.gax.rpc.ApiException if the remote call fails */ public final Certificate createCertificate( @@ -245,8 +245,8 @@ public final Certificate createCertificate( * @param certificateId Optional. It must be unique within a location and match the regular * expression `[a-zA-Z0-9_-]{1,63}`. This field is required when using a * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the - * Enterprise [CaPool.Tier][google.cloud.security.privateca.v1.CaPool.Tier], but is optional - * and its value is ignored otherwise. + * Enterprise [CertificateAuthority.Tier][], but is optional and its value is ignored + * otherwise. * @throws com.google.api.gax.rpc.ApiException if the remote call fails */ public final Certificate createCertificate( diff --git a/grpc-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateAuthorityServiceGrpc.java b/grpc-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateAuthorityServiceGrpc.java index eee77a08..5f769138 100644 --- a/grpc-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateAuthorityServiceGrpc.java +++ b/grpc-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateAuthorityServiceGrpc.java @@ -21,9 +21,8 @@ * * * 
- * [Certificate Authority
- * Service][google.cloud.security.privateca.v1.CertificateAuthorityService]
- * manages private certificate authorities and issued certificates.
+ * [Certificate Authority Service][google.cloud.security.privateca.v1.CertificateAuthorityService] manages private
+ * certificate authorities and issued certificates.
  *
*/ @javax.annotation.Generated( @@ -1572,9 +1571,8 @@ public CertificateAuthorityServiceFutureStub newStub( * * * 
-   * [Certificate Authority
-   * Service][google.cloud.security.privateca.v1.CertificateAuthorityService]
-   * manages private certificate authorities and issued certificates.
+   * [Certificate Authority Service][google.cloud.security.privateca.v1.CertificateAuthorityService] manages private
+   * certificate authorities and issued certificates.
    *
*/ public abstract static class CertificateAuthorityServiceImplBase @@ -1584,8 +1582,7 @@ public abstract static class CertificateAuthorityServiceImplBase * * * 
-     * Create a new [Certificate][google.cloud.security.privateca.v1.Certificate]
-     * in a given Project, Location from a particular
+     * Create a new [Certificate][google.cloud.security.privateca.v1.Certificate] in a given Project, Location from a particular
      * [CaPool][google.cloud.security.privateca.v1.CaPool].
      *
*/ @@ -1646,8 +1643,7 @@ public void revokeCertificate( * * * 
-     * Update a [Certificate][google.cloud.security.privateca.v1.Certificate].
-     * Currently, the only field you can update is the
+     * Update a [Certificate][google.cloud.security.privateca.v1.Certificate]. Currently, the only field you can update is the
      * [labels][google.cloud.security.privateca.v1.Certificate.labels] field.
      *
*/ @@ -1663,16 +1659,12 @@ public void updateCertificate( * * * 
-     * Activate a
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * that is in state
+     * Activate a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that is in state
      * [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
-     * and is of type
-     * [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
-     * After the parent Certificate Authority signs a certificate signing request
-     * from
-     * [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr],
-     * this method can complete the activation process.
+     * and is of type [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. After
+     * the parent Certificate Authority signs a certificate signing request from
+     * [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr], this method can complete the activation
+     * process.
      *
*/ public void activateCertificateAuthority( @@ -1686,9 +1678,7 @@ public void activateCertificateAuthority( * * * 
-     * Create a new
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * in a given Project and Location.
+     * Create a new [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in a given Project and Location.
      *
*/ public void createCertificateAuthority( @@ -1702,8 +1692,7 @@ public void createCertificateAuthority( * * * 
-     * Disable a
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * Disable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
      *
*/ public void disableCertificateAuthority( @@ -1717,8 +1706,7 @@ public void disableCertificateAuthority( * * * 
-     * Enable a
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * Enable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
      *
*/ public void enableCertificateAuthority( @@ -1732,17 +1720,13 @@ public void enableCertificateAuthority( * * * 
-     * Fetch a certificate signing request (CSR) from a
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * Fetch a certificate signing request (CSR) from a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
      * that is in state
      * [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
-     * and is of type
-     * [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
-     * The CSR must then be signed by the desired parent Certificate Authority,
-     * which could be another
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * resource, or could be an on-prem certificate authority. See also
-     * [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
+     * and is of type [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. The
+     * CSR must then be signed by the desired parent Certificate Authority, which
+     * could be another [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] resource, or could be an on-prem
+     * certificate authority. See also [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
      *
*/ public void fetchCertificateAuthorityCsr( @@ -1758,8 +1742,7 @@ public void fetchCertificateAuthorityCsr( * * * 
-     * Returns a
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * Returns a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
      *
*/ public void getCertificateAuthority( @@ -1774,8 +1757,7 @@ public void getCertificateAuthority( * * * 
-     * Lists
-     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+     * Lists [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
      *
*/ public void listCertificateAuthorities( @@ -1791,9 +1773,7 @@ public void listCertificateAuthorities( * * * 
-     * Undelete a
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * that has been deleted.
+     * Undelete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that has been deleted.
      *
*/ public void undeleteCertificateAuthority( @@ -1807,8 +1787,7 @@ public void undeleteCertificateAuthority( * * * 
-     * Delete a
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * Delete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
      *
*/ public void deleteCertificateAuthority( @@ -1822,8 +1801,7 @@ public void deleteCertificateAuthority( * * * 
-     * Update a
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * Update a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
      *
*/ public void updateCertificateAuthority( @@ -1908,10 +1886,8 @@ public void deleteCaPool( * * * 
-     * FetchCaCerts returns the current trust anchor for the
-     * [CaPool][google.cloud.security.privateca.v1.CaPool]. This will include CA
-     * certificate chains for all ACTIVE
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * FetchCaCerts returns the current trust anchor for the [CaPool][google.cloud.security.privateca.v1.CaPool]. This will
+     * include CA certificate chains for all ACTIVE [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
      * resources in the [CaPool][google.cloud.security.privateca.v1.CaPool].
      *
*/ @@ -1927,8 +1903,7 @@ public void fetchCaCerts( * * * 
-     * Returns a
-     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * Returns a [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
      *
*/ public void getCertificateRevocationList( @@ -1944,8 +1919,7 @@ public void getCertificateRevocationList( * * * 
-     * Lists
-     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * Lists [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
      *
*/ public void listCertificateRevocationLists( @@ -1961,8 +1935,7 @@ public void listCertificateRevocationLists( * * * 
-     * Update a
-     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * Update a [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
      *
*/ public void updateCertificateRevocationList( @@ -1976,9 +1949,7 @@ public void updateCertificateRevocationList( * * * 
-     * Create a new
-     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
-     * in a given Project and Location.
+     * Create a new [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in a given Project and Location.
      *
*/ public void createCertificateTemplate( @@ -1992,8 +1963,7 @@ public void createCertificateTemplate( * * * 
-     * DeleteCertificateTemplate deletes a
-     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+     * DeleteCertificateTemplate deletes a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
      *
*/ public void deleteCertificateTemplate( @@ -2007,8 +1977,7 @@ public void deleteCertificateTemplate( * * * 
-     * Returns a
-     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+     * Returns a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
      *
*/ public void getCertificateTemplate( @@ -2023,8 +1992,7 @@ public void getCertificateTemplate( * * * 
-     * Lists
-     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+     * Lists [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
      *
*/ public void listCertificateTemplates( @@ -2040,8 +2008,7 @@ public void listCertificateTemplates( * * * 
-     * Update a
-     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+     * Update a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
      *
*/ public void updateCertificateTemplate( @@ -2262,9 +2229,8 @@ public final io.grpc.ServerServiceDefinition bindService() { * * * 
-   * [Certificate Authority
-   * Service][google.cloud.security.privateca.v1.CertificateAuthorityService]
-   * manages private certificate authorities and issued certificates.
+   * [Certificate Authority Service][google.cloud.security.privateca.v1.CertificateAuthorityService] manages private
+   * certificate authorities and issued certificates.
    *
*/ public static final class CertificateAuthorityServiceStub @@ -2284,8 +2250,7 @@ protected CertificateAuthorityServiceStub build( * * * 
-     * Create a new [Certificate][google.cloud.security.privateca.v1.Certificate]
-     * in a given Project, Location from a particular
+     * Create a new [Certificate][google.cloud.security.privateca.v1.Certificate] in a given Project, Location from a particular
      * [CaPool][google.cloud.security.privateca.v1.CaPool].
      *
*/ @@ -2354,8 +2319,7 @@ public void revokeCertificate( * * * 
-     * Update a [Certificate][google.cloud.security.privateca.v1.Certificate].
-     * Currently, the only field you can update is the
+     * Update a [Certificate][google.cloud.security.privateca.v1.Certificate]. Currently, the only field you can update is the
      * [labels][google.cloud.security.privateca.v1.Certificate.labels] field.
      *
*/ @@ -2373,16 +2337,12 @@ public void updateCertificate( * * * 
-     * Activate a
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * that is in state
+     * Activate a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that is in state
      * [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
-     * and is of type
-     * [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
-     * After the parent Certificate Authority signs a certificate signing request
-     * from
-     * [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr],
-     * this method can complete the activation process.
+     * and is of type [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. After
+     * the parent Certificate Authority signs a certificate signing request from
+     * [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr], this method can complete the activation
+     * process.
      *
*/ public void activateCertificateAuthority( @@ -2398,9 +2358,7 @@ public void activateCertificateAuthority( * * * 
-     * Create a new
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * in a given Project and Location.
+     * Create a new [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in a given Project and Location.
      *
*/ public void createCertificateAuthority( @@ -2416,8 +2374,7 @@ public void createCertificateAuthority( * * * 
-     * Disable a
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * Disable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
      *
*/ public void disableCertificateAuthority( @@ -2433,8 +2390,7 @@ public void disableCertificateAuthority( * * * 
-     * Enable a
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * Enable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
      *
*/ public void enableCertificateAuthority( @@ -2450,17 +2406,13 @@ public void enableCertificateAuthority( * * * 
-     * Fetch a certificate signing request (CSR) from a
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * Fetch a certificate signing request (CSR) from a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
      * that is in state
      * [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
-     * and is of type
-     * [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
-     * The CSR must then be signed by the desired parent Certificate Authority,
-     * which could be another
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * resource, or could be an on-prem certificate authority. See also
-     * [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
+     * and is of type [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. The
+     * CSR must then be signed by the desired parent Certificate Authority, which
+     * could be another [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] resource, or could be an on-prem
+     * certificate authority. See also [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
      *
*/ public void fetchCertificateAuthorityCsr( @@ -2478,8 +2430,7 @@ public void fetchCertificateAuthorityCsr( * * * 
-     * Returns a
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * Returns a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
      *
*/ public void getCertificateAuthority( @@ -2496,8 +2447,7 @@ public void getCertificateAuthority( * * * 
-     * Lists
-     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+     * Lists [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
      *
*/ public void listCertificateAuthorities( @@ -2515,9 +2465,7 @@ public void listCertificateAuthorities( * * * 
-     * Undelete a
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * that has been deleted.
+     * Undelete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that has been deleted.
      *
*/ public void undeleteCertificateAuthority( @@ -2533,8 +2481,7 @@ public void undeleteCertificateAuthority( * * * 
-     * Delete a
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * Delete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
      *
*/ public void deleteCertificateAuthority( @@ -2550,8 +2497,7 @@ public void deleteCertificateAuthority( * * * 
-     * Update a
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * Update a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
      *
*/ public void updateCertificateAuthority( @@ -2647,10 +2593,8 @@ public void deleteCaPool( * * * 
-     * FetchCaCerts returns the current trust anchor for the
-     * [CaPool][google.cloud.security.privateca.v1.CaPool]. This will include CA
-     * certificate chains for all ACTIVE
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * FetchCaCerts returns the current trust anchor for the [CaPool][google.cloud.security.privateca.v1.CaPool]. This will
+     * include CA certificate chains for all ACTIVE [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
      * resources in the [CaPool][google.cloud.security.privateca.v1.CaPool].
      *
*/ @@ -2668,8 +2612,7 @@ public void fetchCaCerts( * * * 
-     * Returns a
-     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * Returns a [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
      *
*/ public void getCertificateRevocationList( @@ -2687,8 +2630,7 @@ public void getCertificateRevocationList( * * * 
-     * Lists
-     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * Lists [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
      *
*/ public void listCertificateRevocationLists( @@ -2706,8 +2648,7 @@ public void listCertificateRevocationLists( * * * 
-     * Update a
-     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * Update a [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
      *
*/ public void updateCertificateRevocationList( @@ -2723,9 +2664,7 @@ public void updateCertificateRevocationList( * * * 
-     * Create a new
-     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
-     * in a given Project and Location.
+     * Create a new [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in a given Project and Location.
      *
*/ public void createCertificateTemplate( @@ -2741,8 +2680,7 @@ public void createCertificateTemplate( * * * 
-     * DeleteCertificateTemplate deletes a
-     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+     * DeleteCertificateTemplate deletes a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
      *
*/ public void deleteCertificateTemplate( @@ -2758,8 +2696,7 @@ public void deleteCertificateTemplate( * * * 
-     * Returns a
-     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+     * Returns a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
      *
*/ public void getCertificateTemplate( @@ -2776,8 +2713,7 @@ public void getCertificateTemplate( * * * 
-     * Lists
-     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+     * Lists [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
      *
*/ public void listCertificateTemplates( @@ -2795,8 +2731,7 @@ public void listCertificateTemplates( * * * 
-     * Update a
-     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+     * Update a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
      *
*/ public void updateCertificateTemplate( @@ -2813,9 +2748,8 @@ public void updateCertificateTemplate( * * * 
-   * [Certificate Authority
-   * Service][google.cloud.security.privateca.v1.CertificateAuthorityService]
-   * manages private certificate authorities and issued certificates.
+   * [Certificate Authority Service][google.cloud.security.privateca.v1.CertificateAuthorityService] manages private
+   * certificate authorities and issued certificates.
    *
*/ public static final class CertificateAuthorityServiceBlockingStub @@ -2835,8 +2769,7 @@ protected CertificateAuthorityServiceBlockingStub build( * * * 
-     * Create a new [Certificate][google.cloud.security.privateca.v1.Certificate]
-     * in a given Project, Location from a particular
+     * Create a new [Certificate][google.cloud.security.privateca.v1.Certificate] in a given Project, Location from a particular
      * [CaPool][google.cloud.security.privateca.v1.CaPool].
      *
*/ @@ -2889,8 +2822,7 @@ public com.google.cloud.security.privateca.v1.Certificate revokeCertificate( * * * 
-     * Update a [Certificate][google.cloud.security.privateca.v1.Certificate].
-     * Currently, the only field you can update is the
+     * Update a [Certificate][google.cloud.security.privateca.v1.Certificate]. Currently, the only field you can update is the
      * [labels][google.cloud.security.privateca.v1.Certificate.labels] field.
      *
*/ @@ -2904,16 +2836,12 @@ public com.google.cloud.security.privateca.v1.Certificate updateCertificate( * * * 
-     * Activate a
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * that is in state
+     * Activate a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that is in state
      * [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
-     * and is of type
-     * [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
-     * After the parent Certificate Authority signs a certificate signing request
-     * from
-     * [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr],
-     * this method can complete the activation process.
+     * and is of type [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. After
+     * the parent Certificate Authority signs a certificate signing request from
+     * [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr], this method can complete the activation
+     * process.
      *
*/ public com.google.longrunning.Operation activateCertificateAuthority( @@ -2926,9 +2854,7 @@ public com.google.longrunning.Operation activateCertificateAuthority( * * * 
-     * Create a new
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * in a given Project and Location.
+     * Create a new [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in a given Project and Location.
      *
*/ public com.google.longrunning.Operation createCertificateAuthority( @@ -2941,8 +2867,7 @@ public com.google.longrunning.Operation createCertificateAuthority( * * * 
-     * Disable a
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * Disable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
      *
*/ public com.google.longrunning.Operation disableCertificateAuthority( @@ -2955,8 +2880,7 @@ public com.google.longrunning.Operation disableCertificateAuthority( * * * 
-     * Enable a
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * Enable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
      *
*/ public com.google.longrunning.Operation enableCertificateAuthority( @@ -2969,17 +2893,13 @@ public com.google.longrunning.Operation enableCertificateAuthority( * * * 
-     * Fetch a certificate signing request (CSR) from a
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * Fetch a certificate signing request (CSR) from a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
      * that is in state
      * [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
-     * and is of type
-     * [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
-     * The CSR must then be signed by the desired parent Certificate Authority,
-     * which could be another
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * resource, or could be an on-prem certificate authority. See also
-     * [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
+     * and is of type [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. The
+     * CSR must then be signed by the desired parent Certificate Authority, which
+     * could be another [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] resource, or could be an on-prem
+     * certificate authority. See also [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
      *
*/ public com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse @@ -2993,8 +2913,7 @@ public com.google.longrunning.Operation enableCertificateAuthority( * * * 
-     * Returns a
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * Returns a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
      *
*/ public com.google.cloud.security.privateca.v1.CertificateAuthority getCertificateAuthority( @@ -3007,8 +2926,7 @@ public com.google.cloud.security.privateca.v1.CertificateAuthority getCertificat * * * 
-     * Lists
-     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+     * Lists [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
      *
*/ public com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse @@ -3022,9 +2940,7 @@ public com.google.cloud.security.privateca.v1.CertificateAuthority getCertificat * * * 
-     * Undelete a
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * that has been deleted.
+     * Undelete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that has been deleted.
      *
*/ public com.google.longrunning.Operation undeleteCertificateAuthority( @@ -3037,8 +2953,7 @@ public com.google.longrunning.Operation undeleteCertificateAuthority( * * * 
-     * Delete a
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * Delete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
      *
*/ public com.google.longrunning.Operation deleteCertificateAuthority( @@ -3051,8 +2966,7 @@ public com.google.longrunning.Operation deleteCertificateAuthority( * * * 
-     * Update a
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * Update a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
      *
*/ public com.google.longrunning.Operation updateCertificateAuthority( @@ -3130,10 +3044,8 @@ public com.google.longrunning.Operation deleteCaPool( * * * 
-     * FetchCaCerts returns the current trust anchor for the
-     * [CaPool][google.cloud.security.privateca.v1.CaPool]. This will include CA
-     * certificate chains for all ACTIVE
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * FetchCaCerts returns the current trust anchor for the [CaPool][google.cloud.security.privateca.v1.CaPool]. This will
+     * include CA certificate chains for all ACTIVE [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
      * resources in the [CaPool][google.cloud.security.privateca.v1.CaPool].
      *
*/ @@ -3147,8 +3059,7 @@ public com.google.cloud.security.privateca.v1.FetchCaCertsResponse fetchCaCerts( * * * 
-     * Returns a
-     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * Returns a [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
      *
*/ public com.google.cloud.security.privateca.v1.CertificateRevocationList @@ -3162,8 +3073,7 @@ public com.google.cloud.security.privateca.v1.FetchCaCertsResponse fetchCaCerts( * * * 
-     * Lists
-     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * Lists [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
      *
*/ public com.google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse @@ -3177,8 +3087,7 @@ public com.google.cloud.security.privateca.v1.FetchCaCertsResponse fetchCaCerts( * * * 
-     * Update a
-     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * Update a [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
      *
*/ public com.google.longrunning.Operation updateCertificateRevocationList( @@ -3191,9 +3100,7 @@ public com.google.longrunning.Operation updateCertificateRevocationList( * * * 
-     * Create a new
-     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
-     * in a given Project and Location.
+     * Create a new [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in a given Project and Location.
      *
*/ public com.google.longrunning.Operation createCertificateTemplate( @@ -3206,8 +3113,7 @@ public com.google.longrunning.Operation createCertificateTemplate( * * * 
-     * DeleteCertificateTemplate deletes a
-     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+     * DeleteCertificateTemplate deletes a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
      *
*/ public com.google.longrunning.Operation deleteCertificateTemplate( @@ -3220,8 +3126,7 @@ public com.google.longrunning.Operation deleteCertificateTemplate( * * * 
-     * Returns a
-     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+     * Returns a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
      *
*/ public com.google.cloud.security.privateca.v1.CertificateTemplate getCertificateTemplate( @@ -3234,8 +3139,7 @@ public com.google.cloud.security.privateca.v1.CertificateTemplate getCertificate * * * 
-     * Lists
-     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+     * Lists [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
      *
*/ public com.google.cloud.security.privateca.v1.ListCertificateTemplatesResponse @@ -3249,8 +3153,7 @@ public com.google.cloud.security.privateca.v1.CertificateTemplate getCertificate * * * 
-     * Update a
-     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+     * Update a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
      *
*/ public com.google.longrunning.Operation updateCertificateTemplate( @@ -3264,9 +3167,8 @@ public com.google.longrunning.Operation updateCertificateTemplate( * * * 
-   * [Certificate Authority
-   * Service][google.cloud.security.privateca.v1.CertificateAuthorityService]
-   * manages private certificate authorities and issued certificates.
+   * [Certificate Authority Service][google.cloud.security.privateca.v1.CertificateAuthorityService] manages private
+   * certificate authorities and issued certificates.
    *
*/ public static final class CertificateAuthorityServiceFutureStub @@ -3286,8 +3188,7 @@ protected CertificateAuthorityServiceFutureStub build( * * * 
-     * Create a new [Certificate][google.cloud.security.privateca.v1.Certificate]
-     * in a given Project, Location from a particular
+     * Create a new [Certificate][google.cloud.security.privateca.v1.Certificate] in a given Project, Location from a particular
      * [CaPool][google.cloud.security.privateca.v1.CaPool].
      *
*/ @@ -3344,8 +3245,7 @@ protected CertificateAuthorityServiceFutureStub build( * * * 
-     * Update a [Certificate][google.cloud.security.privateca.v1.Certificate].
-     * Currently, the only field you can update is the
+     * Update a [Certificate][google.cloud.security.privateca.v1.Certificate]. Currently, the only field you can update is the
      * [labels][google.cloud.security.privateca.v1.Certificate.labels] field.
      *
*/ @@ -3360,16 +3260,12 @@ protected CertificateAuthorityServiceFutureStub build( * * * 
-     * Activate a
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * that is in state
+     * Activate a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that is in state
      * [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
-     * and is of type
-     * [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
-     * After the parent Certificate Authority signs a certificate signing request
-     * from
-     * [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr],
-     * this method can complete the activation process.
+     * and is of type [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. After
+     * the parent Certificate Authority signs a certificate signing request from
+     * [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr], this method can complete the activation
+     * process.
      *
*/ public com.google.common.util.concurrent.ListenableFuture @@ -3383,9 +3279,7 @@ protected CertificateAuthorityServiceFutureStub build( * * * 
-     * Create a new
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * in a given Project and Location.
+     * Create a new [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in a given Project and Location.
      *
*/ public com.google.common.util.concurrent.ListenableFuture @@ -3399,8 +3293,7 @@ protected CertificateAuthorityServiceFutureStub build( * * * 
-     * Disable a
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * Disable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
      *
*/ public com.google.common.util.concurrent.ListenableFuture @@ -3414,8 +3307,7 @@ protected CertificateAuthorityServiceFutureStub build( * * * 
-     * Enable a
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * Enable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
      *
*/ public com.google.common.util.concurrent.ListenableFuture @@ -3429,17 +3321,13 @@ protected CertificateAuthorityServiceFutureStub build( * * * 
-     * Fetch a certificate signing request (CSR) from a
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * Fetch a certificate signing request (CSR) from a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
      * that is in state
      * [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
-     * and is of type
-     * [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
-     * The CSR must then be signed by the desired parent Certificate Authority,
-     * which could be another
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * resource, or could be an on-prem certificate authority. See also
-     * [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
+     * and is of type [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. The
+     * CSR must then be signed by the desired parent Certificate Authority, which
+     * could be another [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] resource, or could be an on-prem
+     * certificate authority. See also [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
      *
*/ public com.google.common.util.concurrent.ListenableFuture< @@ -3454,8 +3342,7 @@ protected CertificateAuthorityServiceFutureStub build( * * * 
-     * Returns a
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * Returns a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
      *
*/ public com.google.common.util.concurrent.ListenableFuture< @@ -3470,8 +3357,7 @@ protected CertificateAuthorityServiceFutureStub build( * * * 
-     * Lists
-     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+     * Lists [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
      *
*/ public com.google.common.util.concurrent.ListenableFuture< @@ -3486,9 +3372,7 @@ protected CertificateAuthorityServiceFutureStub build( * * * 
-     * Undelete a
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * that has been deleted.
+     * Undelete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that has been deleted.
      *
*/ public com.google.common.util.concurrent.ListenableFuture @@ -3502,8 +3386,7 @@ protected CertificateAuthorityServiceFutureStub build( * * * 
-     * Delete a
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * Delete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
      *
*/ public com.google.common.util.concurrent.ListenableFuture @@ -3517,8 +3400,7 @@ protected CertificateAuthorityServiceFutureStub build( * * * 
-     * Update a
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * Update a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
      *
*/ public com.google.common.util.concurrent.ListenableFuture @@ -3599,10 +3481,8 @@ protected CertificateAuthorityServiceFutureStub build( * * * 
-     * FetchCaCerts returns the current trust anchor for the
-     * [CaPool][google.cloud.security.privateca.v1.CaPool]. This will include CA
-     * certificate chains for all ACTIVE
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * FetchCaCerts returns the current trust anchor for the [CaPool][google.cloud.security.privateca.v1.CaPool]. This will
+     * include CA certificate chains for all ACTIVE [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
      * resources in the [CaPool][google.cloud.security.privateca.v1.CaPool].
      *
*/ @@ -3617,8 +3497,7 @@ protected CertificateAuthorityServiceFutureStub build( * * * 
-     * Returns a
-     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * Returns a [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
      *
*/ public com.google.common.util.concurrent.ListenableFuture< @@ -3633,8 +3512,7 @@ protected CertificateAuthorityServiceFutureStub build( * * * 
-     * Lists
-     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * Lists [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
      *
*/ public com.google.common.util.concurrent.ListenableFuture< @@ -3650,8 +3528,7 @@ protected CertificateAuthorityServiceFutureStub build( * * * 
-     * Update a
-     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * Update a [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
      *
*/ public com.google.common.util.concurrent.ListenableFuture @@ -3666,9 +3543,7 @@ protected CertificateAuthorityServiceFutureStub build( * * * 
-     * Create a new
-     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
-     * in a given Project and Location.
+     * Create a new [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in a given Project and Location.
      *
*/ public com.google.common.util.concurrent.ListenableFuture @@ -3682,8 +3557,7 @@ protected CertificateAuthorityServiceFutureStub build( * * * 
-     * DeleteCertificateTemplate deletes a
-     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+     * DeleteCertificateTemplate deletes a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
      *
*/ public com.google.common.util.concurrent.ListenableFuture @@ -3697,8 +3571,7 @@ protected CertificateAuthorityServiceFutureStub build( * * * 
-     * Returns a
-     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+     * Returns a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
      *
*/ public com.google.common.util.concurrent.ListenableFuture< @@ -3713,8 +3586,7 @@ protected CertificateAuthorityServiceFutureStub build( * * * 
-     * Lists
-     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+     * Lists [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
      *
*/ public com.google.common.util.concurrent.ListenableFuture< @@ -3729,8 +3601,7 @@ protected CertificateAuthorityServiceFutureStub build( * * * 
-     * Update a
-     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+     * Update a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
      *
*/ public com.google.common.util.concurrent.ListenableFuture diff --git a/proto-google-cloud-security-private-ca-v1/clirr-ignored-differences.xml b/proto-google-cloud-security-private-ca-v1/clirr-ignored-differences.xml index 8d53cdbe..8b3eff22 100644 --- a/proto-google-cloud-security-private-ca-v1/clirr-ignored-differences.xml +++ b/proto-google-cloud-security-private-ca-v1/clirr-ignored-differences.xml @@ -16,4 +16,30 @@ com/google/cloud/security/privateca/v1/*OrBuilder boolean has*(*) + + 7006 + com/google/cloud/security/privateca/v1/CaPool* + * getEllipticCurve*(*) + com.google.cloud.security.privateca.v1.CaPool$IssuancePolicy$AllowedKeyType$EcKeyType + + + 7005 + com/google/cloud/security/privateca/v1/CaPool$IssuancePolicy$AllowedKeyType$Builder + * setEllipticCurve(*) + * setEllipticCurve(*) + + + 7002 + com/google/cloud/security/privateca/v1/CaPool* + * getEllipticCurve*(*) + + + 7002 + com/google/cloud/security/privateca/v1/CaPool* + * setEllipticCurve*(*) + + + 8001 + com/google/cloud/security/privateca/v1/CaPool$IssuancePolicy$AllowedKeyType$NamedCurve + diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ActivateCertificateAuthorityRequest.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ActivateCertificateAuthorityRequest.java index e6908030..28c0a744 100644 --- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ActivateCertificateAuthorityRequest.java +++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ActivateCertificateAuthorityRequest.java @@ -154,9 +154,8 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() { * * * 
-   * Required. The resource name for this
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-   * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+   * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+   * format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
    *
* * @@ -181,9 +180,8 @@ public java.lang.String getName() { * * * 
-   * Required. The resource name for this
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-   * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+   * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+   * format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
    *
* * @@ -262,8 +260,8 @@ public com.google.protobuf.ByteString getPemCaCertificateBytes() { * * * 
-   * Required. Must include information about the issuer of
-   * 'pem_ca_certificate', and any further issuers until the self-signed CA.
+   * Required. Must include information about the issuer of 'pem_ca_certificate', and any
+   * further issuers until the self-signed CA.
    *
* * @@ -280,8 +278,8 @@ public boolean hasSubordinateConfig() { * * * 
-   * Required. Must include information about the issuer of
-   * 'pem_ca_certificate', and any further issuers until the self-signed CA.
+   * Required. Must include information about the issuer of 'pem_ca_certificate', and any
+   * further issuers until the self-signed CA.
    *
* * @@ -300,8 +298,8 @@ public com.google.cloud.security.privateca.v1.SubordinateConfig getSubordinateCo * * * 
-   * Required. Must include information about the issuer of
-   * 'pem_ca_certificate', and any further issuers until the self-signed CA.
+   * Required. Must include information about the issuer of 'pem_ca_certificate', and any
+   * further issuers until the self-signed CA.
    *
* * @@ -320,10 +318,10 @@ public com.google.cloud.security.privateca.v1.SubordinateConfig getSubordinateCo * * * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
@@ -353,10 +351,10 @@ public java.lang.String getRequestId() {
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
@@ -787,9 +785,8 @@ public Builder mergeFrom(
      *
      *
      * 
-     * Required. The resource name for this
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+     * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+     * format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
      * 

      *
      * 
@@ -813,9 +810,8 @@ public java.lang.String getName() {
      *
      *
      * 
-     * Required. The resource name for this
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+     * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+     * format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
      * 

      *
      * 
@@ -839,9 +835,8 @@ public com.google.protobuf.ByteString getNameBytes() {
      *
      *
      * 
-     * Required. The resource name for this
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+     * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+     * format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
      * 

      *
      * 
@@ -864,9 +859,8 @@ public Builder setName(java.lang.String value) {
      *
      *
      * 
-     * Required. The resource name for this
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+     * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+     * format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
      * 

      *
      * 
@@ -885,9 +879,8 @@ public Builder clearName() {
      *
      *
      * 
-     * Required. The resource name for this
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+     * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+     * format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
      * 

      *
      * 
@@ -1029,8 +1022,8 @@ public Builder setPemCaCertificateBytes(com.google.protobuf.ByteString value) {
      *
      *
      * 
-     * Required. Must include information about the issuer of
-     * 'pem_ca_certificate', and any further issuers until the self-signed CA.
+     * Required. Must include information about the issuer of 'pem_ca_certificate', and any
+     * further issuers until the self-signed CA.
      * 

      *
      * 
@@ -1046,8 +1039,8 @@ public boolean hasSubordinateConfig() {
      *
      *
      * 
-     * Required. Must include information about the issuer of
-     * 'pem_ca_certificate', and any further issuers until the self-signed CA.
+     * Required. Must include information about the issuer of 'pem_ca_certificate', and any
+     * further issuers until the self-signed CA.
      * 

      *
      * 
@@ -1069,8 +1062,8 @@ public com.google.cloud.security.privateca.v1.SubordinateConfig getSubordinateCo
      *
      *
      * 
-     * Required. Must include information about the issuer of
-     * 'pem_ca_certificate', and any further issuers until the self-signed CA.
+     * Required. Must include information about the issuer of 'pem_ca_certificate', and any
+     * further issuers until the self-signed CA.
      * 

      *
      * 
@@ -1095,8 +1088,8 @@ public Builder setSubordinateConfig(
      *
      *
      * 
-     * Required. Must include information about the issuer of
-     * 'pem_ca_certificate', and any further issuers until the self-signed CA.
+     * Required. Must include information about the issuer of 'pem_ca_certificate', and any
+     * further issuers until the self-signed CA.
      * 

      *
      * 
@@ -1118,8 +1111,8 @@ public Builder setSubordinateConfig(
      *
      *
      * 
-     * Required. Must include information about the issuer of
-     * 'pem_ca_certificate', and any further issuers until the self-signed CA.
+     * Required. Must include information about the issuer of 'pem_ca_certificate', and any
+     * further issuers until the self-signed CA.
      * 

      *
      * 
@@ -1149,8 +1142,8 @@ public Builder mergeSubordinateConfig(
      *
      *
      * 
-     * Required. Must include information about the issuer of
-     * 'pem_ca_certificate', and any further issuers until the self-signed CA.
+     * Required. Must include information about the issuer of 'pem_ca_certificate', and any
+     * further issuers until the self-signed CA.
      * 

      *
      * 
@@ -1172,8 +1165,8 @@ public Builder clearSubordinateConfig() {
      *
      *
      * 
-     * Required. Must include information about the issuer of
-     * 'pem_ca_certificate', and any further issuers until the self-signed CA.
+     * Required. Must include information about the issuer of 'pem_ca_certificate', and any
+     * further issuers until the self-signed CA.
      * 

      *
      * 
@@ -1190,8 +1183,8 @@ public Builder clearSubordinateConfig() {
      *
      *
      * 
-     * Required. Must include information about the issuer of
-     * 'pem_ca_certificate', and any further issuers until the self-signed CA.
+     * Required. Must include information about the issuer of 'pem_ca_certificate', and any
+     * further issuers until the self-signed CA.
      * 

      *
      * 
@@ -1212,8 +1205,8 @@ public Builder clearSubordinateConfig() {
      *
      *
      * 
-     * Required. Must include information about the issuer of
-     * 'pem_ca_certificate', and any further issuers until the self-signed CA.
+     * Required. Must include information about the issuer of 'pem_ca_certificate', and any
+     * further issuers until the self-signed CA.
      * 

      *
      * 
@@ -1242,10 +1235,10 @@ public Builder clearSubordinateConfig() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -1274,10 +1267,10 @@ public java.lang.String getRequestId() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -1306,10 +1299,10 @@ public com.google.protobuf.ByteString getRequestIdBytes() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -1337,10 +1330,10 @@ public Builder setRequestId(java.lang.String value) {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -1364,10 +1357,10 @@ public Builder clearRequestId() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ActivateCertificateAuthorityRequestOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ActivateCertificateAuthorityRequestOrBuilder.java
index 7747b9dc..afa75fdf 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ActivateCertificateAuthorityRequestOrBuilder.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ActivateCertificateAuthorityRequestOrBuilder.java
@@ -27,9 +27,8 @@ public interface ActivateCertificateAuthorityRequestOrBuilder
    *
    *
    * 
-   * Required. The resource name for this
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-   * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+   * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+   * format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
    * 

    *
    * 
@@ -43,9 +42,8 @@ public interface ActivateCertificateAuthorityRequestOrBuilder
    *
    *
    * 
-   * Required. The resource name for this
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-   * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+   * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+   * format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
    * 

    *
    * 
@@ -87,8 +85,8 @@ public interface ActivateCertificateAuthorityRequestOrBuilder
    *
    *
    * 
-   * Required. Must include information about the issuer of
-   * 'pem_ca_certificate', and any further issuers until the self-signed CA.
+   * Required. Must include information about the issuer of 'pem_ca_certificate', and any
+   * further issuers until the self-signed CA.
    * 

    *
    * 
@@ -102,8 +100,8 @@ public interface ActivateCertificateAuthorityRequestOrBuilder
    *
    *
    * 
-   * Required. Must include information about the issuer of
-   * 'pem_ca_certificate', and any further issuers until the self-signed CA.
+   * Required. Must include information about the issuer of 'pem_ca_certificate', and any
+   * further issuers until the self-signed CA.
    * 

    *
    * 
@@ -117,8 +115,8 @@ public interface ActivateCertificateAuthorityRequestOrBuilder
    *
    *
    * 
-   * Required. Must include information about the issuer of
-   * 'pem_ca_certificate', and any further issuers until the self-signed CA.
+   * Required. Must include information about the issuer of 'pem_ca_certificate', and any
+   * further issuers until the self-signed CA.
    * 

    *
    * 
@@ -131,10 +129,10 @@ public interface ActivateCertificateAuthorityRequestOrBuilder
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
@@ -153,10 +151,10 @@ public interface ActivateCertificateAuthorityRequestOrBuilder
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CaPool.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CaPool.java
index cd40aefc..22262c89 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CaPool.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CaPool.java
@@ -1672,7 +1672,7 @@ public interface AllowedKeyTypeOrBuilder
        * 

        *
        * 
-       * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.NamedCurve elliptic_curve = 2;
+       * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType elliptic_curve = 2;
        * 
        *
        * @return Whether the ellipticCurve field is set.
@@ -1686,12 +1686,13 @@ public interface AllowedKeyTypeOrBuilder
        * 

        *
        * 
-       * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.NamedCurve elliptic_curve = 2;
+       * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType elliptic_curve = 2;
        * 
        *
-       * @return The enum numeric value on the wire for ellipticCurve.
+       * @return The ellipticCurve.
        */
-      int getEllipticCurveValue();
+      com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType
+          getEllipticCurve();
       /**
        *
        *
@@ -1700,13 +1701,11 @@ public interface AllowedKeyTypeOrBuilder
        * 

        *
        * 
-       * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.NamedCurve elliptic_curve = 2;
+       * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType elliptic_curve = 2;
        * 
-       *
-       * @return The ellipticCurve.
        */
-      com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.NamedCurve
-          getEllipticCurve();
+      com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyTypeOrBuilder
+          getEllipticCurveOrBuilder();
 
       public com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.KeyTypeCase
           getKeyTypeCase();
@@ -1792,11 +1791,31 @@ private AllowedKeyType(
                   keyTypeCase_ = 1;
                   break;
                 }
-              case 16:
+              case 18:
                 {
-                  int rawValue = input.readEnum();
+                  com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                          .EcKeyType.Builder
+                      subBuilder = null;
+                  if (keyTypeCase_ == 2) {
+                    subBuilder =
+                        ((com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy
+                                    .AllowedKeyType.EcKeyType)
+                                keyType_)
+                            .toBuilder();
+                  }
+                  keyType_ =
+                      input.readMessage(
+                          com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy
+                              .AllowedKeyType.EcKeyType.parser(),
+                          extensionRegistry);
+                  if (subBuilder != null) {
+                    subBuilder.mergeFrom(
+                        (com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                                .EcKeyType)
+                            keyType_);
+                    keyType_ = subBuilder.buildPartial();
+                  }
                   keyTypeCase_ = 2;
-                  keyType_ = rawValue;
                   break;
                 }
               default:
@@ -1835,191 +1854,6 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
                     .class);
       }
 
-      /**
-       *
-       *
-       * 
-       * Describes a named Elliptic Curve that may be used in a [Certificate][google.cloud.security.privateca.v1.Certificate]
-       * issued from a [CaPool][google.cloud.security.privateca.v1.CaPool].
-       * 

-       *
-       * Protobuf enum {@code
-       * google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.NamedCurve}
-       */
-      public enum NamedCurve implements com.google.protobuf.ProtocolMessageEnum {
-        /**
-         *
-         *
-         * 
-         * Not specified.
-         * 

-         *
-         * NAMED_CURVE_UNSPECIFIED = 0;
-         */
-        NAMED_CURVE_UNSPECIFIED(0),
-        /**
-         *
-         *
-         * 
-         * Refers to the NIST P-256 curve.
-         * 

-         *
-         * ECDSA_P256 = 2;
-         */
-        ECDSA_P256(2),
-        /**
-         *
-         *
-         * 
-         * Refers to the NIST P-384 curve.
-         * 

-         *
-         * ECDSA_P384 = 3;
-         */
-        ECDSA_P384(3),
-        /**
-         *
-         *
-         * 
-         * Refers to the Ed25519 curve, as described in RFC 8410.
-         * 

-         *
-         * EDDSA_25519 = 4;
-         */
-        EDDSA_25519(4),
-        UNRECOGNIZED(-1),
-        ;
-
-        /**
-         *
-         *
-         * 
-         * Not specified.
-         * 

-         *
-         * NAMED_CURVE_UNSPECIFIED = 0;
-         */
-        public static final int NAMED_CURVE_UNSPECIFIED_VALUE = 0;
-        /**
-         *
-         *
-         * 
-         * Refers to the NIST P-256 curve.
-         * 

-         *
-         * ECDSA_P256 = 2;
-         */
-        public static final int ECDSA_P256_VALUE = 2;
-        /**
-         *
-         *
-         * 
-         * Refers to the NIST P-384 curve.
-         * 

-         *
-         * ECDSA_P384 = 3;
-         */
-        public static final int ECDSA_P384_VALUE = 3;
-        /**
-         *
-         *
-         * 
-         * Refers to the Ed25519 curve, as described in RFC 8410.
-         * 

-         *
-         * EDDSA_25519 = 4;
-         */
-        public static final int EDDSA_25519_VALUE = 4;
-
-        public final int getNumber() {
-          if (this == UNRECOGNIZED) {
-            throw new java.lang.IllegalArgumentException(
-                "Can't get the number of an unknown enum value.");
-          }
-          return value;
-        }
-
-        /**
-         * @param value The numeric wire value of the corresponding enum entry.
-         * @return The enum associated with the given numeric wire value.
-         * @deprecated Use {@link #forNumber(int)} instead.
-         */
-        @java.lang.Deprecated
-        public static NamedCurve valueOf(int value) {
-          return forNumber(value);
-        }
-
-        /**
-         * @param value The numeric wire value of the corresponding enum entry.
-         * @return The enum associated with the given numeric wire value.
-         */
-        public static NamedCurve forNumber(int value) {
-          switch (value) {
-            case 0:
-              return NAMED_CURVE_UNSPECIFIED;
-            case 2:
-              return ECDSA_P256;
-            case 3:
-              return ECDSA_P384;
-            case 4:
-              return EDDSA_25519;
-            default:
-              return null;
-          }
-        }
-
-        public static com.google.protobuf.Internal.EnumLiteMap internalGetValueMap() {
-          return internalValueMap;
-        }
-
-        private static final com.google.protobuf.Internal.EnumLiteMap internalValueMap =
-            new com.google.protobuf.Internal.EnumLiteMap() {
-              public NamedCurve findValueByNumber(int number) {
-                return NamedCurve.forNumber(number);
-              }
-            };
-
-        public final com.google.protobuf.Descriptors.EnumValueDescriptor getValueDescriptor() {
-          if (this == UNRECOGNIZED) {
-            throw new java.lang.IllegalStateException(
-                "Can't get the descriptor of an unrecognized enum value.");
-          }
-          return getDescriptor().getValues().get(ordinal());
-        }
-
-        public final com.google.protobuf.Descriptors.EnumDescriptor getDescriptorForType() {
-          return getDescriptor();
-        }
-
-        public static final com.google.protobuf.Descriptors.EnumDescriptor getDescriptor() {
-          return com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
-              .getDescriptor()
-              .getEnumTypes()
-              .get(0);
-        }
-
-        private static final NamedCurve[] VALUES = values();
-
-        public static NamedCurve valueOf(com.google.protobuf.Descriptors.EnumValueDescriptor desc) {
-          if (desc.getType() != getDescriptor()) {
-            throw new java.lang.IllegalArgumentException(
-                "EnumValueDescriptor is not for this type.");
-          }
-          if (desc.getIndex() == -1) {
-            return UNRECOGNIZED;
-          }
-          return VALUES[desc.getIndex()];
-        }
-
-        private final int value;
-
-        private NamedCurve(int value) {
-          this.value = value;
-        }
-
-        // @@protoc_insertion_point(enum_scope:google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.NamedCurve)
-      }
-
       public interface RsaKeyTypeOrBuilder
           extends
           // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.RsaKeyType)
@@ -2571,14 +2405,956 @@ public Builder mergeFrom(
               com.google.protobuf.CodedInputStream input,
               com.google.protobuf.ExtensionRegistryLite extensionRegistry)
               throws java.io.IOException {
-            com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.RsaKeyType
+            com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.RsaKeyType
+                parsedMessage = null;
+            try {
+              parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+            } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+              parsedMessage =
+                  (com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                          .RsaKeyType)
+                      e.getUnfinishedMessage();
+              throw e.unwrapIOException();
+            } finally {
+              if (parsedMessage != null) {
+                mergeFrom(parsedMessage);
+              }
+            }
+            return this;
+          }
+
+          private long minModulusSize_;
+          /**
+           *
+           *
+           * 
+           * Optional. The minimum allowed RSA modulus size, in bits. If this is not set,
+           * or if set to zero, the service-level min RSA modulus size will
+           * continue to apply.
+           * 

+           *
+           * int64 min_modulus_size = 1 [(.google.api.field_behavior) = OPTIONAL];
+           *
+           * @return The minModulusSize.
+           */
+          @java.lang.Override
+          public long getMinModulusSize() {
+            return minModulusSize_;
+          }
+          /**
+           *
+           *
+           * 
+           * Optional. The minimum allowed RSA modulus size, in bits. If this is not set,
+           * or if set to zero, the service-level min RSA modulus size will
+           * continue to apply.
+           * 

+           *
+           * int64 min_modulus_size = 1 [(.google.api.field_behavior) = OPTIONAL];
+           *
+           * @param value The minModulusSize to set.
+           * @return This builder for chaining.
+           */
+          public Builder setMinModulusSize(long value) {
+
+            minModulusSize_ = value;
+            onChanged();
+            return this;
+          }
+          /**
+           *
+           *
+           * 
+           * Optional. The minimum allowed RSA modulus size, in bits. If this is not set,
+           * or if set to zero, the service-level min RSA modulus size will
+           * continue to apply.
+           * 

+           *
+           * int64 min_modulus_size = 1 [(.google.api.field_behavior) = OPTIONAL];
+           *
+           * @return This builder for chaining.
+           */
+          public Builder clearMinModulusSize() {
+
+            minModulusSize_ = 0L;
+            onChanged();
+            return this;
+          }
+
+          private long maxModulusSize_;
+          /**
+           *
+           *
+           * 
+           * Optional. The maximum allowed RSA modulus size, in bits. If this is not set,
+           * or if set to zero, the service will not enforce an explicit upper
+           * bound on RSA modulus sizes.
+           * 

+           *
+           * int64 max_modulus_size = 2 [(.google.api.field_behavior) = OPTIONAL];
+           *
+           * @return The maxModulusSize.
+           */
+          @java.lang.Override
+          public long getMaxModulusSize() {
+            return maxModulusSize_;
+          }
+          /**
+           *
+           *
+           * 
+           * Optional. The maximum allowed RSA modulus size, in bits. If this is not set,
+           * or if set to zero, the service will not enforce an explicit upper
+           * bound on RSA modulus sizes.
+           * 

+           *
+           * int64 max_modulus_size = 2 [(.google.api.field_behavior) = OPTIONAL];
+           *
+           * @param value The maxModulusSize to set.
+           * @return This builder for chaining.
+           */
+          public Builder setMaxModulusSize(long value) {
+
+            maxModulusSize_ = value;
+            onChanged();
+            return this;
+          }
+          /**
+           *
+           *
+           * 
+           * Optional. The maximum allowed RSA modulus size, in bits. If this is not set,
+           * or if set to zero, the service will not enforce an explicit upper
+           * bound on RSA modulus sizes.
+           * 

+           *
+           * int64 max_modulus_size = 2 [(.google.api.field_behavior) = OPTIONAL];
+           *
+           * @return This builder for chaining.
+           */
+          public Builder clearMaxModulusSize() {
+
+            maxModulusSize_ = 0L;
+            onChanged();
+            return this;
+          }
+
+          @java.lang.Override
+          public final Builder setUnknownFields(
+              final com.google.protobuf.UnknownFieldSet unknownFields) {
+            return super.setUnknownFields(unknownFields);
+          }
+
+          @java.lang.Override
+          public final Builder mergeUnknownFields(
+              final com.google.protobuf.UnknownFieldSet unknownFields) {
+            return super.mergeUnknownFields(unknownFields);
+          }
+
+          // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.RsaKeyType)
+        }
+
+        // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.RsaKeyType)
+        private static final com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy
+                .AllowedKeyType.RsaKeyType
+            DEFAULT_INSTANCE;
+
+        static {
+          DEFAULT_INSTANCE =
+              new com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                  .RsaKeyType();
+        }
+
+        public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                .RsaKeyType
+            getDefaultInstance() {
+          return DEFAULT_INSTANCE;
+        }
+
+        private static final com.google.protobuf.Parser PARSER =
+            new com.google.protobuf.AbstractParser() {
+              @java.lang.Override
+              public RsaKeyType parsePartialFrom(
+                  com.google.protobuf.CodedInputStream input,
+                  com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+                  throws com.google.protobuf.InvalidProtocolBufferException {
+                return new RsaKeyType(input, extensionRegistry);
+              }
+            };
+
+        public static com.google.protobuf.Parser parser() {
+          return PARSER;
+        }
+
+        @java.lang.Override
+        public com.google.protobuf.Parser getParserForType() {
+          return PARSER;
+        }
+
+        @java.lang.Override
+        public com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                .RsaKeyType
+            getDefaultInstanceForType() {
+          return DEFAULT_INSTANCE;
+        }
+      }
+
+      public interface EcKeyTypeOrBuilder
+          extends
+          // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType)
+          com.google.protobuf.MessageOrBuilder {
+
+        /**
+         *
+         *
+         * 
+         * Optional. A signature algorithm that must be used. If this is omitted, any
+         * EC-based signature algorithm will be allowed.
+         * 

+         *
+         * 
+         * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType.EcSignatureAlgorithm signature_algorithm = 1 [(.google.api.field_behavior) = OPTIONAL];
+         * 
+         *
+         * @return The enum numeric value on the wire for signatureAlgorithm.
+         */
+        int getSignatureAlgorithmValue();
+        /**
+         *
+         *
+         * 
+         * Optional. A signature algorithm that must be used. If this is omitted, any
+         * EC-based signature algorithm will be allowed.
+         * 

+         *
+         * 
+         * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType.EcSignatureAlgorithm signature_algorithm = 1 [(.google.api.field_behavior) = OPTIONAL];
+         * 
+         *
+         * @return The signatureAlgorithm.
+         */
+        com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType
+                .EcSignatureAlgorithm
+            getSignatureAlgorithm();
+      }
+      /**
+       *
+       *
+       * 
+       * Describes an Elliptic Curve key that may be used in a [Certificate][google.cloud.security.privateca.v1.Certificate]
+       * issued from a [CaPool][google.cloud.security.privateca.v1.CaPool].
+       * 

+       *
+       * Protobuf type {@code
+       * google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType}
+       */
+      public static final class EcKeyType extends com.google.protobuf.GeneratedMessageV3
+          implements
+          // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType)
+          EcKeyTypeOrBuilder {
+        private static final long serialVersionUID = 0L;
+        // Use EcKeyType.newBuilder() to construct.
+        private EcKeyType(com.google.protobuf.GeneratedMessageV3.Builder builder) {
+          super(builder);
+        }
+
+        private EcKeyType() {
+          signatureAlgorithm_ = 0;
+        }
+
+        @java.lang.Override
+        @SuppressWarnings({"unused"})
+        protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+          return new EcKeyType();
+        }
+
+        @java.lang.Override
+        public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+          return this.unknownFields;
+        }
+
+        private EcKeyType(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          this();
+          if (extensionRegistry == null) {
+            throw new java.lang.NullPointerException();
+          }
+          com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+              com.google.protobuf.UnknownFieldSet.newBuilder();
+          try {
+            boolean done = false;
+            while (!done) {
+              int tag = input.readTag();
+              switch (tag) {
+                case 0:
+                  done = true;
+                  break;
+                case 8:
+                  {
+                    int rawValue = input.readEnum();
+
+                    signatureAlgorithm_ = rawValue;
+                    break;
+                  }
+                default:
+                  {
+                    if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                      done = true;
+                    }
+                    break;
+                  }
+              }
+            }
+          } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+            throw e.setUnfinishedMessage(this);
+          } catch (java.io.IOException e) {
+            throw new com.google.protobuf.InvalidProtocolBufferException(e)
+                .setUnfinishedMessage(this);
+          } finally {
+            this.unknownFields = unknownFields.build();
+            makeExtensionsImmutable();
+          }
+        }
+
+        public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+          return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+              .internal_static_google_cloud_security_privateca_v1_CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_descriptor;
+        }
+
+        @java.lang.Override
+        protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+            internalGetFieldAccessorTable() {
+          return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+              .internal_static_google_cloud_security_privateca_v1_CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_fieldAccessorTable
+              .ensureFieldAccessorsInitialized(
+                  com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                      .EcKeyType.class,
+                  com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                      .EcKeyType.Builder.class);
+        }
+
+        /**
+         *
+         *
+         * 
+         * Describes an elliptic curve-based signature algorithm that may be
+         * used in a [Certificate][google.cloud.security.privateca.v1.Certificate] issued from a [CaPool][google.cloud.security.privateca.v1.CaPool].
+         * 

+         *
+         * Protobuf enum {@code
+         * google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType.EcSignatureAlgorithm}
+         */
+        public enum EcSignatureAlgorithm implements com.google.protobuf.ProtocolMessageEnum {
+          /**
+           *
+           *
+           * 
+           * Not specified. Signifies that any signature algorithm may be used.
+           * 

+           *
+           * EC_SIGNATURE_ALGORITHM_UNSPECIFIED = 0;
+           */
+          EC_SIGNATURE_ALGORITHM_UNSPECIFIED(0),
+          /**
+           *
+           *
+           * 
+           * Refers to the Elliptic Curve Digital Signature Algorithm over the
+           * NIST P-256 curve.
+           * 

+           *
+           * ECDSA_P256 = 1;
+           */
+          ECDSA_P256(1),
+          /**
+           *
+           *
+           * 
+           * Refers to the Elliptic Curve Digital Signature Algorithm over the
+           * NIST P-384 curve.
+           * 

+           *
+           * ECDSA_P384 = 2;
+           */
+          ECDSA_P384(2),
+          /**
+           *
+           *
+           * 
+           * Refers to the Edwards-curve Digital Signature Algorithm over curve
+           * 25519, as described in RFC 8410.
+           * 

+           *
+           * EDDSA_25519 = 3;
+           */
+          EDDSA_25519(3),
+          UNRECOGNIZED(-1),
+          ;
+
+          /**
+           *
+           *
+           * 
+           * Not specified. Signifies that any signature algorithm may be used.
+           * 

+           *
+           * EC_SIGNATURE_ALGORITHM_UNSPECIFIED = 0;
+           */
+          public static final int EC_SIGNATURE_ALGORITHM_UNSPECIFIED_VALUE = 0;
+          /**
+           *
+           *
+           * 
+           * Refers to the Elliptic Curve Digital Signature Algorithm over the
+           * NIST P-256 curve.
+           * 

+           *
+           * ECDSA_P256 = 1;
+           */
+          public static final int ECDSA_P256_VALUE = 1;
+          /**
+           *
+           *
+           * 
+           * Refers to the Elliptic Curve Digital Signature Algorithm over the
+           * NIST P-384 curve.
+           * 

+           *
+           * ECDSA_P384 = 2;
+           */
+          public static final int ECDSA_P384_VALUE = 2;
+          /**
+           *
+           *
+           * 
+           * Refers to the Edwards-curve Digital Signature Algorithm over curve
+           * 25519, as described in RFC 8410.
+           * 

+           *
+           * EDDSA_25519 = 3;
+           */
+          public static final int EDDSA_25519_VALUE = 3;
+
+          public final int getNumber() {
+            if (this == UNRECOGNIZED) {
+              throw new java.lang.IllegalArgumentException(
+                  "Can't get the number of an unknown enum value.");
+            }
+            return value;
+          }
+
+          /**
+           * @param value The numeric wire value of the corresponding enum entry.
+           * @return The enum associated with the given numeric wire value.
+           * @deprecated Use {@link #forNumber(int)} instead.
+           */
+          @java.lang.Deprecated
+          public static EcSignatureAlgorithm valueOf(int value) {
+            return forNumber(value);
+          }
+
+          /**
+           * @param value The numeric wire value of the corresponding enum entry.
+           * @return The enum associated with the given numeric wire value.
+           */
+          public static EcSignatureAlgorithm forNumber(int value) {
+            switch (value) {
+              case 0:
+                return EC_SIGNATURE_ALGORITHM_UNSPECIFIED;
+              case 1:
+                return ECDSA_P256;
+              case 2:
+                return ECDSA_P384;
+              case 3:
+                return EDDSA_25519;
+              default:
+                return null;
+            }
+          }
+
+          public static com.google.protobuf.Internal.EnumLiteMap
+              internalGetValueMap() {
+            return internalValueMap;
+          }
+
+          private static final com.google.protobuf.Internal.EnumLiteMap
+              internalValueMap =
+                  new com.google.protobuf.Internal.EnumLiteMap() {
+                    public EcSignatureAlgorithm findValueByNumber(int number) {
+                      return EcSignatureAlgorithm.forNumber(number);
+                    }
+                  };
+
+          public final com.google.protobuf.Descriptors.EnumValueDescriptor getValueDescriptor() {
+            if (this == UNRECOGNIZED) {
+              throw new java.lang.IllegalStateException(
+                  "Can't get the descriptor of an unrecognized enum value.");
+            }
+            return getDescriptor().getValues().get(ordinal());
+          }
+
+          public final com.google.protobuf.Descriptors.EnumDescriptor getDescriptorForType() {
+            return getDescriptor();
+          }
+
+          public static final com.google.protobuf.Descriptors.EnumDescriptor getDescriptor() {
+            return com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                .EcKeyType.getDescriptor()
+                .getEnumTypes()
+                .get(0);
+          }
+
+          private static final EcSignatureAlgorithm[] VALUES = values();
+
+          public static EcSignatureAlgorithm valueOf(
+              com.google.protobuf.Descriptors.EnumValueDescriptor desc) {
+            if (desc.getType() != getDescriptor()) {
+              throw new java.lang.IllegalArgumentException(
+                  "EnumValueDescriptor is not for this type.");
+            }
+            if (desc.getIndex() == -1) {
+              return UNRECOGNIZED;
+            }
+            return VALUES[desc.getIndex()];
+          }
+
+          private final int value;
+
+          private EcSignatureAlgorithm(int value) {
+            this.value = value;
+          }
+
+          // @@protoc_insertion_point(enum_scope:google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType.EcSignatureAlgorithm)
+        }
+
+        public static final int SIGNATURE_ALGORITHM_FIELD_NUMBER = 1;
+        private int signatureAlgorithm_;
+        /**
+         *
+         *
+         * 
+         * Optional. A signature algorithm that must be used. If this is omitted, any
+         * EC-based signature algorithm will be allowed.
+         * 

+         *
+         * 
+         * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType.EcSignatureAlgorithm signature_algorithm = 1 [(.google.api.field_behavior) = OPTIONAL];
+         * 
+         *
+         * @return The enum numeric value on the wire for signatureAlgorithm.
+         */
+        @java.lang.Override
+        public int getSignatureAlgorithmValue() {
+          return signatureAlgorithm_;
+        }
+        /**
+         *
+         *
+         * 
+         * Optional. A signature algorithm that must be used. If this is omitted, any
+         * EC-based signature algorithm will be allowed.
+         * 

+         *
+         * 
+         * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType.EcSignatureAlgorithm signature_algorithm = 1 [(.google.api.field_behavior) = OPTIONAL];
+         * 
+         *
+         * @return The signatureAlgorithm.
+         */
+        @java.lang.Override
+        public com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType
+                .EcSignatureAlgorithm
+            getSignatureAlgorithm() {
+          @SuppressWarnings("deprecation")
+          com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType
+                  .EcSignatureAlgorithm
+              result =
+                  com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                      .EcKeyType.EcSignatureAlgorithm.valueOf(signatureAlgorithm_);
+          return result == null
+              ? com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                  .EcKeyType.EcSignatureAlgorithm.UNRECOGNIZED
+              : result;
+        }
+
+        private byte memoizedIsInitialized = -1;
+
+        @java.lang.Override
+        public final boolean isInitialized() {
+          byte isInitialized = memoizedIsInitialized;
+          if (isInitialized == 1) return true;
+          if (isInitialized == 0) return false;
+
+          memoizedIsInitialized = 1;
+          return true;
+        }
+
+        @java.lang.Override
+        public void writeTo(com.google.protobuf.CodedOutputStream output)
+            throws java.io.IOException {
+          if (signatureAlgorithm_
+              != com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                  .EcKeyType.EcSignatureAlgorithm.EC_SIGNATURE_ALGORITHM_UNSPECIFIED
+                  .getNumber()) {
+            output.writeEnum(1, signatureAlgorithm_);
+          }
+          unknownFields.writeTo(output);
+        }
+
+        @java.lang.Override
+        public int getSerializedSize() {
+          int size = memoizedSize;
+          if (size != -1) return size;
+
+          size = 0;
+          if (signatureAlgorithm_
+              != com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                  .EcKeyType.EcSignatureAlgorithm.EC_SIGNATURE_ALGORITHM_UNSPECIFIED
+                  .getNumber()) {
+            size += com.google.protobuf.CodedOutputStream.computeEnumSize(1, signatureAlgorithm_);
+          }
+          size += unknownFields.getSerializedSize();
+          memoizedSize = size;
+          return size;
+        }
+
+        @java.lang.Override
+        public boolean equals(final java.lang.Object obj) {
+          if (obj == this) {
+            return true;
+          }
+          if (!(obj
+              instanceof
+              com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                  .EcKeyType)) {
+            return super.equals(obj);
+          }
+          com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType
+              other =
+                  (com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                          .EcKeyType)
+                      obj;
+
+          if (signatureAlgorithm_ != other.signatureAlgorithm_) return false;
+          if (!unknownFields.equals(other.unknownFields)) return false;
+          return true;
+        }
+
+        @java.lang.Override
+        public int hashCode() {
+          if (memoizedHashCode != 0) {
+            return memoizedHashCode;
+          }
+          int hash = 41;
+          hash = (19 * hash) + getDescriptor().hashCode();
+          hash = (37 * hash) + SIGNATURE_ALGORITHM_FIELD_NUMBER;
+          hash = (53 * hash) + signatureAlgorithm_;
+          hash = (29 * hash) + unknownFields.hashCode();
+          memoizedHashCode = hash;
+          return hash;
+        }
+
+        public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                .EcKeyType
+            parseFrom(java.nio.ByteBuffer data)
+                throws com.google.protobuf.InvalidProtocolBufferException {
+          return PARSER.parseFrom(data);
+        }
+
+        public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                .EcKeyType
+            parseFrom(
+                java.nio.ByteBuffer data,
+                com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+                throws com.google.protobuf.InvalidProtocolBufferException {
+          return PARSER.parseFrom(data, extensionRegistry);
+        }
+
+        public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                .EcKeyType
+            parseFrom(com.google.protobuf.ByteString data)
+                throws com.google.protobuf.InvalidProtocolBufferException {
+          return PARSER.parseFrom(data);
+        }
+
+        public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                .EcKeyType
+            parseFrom(
+                com.google.protobuf.ByteString data,
+                com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+                throws com.google.protobuf.InvalidProtocolBufferException {
+          return PARSER.parseFrom(data, extensionRegistry);
+        }
+
+        public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                .EcKeyType
+            parseFrom(byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+          return PARSER.parseFrom(data);
+        }
+
+        public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                .EcKeyType
+            parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+                throws com.google.protobuf.InvalidProtocolBufferException {
+          return PARSER.parseFrom(data, extensionRegistry);
+        }
+
+        public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                .EcKeyType
+            parseFrom(java.io.InputStream input) throws java.io.IOException {
+          return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+        }
+
+        public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                .EcKeyType
+            parseFrom(
+                java.io.InputStream input,
+                com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+                throws java.io.IOException {
+          return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+              PARSER, input, extensionRegistry);
+        }
+
+        public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                .EcKeyType
+            parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+          return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+              PARSER, input);
+        }
+
+        public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                .EcKeyType
+            parseDelimitedFrom(
+                java.io.InputStream input,
+                com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+                throws java.io.IOException {
+          return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+              PARSER, input, extensionRegistry);
+        }
+
+        public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                .EcKeyType
+            parseFrom(com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+          return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+        }
+
+        public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                .EcKeyType
+            parseFrom(
+                com.google.protobuf.CodedInputStream input,
+                com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+                throws java.io.IOException {
+          return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+              PARSER, input, extensionRegistry);
+        }
+
+        @java.lang.Override
+        public Builder newBuilderForType() {
+          return newBuilder();
+        }
+
+        public static Builder newBuilder() {
+          return DEFAULT_INSTANCE.toBuilder();
+        }
+
+        public static Builder newBuilder(
+            com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType
+                prototype) {
+          return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+        }
+
+        @java.lang.Override
+        public Builder toBuilder() {
+          return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+        }
+
+        @java.lang.Override
+        protected Builder newBuilderForType(
+            com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+          Builder builder = new Builder(parent);
+          return builder;
+        }
+        /**
+         *
+         *
+         * 
+         * Describes an Elliptic Curve key that may be used in a [Certificate][google.cloud.security.privateca.v1.Certificate]
+         * issued from a [CaPool][google.cloud.security.privateca.v1.CaPool].
+         * 

+         *
+         * Protobuf type {@code
+         * google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType}
+         */
+        public static final class Builder
+            extends com.google.protobuf.GeneratedMessageV3.Builder
+            implements
+            // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType)
+            com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                .EcKeyTypeOrBuilder {
+          public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+            return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+                .internal_static_google_cloud_security_privateca_v1_CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_descriptor;
+          }
+
+          @java.lang.Override
+          protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+              internalGetFieldAccessorTable() {
+            return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+                .internal_static_google_cloud_security_privateca_v1_CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_fieldAccessorTable
+                .ensureFieldAccessorsInitialized(
+                    com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                        .EcKeyType.class,
+                    com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                        .EcKeyType.Builder.class);
+          }
+
+          // Construct using
+          // com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType.newBuilder()
+          private Builder() {
+            maybeForceBuilderInitialization();
+          }
+
+          private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+            super(parent);
+            maybeForceBuilderInitialization();
+          }
+
+          private void maybeForceBuilderInitialization() {
+            if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+          }
+
+          @java.lang.Override
+          public Builder clear() {
+            super.clear();
+            signatureAlgorithm_ = 0;
+
+            return this;
+          }
+
+          @java.lang.Override
+          public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+            return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+                .internal_static_google_cloud_security_privateca_v1_CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_descriptor;
+          }
+
+          @java.lang.Override
+          public com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                  .EcKeyType
+              getDefaultInstanceForType() {
+            return com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                .EcKeyType.getDefaultInstance();
+          }
+
+          @java.lang.Override
+          public com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                  .EcKeyType
+              build() {
+            com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType
+                result = buildPartial();
+            if (!result.isInitialized()) {
+              throw newUninitializedMessageException(result);
+            }
+            return result;
+          }
+
+          @java.lang.Override
+          public com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                  .EcKeyType
+              buildPartial() {
+            com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType
+                result =
+                    new com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                        .EcKeyType(this);
+            result.signatureAlgorithm_ = signatureAlgorithm_;
+            onBuilt();
+            return result;
+          }
+
+          @java.lang.Override
+          public Builder clone() {
+            return super.clone();
+          }
+
+          @java.lang.Override
+          public Builder setField(
+              com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+            return super.setField(field, value);
+          }
+
+          @java.lang.Override
+          public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+            return super.clearField(field);
+          }
+
+          @java.lang.Override
+          public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+            return super.clearOneof(oneof);
+          }
+
+          @java.lang.Override
+          public Builder setRepeatedField(
+              com.google.protobuf.Descriptors.FieldDescriptor field,
+              int index,
+              java.lang.Object value) {
+            return super.setRepeatedField(field, index, value);
+          }
+
+          @java.lang.Override
+          public Builder addRepeatedField(
+              com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+            return super.addRepeatedField(field, value);
+          }
+
+          @java.lang.Override
+          public Builder mergeFrom(com.google.protobuf.Message other) {
+            if (other
+                instanceof
+                com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                    .EcKeyType) {
+              return mergeFrom(
+                  (com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                          .EcKeyType)
+                      other);
+            } else {
+              super.mergeFrom(other);
+              return this;
+            }
+          }
+
+          public Builder mergeFrom(
+              com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType
+                  other) {
+            if (other
+                == com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                    .EcKeyType.getDefaultInstance()) return this;
+            if (other.signatureAlgorithm_ != 0) {
+              setSignatureAlgorithmValue(other.getSignatureAlgorithmValue());
+            }
+            this.mergeUnknownFields(other.unknownFields);
+            onChanged();
+            return this;
+          }
+
+          @java.lang.Override
+          public final boolean isInitialized() {
+            return true;
+          }
+
+          @java.lang.Override
+          public Builder mergeFrom(
+              com.google.protobuf.CodedInputStream input,
+              com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+              throws java.io.IOException {
+            com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType
                 parsedMessage = null;
             try {
               parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
             } catch (com.google.protobuf.InvalidProtocolBufferException e) {
               parsedMessage =
                   (com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
-                          .RsaKeyType)
+                          .EcKeyType)
                       e.getUnfinishedMessage();
               throw e.unwrapIOException();
             } finally {
@@ -2589,99 +3365,99 @@ public Builder mergeFrom(
             return this;
           }
 
-          private long minModulusSize_;
+          private int signatureAlgorithm_ = 0;
           /**
            *
            *
            * 
-           * Optional. The minimum allowed RSA modulus size, in bits. If this is not set,
-           * or if set to zero, the service-level min RSA modulus size will
-           * continue to apply.
+           * Optional. A signature algorithm that must be used. If this is omitted, any
+           * EC-based signature algorithm will be allowed.
            * 

            *
-           * int64 min_modulus_size = 1 [(.google.api.field_behavior) = OPTIONAL];
+           * 
+           * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType.EcSignatureAlgorithm signature_algorithm = 1 [(.google.api.field_behavior) = OPTIONAL];
+           * 
            *
-           * @return The minModulusSize.
+           * @return The enum numeric value on the wire for signatureAlgorithm.
            */
           @java.lang.Override
-          public long getMinModulusSize() {
-            return minModulusSize_;
-          }
-          /**
-           *
-           *
-           * 
-           * Optional. The minimum allowed RSA modulus size, in bits. If this is not set,
-           * or if set to zero, the service-level min RSA modulus size will
-           * continue to apply.
-           * 

-           *
-           * int64 min_modulus_size = 1 [(.google.api.field_behavior) = OPTIONAL];
-           *
-           * @param value The minModulusSize to set.
-           * @return This builder for chaining.
-           */
-          public Builder setMinModulusSize(long value) {
-
-            minModulusSize_ = value;
-            onChanged();
-            return this;
+          public int getSignatureAlgorithmValue() {
+            return signatureAlgorithm_;
           }
           /**
            *
            *
            * 
-           * Optional. The minimum allowed RSA modulus size, in bits. If this is not set,
-           * or if set to zero, the service-level min RSA modulus size will
-           * continue to apply.
+           * Optional. A signature algorithm that must be used. If this is omitted, any
+           * EC-based signature algorithm will be allowed.
            * 

            *
-           * int64 min_modulus_size = 1 [(.google.api.field_behavior) = OPTIONAL];
+           * 
+           * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType.EcSignatureAlgorithm signature_algorithm = 1 [(.google.api.field_behavior) = OPTIONAL];
+           * 
            *
+           * @param value The enum numeric value on the wire for signatureAlgorithm to set.
            * @return This builder for chaining.
            */
-          public Builder clearMinModulusSize() {
+          public Builder setSignatureAlgorithmValue(int value) {
 
-            minModulusSize_ = 0L;
+            signatureAlgorithm_ = value;
             onChanged();
             return this;
           }
-
-          private long maxModulusSize_;
           /**
            *
            *
            * 
-           * Optional. The maximum allowed RSA modulus size, in bits. If this is not set,
-           * or if set to zero, the service will not enforce an explicit upper
-           * bound on RSA modulus sizes.
+           * Optional. A signature algorithm that must be used. If this is omitted, any
+           * EC-based signature algorithm will be allowed.
            * 

            *
-           * int64 max_modulus_size = 2 [(.google.api.field_behavior) = OPTIONAL];
+           * 
+           * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType.EcSignatureAlgorithm signature_algorithm = 1 [(.google.api.field_behavior) = OPTIONAL];
+           * 
            *
-           * @return The maxModulusSize.
+           * @return The signatureAlgorithm.
            */
           @java.lang.Override
-          public long getMaxModulusSize() {
-            return maxModulusSize_;
+          public com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                  .EcKeyType.EcSignatureAlgorithm
+              getSignatureAlgorithm() {
+            @SuppressWarnings("deprecation")
+            com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType
+                    .EcSignatureAlgorithm
+                result =
+                    com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                        .EcKeyType.EcSignatureAlgorithm.valueOf(signatureAlgorithm_);
+            return result == null
+                ? com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                    .EcKeyType.EcSignatureAlgorithm.UNRECOGNIZED
+                : result;
           }
           /**
            *
            *
            * 
-           * Optional. The maximum allowed RSA modulus size, in bits. If this is not set,
-           * or if set to zero, the service will not enforce an explicit upper
-           * bound on RSA modulus sizes.
+           * Optional. A signature algorithm that must be used. If this is omitted, any
+           * EC-based signature algorithm will be allowed.
            * 

            *
-           * int64 max_modulus_size = 2 [(.google.api.field_behavior) = OPTIONAL];
+           * 
+           * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType.EcSignatureAlgorithm signature_algorithm = 1 [(.google.api.field_behavior) = OPTIONAL];
+           * 
            *
-           * @param value The maxModulusSize to set.
+           * @param value The signatureAlgorithm to set.
            * @return This builder for chaining.
            */
-          public Builder setMaxModulusSize(long value) {
+          public Builder setSignatureAlgorithm(
+              com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType
+                      .EcSignatureAlgorithm
+                  value) {
+            if (value == null) {
+              throw new NullPointerException();
+            }
 
-            maxModulusSize_ = value;
+            signatureAlgorithm_ = value.getNumber();
             onChanged();
             return this;
           }
@@ -2689,18 +3465,19 @@ public Builder setMaxModulusSize(long value) {
            *
            *
            * 
-           * Optional. The maximum allowed RSA modulus size, in bits. If this is not set,
-           * or if set to zero, the service will not enforce an explicit upper
-           * bound on RSA modulus sizes.
+           * Optional. A signature algorithm that must be used. If this is omitted, any
+           * EC-based signature algorithm will be allowed.
            * 

            *
-           * int64 max_modulus_size = 2 [(.google.api.field_behavior) = OPTIONAL];
+           * 
+           * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType.EcSignatureAlgorithm signature_algorithm = 1 [(.google.api.field_behavior) = OPTIONAL];
+           * 
            *
            * @return This builder for chaining.
            */
-          public Builder clearMaxModulusSize() {
+          public Builder clearSignatureAlgorithm() {
 
-            maxModulusSize_ = 0L;
+            signatureAlgorithm_ = 0;
             onChanged();
             return this;
           }
@@ -2717,49 +3494,48 @@ public final Builder mergeUnknownFields(
             return super.mergeUnknownFields(unknownFields);
           }
 
-          // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.RsaKeyType)
+          // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType)
         }
 
-        // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.RsaKeyType)
+        // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType)
         private static final com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy
-                .AllowedKeyType.RsaKeyType
+                .AllowedKeyType.EcKeyType
             DEFAULT_INSTANCE;
 
         static {
           DEFAULT_INSTANCE =
               new com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
-                  .RsaKeyType();
+                  .EcKeyType();
         }
 
         public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
-                .RsaKeyType
+                .EcKeyType
             getDefaultInstance() {
           return DEFAULT_INSTANCE;
         }
 
-        private static final com.google.protobuf.Parser PARSER =
-            new com.google.protobuf.AbstractParser() {
+        private static final com.google.protobuf.Parser PARSER =
+            new com.google.protobuf.AbstractParser() {
               @java.lang.Override
-              public RsaKeyType parsePartialFrom(
+              public EcKeyType parsePartialFrom(
                   com.google.protobuf.CodedInputStream input,
                   com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                   throws com.google.protobuf.InvalidProtocolBufferException {
-                return new RsaKeyType(input, extensionRegistry);
+                return new EcKeyType(input, extensionRegistry);
               }
             };
 
-        public static com.google.protobuf.Parser parser() {
+        public static com.google.protobuf.Parser parser() {
           return PARSER;
         }
 
         @java.lang.Override
-        public com.google.protobuf.Parser getParserForType() {
+        public com.google.protobuf.Parser getParserForType() {
           return PARSER;
         }
 
         @java.lang.Override
-        public com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
-                .RsaKeyType
+        public com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType
             getDefaultInstanceForType() {
           return DEFAULT_INSTANCE;
         }
@@ -2887,11 +3663,12 @@ public boolean hasRsa() {
        * 

        *
        * 
-       * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.NamedCurve elliptic_curve = 2;
+       * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType elliptic_curve = 2;
        * 
        *
        * @return Whether the ellipticCurve field is set.
        */
+      @java.lang.Override
       public boolean hasEllipticCurve() {
         return keyTypeCase_ == 2;
       }
@@ -2903,16 +3680,21 @@ public boolean hasEllipticCurve() {
        * 

        *
        * 
-       * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.NamedCurve elliptic_curve = 2;
+       * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType elliptic_curve = 2;
        * 
        *
-       * @return The enum numeric value on the wire for ellipticCurve.
+       * @return The ellipticCurve.
        */
-      public int getEllipticCurveValue() {
+      @java.lang.Override
+      public com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType
+          getEllipticCurve() {
         if (keyTypeCase_ == 2) {
-          return (java.lang.Integer) keyType_;
+          return (com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                  .EcKeyType)
+              keyType_;
         }
-        return 0;
+        return com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType
+            .getDefaultInstance();
       }
       /**
        *
@@ -2922,26 +3704,20 @@ public int getEllipticCurveValue() {
        * 

        *
        * 
-       * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.NamedCurve elliptic_curve = 2;
+       * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType elliptic_curve = 2;
        * 
-       *
-       * @return The ellipticCurve.
        */
-      public com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.NamedCurve
-          getEllipticCurve() {
+      @java.lang.Override
+      public com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+              .EcKeyTypeOrBuilder
+          getEllipticCurveOrBuilder() {
         if (keyTypeCase_ == 2) {
-          @SuppressWarnings("deprecation")
-          com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.NamedCurve
-              result =
-                  com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
-                      .NamedCurve.valueOf((java.lang.Integer) keyType_);
-          return result == null
-              ? com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
-                  .NamedCurve.UNRECOGNIZED
-              : result;
+          return (com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                  .EcKeyType)
+              keyType_;
         }
-        return com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
-            .NamedCurve.NAMED_CURVE_UNSPECIFIED;
+        return com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType
+            .getDefaultInstance();
       }
 
       private byte memoizedIsInitialized = -1;
@@ -2966,7 +3742,11 @@ public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io
                   keyType_);
         }
         if (keyTypeCase_ == 2) {
-          output.writeEnum(2, ((java.lang.Integer) keyType_));
+          output.writeMessage(
+              2,
+              (com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                      .EcKeyType)
+                  keyType_);
         }
         unknownFields.writeTo(output);
       }
@@ -2987,8 +3767,11 @@ public int getSerializedSize() {
         }
         if (keyTypeCase_ == 2) {
           size +=
-              com.google.protobuf.CodedOutputStream.computeEnumSize(
-                  2, ((java.lang.Integer) keyType_));
+              com.google.protobuf.CodedOutputStream.computeMessageSize(
+                  2,
+                  (com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                          .EcKeyType)
+                      keyType_);
         }
         size += unknownFields.getSerializedSize();
         memoizedSize = size;
@@ -3014,7 +3797,7 @@ public boolean equals(final java.lang.Object obj) {
             if (!getRsa().equals(other.getRsa())) return false;
             break;
           case 2:
-            if (getEllipticCurveValue() != other.getEllipticCurveValue()) return false;
+            if (!getEllipticCurve().equals(other.getEllipticCurve())) return false;
             break;
           case 0:
           default:
@@ -3037,7 +3820,7 @@ public int hashCode() {
             break;
           case 2:
             hash = (37 * hash) + ELLIPTIC_CURVE_FIELD_NUMBER;
-            hash = (53 * hash) + getEllipticCurveValue();
+            hash = (53 * hash) + getEllipticCurve().hashCode();
             break;
           case 0:
           default:
@@ -3246,7 +4029,11 @@ public com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyTy
             }
           }
           if (keyTypeCase_ == 2) {
-            result.keyType_ = keyType_;
+            if (ellipticCurveBuilder_ == null) {
+              result.keyType_ = keyType_;
+            } else {
+              result.keyType_ = ellipticCurveBuilder_.build();
+            }
           }
           result.keyTypeCase_ = keyTypeCase_;
           onBuilt();
@@ -3315,7 +4102,7 @@ public Builder mergeFrom(
               }
             case ELLIPTIC_CURVE:
               {
-                setEllipticCurveValue(other.getEllipticCurveValue());
+                mergeEllipticCurve(other.getEllipticCurve());
                 break;
               }
             case KEYTYPE_NOT_SET:
@@ -3633,6 +4420,14 @@ public Builder clearRsa() {
           return rsaBuilder_;
         }
 
+        private com.google.protobuf.SingleFieldBuilderV3<
+                com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                    .EcKeyType,
+                com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                    .EcKeyType.Builder,
+                com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                    .EcKeyTypeOrBuilder>
+            ellipticCurveBuilder_;
         /**
          *
          *
@@ -3641,7 +4436,7 @@ public Builder clearRsa() {
          * 

          *
          * 
-         * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.NamedCurve elliptic_curve = 2;
+         * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType elliptic_curve = 2;
          * 
          *
          * @return Whether the ellipticCurve field is set.
@@ -3658,17 +4453,29 @@ public boolean hasEllipticCurve() {
          * 

          *
          * 
-         * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.NamedCurve elliptic_curve = 2;
+         * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType elliptic_curve = 2;
          * 
          *
-         * @return The enum numeric value on the wire for ellipticCurve.
+         * @return The ellipticCurve.
          */
         @java.lang.Override
-        public int getEllipticCurveValue() {
-          if (keyTypeCase_ == 2) {
-            return ((java.lang.Integer) keyType_).intValue();
+        public com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType
+            getEllipticCurve() {
+          if (ellipticCurveBuilder_ == null) {
+            if (keyTypeCase_ == 2) {
+              return (com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                      .EcKeyType)
+                  keyType_;
+            }
+            return com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                .EcKeyType.getDefaultInstance();
+          } else {
+            if (keyTypeCase_ == 2) {
+              return ellipticCurveBuilder_.getMessage();
+            }
+            return com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                .EcKeyType.getDefaultInstance();
           }
-          return 0;
         }
         /**
          *
@@ -3678,16 +4485,22 @@ public int getEllipticCurveValue() {
          *
* * - * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.NamedCurve elliptic_curve = 2; + * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType elliptic_curve = 2; * - * - * @param value The enum numeric value on the wire for ellipticCurve to set. - * @return This builder for chaining. */ - public Builder setEllipticCurveValue(int value) { + public Builder setEllipticCurve( + com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType + value) { + if (ellipticCurveBuilder_ == null) { + if (value == null) { + throw new NullPointerException(); + } + keyType_ = value; + onChanged(); + } else { + ellipticCurveBuilder_.setMessage(value); + } keyTypeCase_ = 2; - keyType_ = value; - onChanged(); return this; } /** @@ -3698,28 +4511,21 @@ public Builder setEllipticCurveValue(int value) { * * * - * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.NamedCurve elliptic_curve = 2; + * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType elliptic_curve = 2; * - * - * @return The ellipticCurve. */ - @java.lang.Override - public com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType - .NamedCurve - getEllipticCurve() { - if (keyTypeCase_ == 2) { - @SuppressWarnings("deprecation") - com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.NamedCurve - result = - com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType - .NamedCurve.valueOf((java.lang.Integer) keyType_); - return result == null - ? com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType - .NamedCurve.UNRECOGNIZED - : result; + public Builder setEllipticCurve( + com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType + .Builder + builderForValue) { + if (ellipticCurveBuilder_ == null) { + keyType_ = builderForValue.build(); + onChanged(); + } else { + ellipticCurveBuilder_.setMessage(builderForValue.build()); } - return com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType - .NamedCurve.NAMED_CURVE_UNSPECIFIED; + keyTypeCase_ = 2; + return this; } /** * @@ -3729,21 +4535,36 @@ public Builder setEllipticCurveValue(int value) { * * * - * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.NamedCurve elliptic_curve = 2; + * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType elliptic_curve = 2; * - * - * @param value The ellipticCurve to set. - * @return This builder for chaining. */ - public Builder setEllipticCurve( - com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.NamedCurve + public Builder mergeEllipticCurve( + com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType value) { - if (value == null) { - throw new NullPointerException(); + if (ellipticCurveBuilder_ == null) { + if (keyTypeCase_ == 2 + && keyType_ + != com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType + .EcKeyType.getDefaultInstance()) { + keyType_ = + com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType + .EcKeyType.newBuilder( + (com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy + .AllowedKeyType.EcKeyType) + keyType_) + .mergeFrom(value) + .buildPartial(); + } else { + keyType_ = value; + } + onChanged(); + } else { + if (keyTypeCase_ == 2) { + ellipticCurveBuilder_.mergeFrom(value); + } + ellipticCurveBuilder_.setMessage(value); } keyTypeCase_ = 2; - keyType_ = value.getNumber(); - onChanged(); return this; } /** @@ -3754,19 +4575,113 @@ public Builder setEllipticCurve( * * * - * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.NamedCurve elliptic_curve = 2; + * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType elliptic_curve = 2; * - * - * @return This builder for chaining. */ public Builder clearEllipticCurve() { - if (keyTypeCase_ == 2) { - keyTypeCase_ = 0; - keyType_ = null; - onChanged(); + if (ellipticCurveBuilder_ == null) { + if (keyTypeCase_ == 2) { + keyTypeCase_ = 0; + keyType_ = null; + onChanged(); + } + } else { + if (keyTypeCase_ == 2) { + keyTypeCase_ = 0; + keyType_ = null; + } + ellipticCurveBuilder_.clear(); } return this; } + /** + * + * + * 
+         * Represents an allowed Elliptic Curve key type.
+         *
+ * + * + * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType elliptic_curve = 2; + * + */ + public com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType + .Builder + getEllipticCurveBuilder() { + return getEllipticCurveFieldBuilder().getBuilder(); + } + /** + * + * + * 
+         * Represents an allowed Elliptic Curve key type.
+         *
+ * + * + * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType elliptic_curve = 2; + * + */ + @java.lang.Override + public com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType + .EcKeyTypeOrBuilder + getEllipticCurveOrBuilder() { + if ((keyTypeCase_ == 2) && (ellipticCurveBuilder_ != null)) { + return ellipticCurveBuilder_.getMessageOrBuilder(); + } else { + if (keyTypeCase_ == 2) { + return (com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType + .EcKeyType) + keyType_; + } + return com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType + .EcKeyType.getDefaultInstance(); + } + } + /** + * + * + * 
+         * Represents an allowed Elliptic Curve key type.
+         *
+ * + * + * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.EcKeyType elliptic_curve = 2; + * + */ + private com.google.protobuf.SingleFieldBuilderV3< + com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType + .EcKeyType, + com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType + .EcKeyType.Builder, + com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType + .EcKeyTypeOrBuilder> + getEllipticCurveFieldBuilder() { + if (ellipticCurveBuilder_ == null) { + if (!(keyTypeCase_ == 2)) { + keyType_ = + com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType + .EcKeyType.getDefaultInstance(); + } + ellipticCurveBuilder_ = + new com.google.protobuf.SingleFieldBuilderV3< + com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType + .EcKeyType, + com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType + .EcKeyType.Builder, + com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType + .EcKeyTypeOrBuilder>( + (com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType + .EcKeyType) + keyType_, + getParentForChildren(), + isClean()); + keyType_ = null; + } + keyTypeCase_ = 2; + onChanged(); + ; + return ellipticCurveBuilder_; + } @java.lang.Override public final Builder setUnknownFields( diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCaPoolRequest.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCaPoolRequest.java index 5f7c9e97..b3f85fcd 100644 --- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCaPoolRequest.java +++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCaPoolRequest.java @@ -151,8 +151,7 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() { * * 
    * Required. The resource name of the location associated with the
-   * [CaPool][google.cloud.security.privateca.v1.CaPool], in the format
-   * `projects/*/locations/*`.
+   * [CaPool][google.cloud.security.privateca.v1.CaPool], in the format `projects/*/locations/*`.
    *
* * @@ -178,8 +177,7 @@ public java.lang.String getParent() { * * 
    * Required. The resource name of the location associated with the
-   * [CaPool][google.cloud.security.privateca.v1.CaPool], in the format
-   * `projects/*/locations/*`.
+   * [CaPool][google.cloud.security.privateca.v1.CaPool], in the format `projects/*/locations/*`.
    *
* * @@ -258,8 +256,7 @@ public com.google.protobuf.ByteString getCaPoolIdBytes() { * * * 
-   * Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with
-   * initial field values.
+   * Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with initial field values.
    *
* * @@ -276,8 +273,7 @@ public boolean hasCaPool() { * * * 
-   * Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with
-   * initial field values.
+   * Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with initial field values.
    *
* * @@ -296,8 +292,7 @@ public com.google.cloud.security.privateca.v1.CaPool getCaPool() { * * * 
-   * Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with
-   * initial field values.
+   * Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with initial field values.
    *
* * @@ -315,10 +310,10 @@ public com.google.cloud.security.privateca.v1.CaPoolOrBuilder getCaPoolOrBuilder * * * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
@@ -348,10 +343,10 @@ public java.lang.String getRequestId() {
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
@@ -764,8 +759,7 @@ public Builder mergeFrom(
      *
      * 
      * Required. The resource name of the location associated with the
-     * [CaPool][google.cloud.security.privateca.v1.CaPool], in the format
-     * `projects/*/locations/*`.
+     * [CaPool][google.cloud.security.privateca.v1.CaPool], in the format `projects/*/locations/*`.
      * 

      *
      * 
@@ -790,8 +784,7 @@ public java.lang.String getParent() {
      *
      * 
      * Required. The resource name of the location associated with the
-     * [CaPool][google.cloud.security.privateca.v1.CaPool], in the format
-     * `projects/*/locations/*`.
+     * [CaPool][google.cloud.security.privateca.v1.CaPool], in the format `projects/*/locations/*`.
      * 

      *
      * 
@@ -816,8 +809,7 @@ public com.google.protobuf.ByteString getParentBytes() {
      *
      * 
      * Required. The resource name of the location associated with the
-     * [CaPool][google.cloud.security.privateca.v1.CaPool], in the format
-     * `projects/*/locations/*`.
+     * [CaPool][google.cloud.security.privateca.v1.CaPool], in the format `projects/*/locations/*`.
      * 

      *
      * 
@@ -841,8 +833,7 @@ public Builder setParent(java.lang.String value) {
      *
      * 
      * Required. The resource name of the location associated with the
-     * [CaPool][google.cloud.security.privateca.v1.CaPool], in the format
-     * `projects/*/locations/*`.
+     * [CaPool][google.cloud.security.privateca.v1.CaPool], in the format `projects/*/locations/*`.
      * 

      *
      * 
@@ -862,8 +853,7 @@ public Builder clearParent() {
      *
      * 
      * Required. The resource name of the location associated with the
-     * [CaPool][google.cloud.security.privateca.v1.CaPool], in the format
-     * `projects/*/locations/*`.
+     * [CaPool][google.cloud.security.privateca.v1.CaPool], in the format `projects/*/locations/*`.
      * 

      *
      * 
@@ -1005,8 +995,7 @@ public Builder setCaPoolIdBytes(com.google.protobuf.ByteString value) {
      *
      *
      * 
-     * Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with
-     * initial field values.
+     * Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with initial field values.
      * 

      *
      * 
@@ -1022,8 +1011,7 @@ public boolean hasCaPool() {
      *
      *
      * 
-     * Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with
-     * initial field values.
+     * Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with initial field values.
      * 

      *
      * 
@@ -1045,8 +1033,7 @@ public com.google.cloud.security.privateca.v1.CaPool getCaPool() {
      *
      *
      * 
-     * Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with
-     * initial field values.
+     * Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with initial field values.
      * 

      *
      * 
@@ -1070,8 +1057,7 @@ public Builder setCaPool(com.google.cloud.security.privateca.v1.CaPool value) {
      *
      *
      * 
-     * Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with
-     * initial field values.
+     * Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with initial field values.
      * 

      *
      * 
@@ -1093,8 +1079,7 @@ public Builder setCaPool(
      *
      *
      * 
-     * Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with
-     * initial field values.
+     * Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with initial field values.
      * 

      *
      * 
@@ -1122,8 +1107,7 @@ public Builder mergeCaPool(com.google.cloud.security.privateca.v1.CaPool value)
      *
      *
      * 
-     * Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with
-     * initial field values.
+     * Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with initial field values.
      * 

      *
      * 
@@ -1145,8 +1129,7 @@ public Builder clearCaPool() {
      *
      *
      * 
-     * Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with
-     * initial field values.
+     * Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with initial field values.
      * 

      *
      * 
@@ -1162,8 +1145,7 @@ public com.google.cloud.security.privateca.v1.CaPool.Builder getCaPoolBuilder()
      *
      *
      * 
-     * Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with
-     * initial field values.
+     * Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with initial field values.
      * 

      *
      * 
@@ -1183,8 +1165,7 @@ public com.google.cloud.security.privateca.v1.CaPoolOrBuilder getCaPoolOrBuilder
      *
      *
      * 
-     * Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with
-     * initial field values.
+     * Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with initial field values.
      * 

      *
      * 
@@ -1213,10 +1194,10 @@ public com.google.cloud.security.privateca.v1.CaPoolOrBuilder getCaPoolOrBuilder
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -1245,10 +1226,10 @@ public java.lang.String getRequestId() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -1277,10 +1258,10 @@ public com.google.protobuf.ByteString getRequestIdBytes() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -1308,10 +1289,10 @@ public Builder setRequestId(java.lang.String value) {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -1335,10 +1316,10 @@ public Builder clearRequestId() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCaPoolRequestOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCaPoolRequestOrBuilder.java
index eaad9d83..9abe15b3 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCaPoolRequestOrBuilder.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCaPoolRequestOrBuilder.java
@@ -28,8 +28,7 @@ public interface CreateCaPoolRequestOrBuilder
    *
    * 
    * Required. The resource name of the location associated with the
-   * [CaPool][google.cloud.security.privateca.v1.CaPool], in the format
-   * `projects/*/locations/*`.
+   * [CaPool][google.cloud.security.privateca.v1.CaPool], in the format `projects/*/locations/*`.
    * 

    *
    * 
@@ -44,8 +43,7 @@ public interface CreateCaPoolRequestOrBuilder
    *
    * 
    * Required. The resource name of the location associated with the
-   * [CaPool][google.cloud.security.privateca.v1.CaPool], in the format
-   * `projects/*/locations/*`.
+   * [CaPool][google.cloud.security.privateca.v1.CaPool], in the format `projects/*/locations/*`.
    * 

    *
    * 
@@ -87,8 +85,7 @@ public interface CreateCaPoolRequestOrBuilder
    *
    *
    * 
-   * Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with
-   * initial field values.
+   * Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with initial field values.
    * 

    *
    * 
@@ -102,8 +99,7 @@ public interface CreateCaPoolRequestOrBuilder
    *
    *
    * 
-   * Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with
-   * initial field values.
+   * Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with initial field values.
    * 

    *
    * 
@@ -117,8 +113,7 @@ public interface CreateCaPoolRequestOrBuilder
    *
    *
    * 
-   * Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with
-   * initial field values.
+   * Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with initial field values.
    * 

    *
    * 
@@ -131,10 +126,10 @@ public interface CreateCaPoolRequestOrBuilder
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
@@ -153,10 +148,10 @@ public interface CreateCaPoolRequestOrBuilder
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCertificateAuthorityRequest.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCertificateAuthorityRequest.java
index 2236cfd9..f3396505 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCertificateAuthorityRequest.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCertificateAuthorityRequest.java
@@ -152,10 +152,9 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
    *
    *
    * 
-   * Required. The resource name of the
-   * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
-   * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
-   * in the format `projects/*/locations/*/caPools/*`.
+   * Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+   * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority], in the format
+   * `projects/*/locations/*/caPools/*`.
    * 

    *
    * 
@@ -180,10 +179,9 @@ public java.lang.String getParent() {
    *
    *
    * 
-   * Required. The resource name of the
-   * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
-   * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
-   * in the format `projects/*/locations/*/caPools/*`.
+   * Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+   * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority], in the format
+   * `projects/*/locations/*/caPools/*`.
    * 

    *
    * 
@@ -262,9 +260,7 @@ public com.google.protobuf.ByteString getCertificateAuthorityIdBytes() {
    *
    *
    * 
-   * Required. A
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-   * with initial field values.
+   * Required. A [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with initial field values.
    * 

    *
    * 
@@ -281,9 +277,7 @@ public boolean hasCertificateAuthority() {
    *
    *
    * 
-   * Required. A
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-   * with initial field values.
+   * Required. A [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with initial field values.
    * 

    *
    * 
@@ -302,9 +296,7 @@ public com.google.cloud.security.privateca.v1.CertificateAuthority getCertificat
    *
    *
    * 
-   * Required. A
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-   * with initial field values.
+   * Required. A [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with initial field values.
    * 

    *
    * 
@@ -323,10 +315,10 @@ public com.google.cloud.security.privateca.v1.CertificateAuthority getCertificat
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
@@ -356,10 +348,10 @@ public java.lang.String getRequestId() {
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
@@ -784,10 +776,9 @@ public Builder mergeFrom(
      *
      *
      * 
-     * Required. The resource name of the
-     * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
-     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
-     * in the format `projects/*/locations/*/caPools/*`.
+     * Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority], in the format
+     * `projects/*/locations/*/caPools/*`.
      * 

      *
      * 
@@ -811,10 +802,9 @@ public java.lang.String getParent() {
      *
      *
      * 
-     * Required. The resource name of the
-     * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
-     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
-     * in the format `projects/*/locations/*/caPools/*`.
+     * Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority], in the format
+     * `projects/*/locations/*/caPools/*`.
      * 

      *
      * 
@@ -838,10 +828,9 @@ public com.google.protobuf.ByteString getParentBytes() {
      *
      *
      * 
-     * Required. The resource name of the
-     * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
-     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
-     * in the format `projects/*/locations/*/caPools/*`.
+     * Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority], in the format
+     * `projects/*/locations/*/caPools/*`.
      * 

      *
      * 
@@ -864,10 +853,9 @@ public Builder setParent(java.lang.String value) {
      *
      *
      * 
-     * Required. The resource name of the
-     * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
-     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
-     * in the format `projects/*/locations/*/caPools/*`.
+     * Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority], in the format
+     * `projects/*/locations/*/caPools/*`.
      * 

      *
      * 
@@ -886,10 +874,9 @@ public Builder clearParent() {
      *
      *
      * 
-     * Required. The resource name of the
-     * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
-     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
-     * in the format `projects/*/locations/*/caPools/*`.
+     * Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority], in the format
+     * `projects/*/locations/*/caPools/*`.
      * 

      *
      * 
@@ -1031,9 +1018,7 @@ public Builder setCertificateAuthorityIdBytes(com.google.protobuf.ByteString val
      *
      *
      * 
-     * Required. A
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * with initial field values.
+     * Required. A [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with initial field values.
      * 

      *
      * 
@@ -1049,9 +1034,7 @@ public boolean hasCertificateAuthority() {
      *
      *
      * 
-     * Required. A
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * with initial field values.
+     * Required. A [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with initial field values.
      * 

      *
      * 
@@ -1073,9 +1056,7 @@ public com.google.cloud.security.privateca.v1.CertificateAuthority getCertificat
      *
      *
      * 
-     * Required. A
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * with initial field values.
+     * Required. A [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with initial field values.
      * 

      *
      * 
@@ -1100,9 +1081,7 @@ public Builder setCertificateAuthority(
      *
      *
      * 
-     * Required. A
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * with initial field values.
+     * Required. A [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with initial field values.
      * 

      *
      * 
@@ -1124,9 +1103,7 @@ public Builder setCertificateAuthority(
      *
      *
      * 
-     * Required. A
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * with initial field values.
+     * Required. A [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with initial field values.
      * 

      *
      * 
@@ -1156,9 +1133,7 @@ public Builder mergeCertificateAuthority(
      *
      *
      * 
-     * Required. A
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * with initial field values.
+     * Required. A [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with initial field values.
      * 

      *
      * 
@@ -1180,9 +1155,7 @@ public Builder clearCertificateAuthority() {
      *
      *
      * 
-     * Required. A
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * with initial field values.
+     * Required. A [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with initial field values.
      * 

      *
      * 
@@ -1199,9 +1172,7 @@ public Builder clearCertificateAuthority() {
      *
      *
      * 
-     * Required. A
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * with initial field values.
+     * Required. A [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with initial field values.
      * 

      *
      * 
@@ -1222,9 +1193,7 @@ public Builder clearCertificateAuthority() {
      *
      *
      * 
-     * Required. A
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * with initial field values.
+     * Required. A [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with initial field values.
      * 

      *
      * 
@@ -1253,10 +1222,10 @@ public Builder clearCertificateAuthority() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -1285,10 +1254,10 @@ public java.lang.String getRequestId() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -1317,10 +1286,10 @@ public com.google.protobuf.ByteString getRequestIdBytes() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -1348,10 +1317,10 @@ public Builder setRequestId(java.lang.String value) {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -1375,10 +1344,10 @@ public Builder clearRequestId() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCertificateAuthorityRequestOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCertificateAuthorityRequestOrBuilder.java
index 822bfe0c..a41b9602 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCertificateAuthorityRequestOrBuilder.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCertificateAuthorityRequestOrBuilder.java
@@ -27,10 +27,9 @@ public interface CreateCertificateAuthorityRequestOrBuilder
    *
    *
    * 
-   * Required. The resource name of the
-   * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
-   * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
-   * in the format `projects/*/locations/*/caPools/*`.
+   * Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+   * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority], in the format
+   * `projects/*/locations/*/caPools/*`.
    * 

    *
    * 
@@ -44,10 +43,9 @@ public interface CreateCertificateAuthorityRequestOrBuilder
    *
    *
    * 
-   * Required. The resource name of the
-   * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
-   * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
-   * in the format `projects/*/locations/*/caPools/*`.
+   * Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+   * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority], in the format
+   * `projects/*/locations/*/caPools/*`.
    * 

    *
    * 
@@ -89,9 +87,7 @@ public interface CreateCertificateAuthorityRequestOrBuilder
    *
    *
    * 
-   * Required. A
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-   * with initial field values.
+   * Required. A [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with initial field values.
    * 

    *
    * 
@@ -105,9 +101,7 @@ public interface CreateCertificateAuthorityRequestOrBuilder
    *
    *
    * 
-   * Required. A
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-   * with initial field values.
+   * Required. A [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with initial field values.
    * 

    *
    * 
@@ -121,9 +115,7 @@ public interface CreateCertificateAuthorityRequestOrBuilder
    *
    *
    * 
-   * Required. A
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-   * with initial field values.
+   * Required. A [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with initial field values.
    * 

    *
    * 
@@ -137,10 +129,10 @@ public interface CreateCertificateAuthorityRequestOrBuilder
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
@@ -159,10 +151,10 @@ public interface CreateCertificateAuthorityRequestOrBuilder
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCertificateRequest.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCertificateRequest.java
index 32e7dc73..ca7eca2b 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCertificateRequest.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCertificateRequest.java
@@ -22,8 +22,7 @@
  *
  *
  * 
- * Request message for
- * [CertificateAuthorityService.CreateCertificate][google.cloud.security.privateca.v1.CertificateAuthorityService.CreateCertificate].
+ * Request message for [CertificateAuthorityService.CreateCertificate][google.cloud.security.privateca.v1.CertificateAuthorityService.CreateCertificate].
  * 

  *
  * Protobuf type {@code google.cloud.security.privateca.v1.CreateCertificateRequest}
@@ -164,10 +163,8 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
    *
    *
    * 
-   * Required. The resource name of the
-   * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
-   * [Certificate][google.cloud.security.privateca.v1.Certificate], in the
-   * format `projects/*/locations/*/caPools/*`.
+   * Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the [Certificate][google.cloud.security.privateca.v1.Certificate],
+   * in the format `projects/*/locations/*/caPools/*`.
    * 

    *
    * 
@@ -192,10 +189,8 @@ public java.lang.String getParent() {
    *
    *
    * 
-   * Required. The resource name of the
-   * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
-   * [Certificate][google.cloud.security.privateca.v1.Certificate], in the
-   * format `projects/*/locations/*/caPools/*`.
+   * Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the [Certificate][google.cloud.security.privateca.v1.Certificate],
+   * in the format `projects/*/locations/*/caPools/*`.
    * 

    *
    * 
@@ -225,10 +220,8 @@ public com.google.protobuf.ByteString getParentBytes() {
    * 
    * Optional. It must be unique within a location and match the regular
    * expression `[a-zA-Z0-9_-]{1,63}`. This field is required when using a
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-   * in the Enterprise
-   * [CaPool.Tier][google.cloud.security.privateca.v1.CaPool.Tier], but is
-   * optional and its value is ignored otherwise.
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the Enterprise [CertificateAuthority.Tier][],
+   * but is optional and its value is ignored otherwise.
    * 

    *
    * string certificate_id = 2 [(.google.api.field_behavior) = OPTIONAL];
@@ -253,10 +246,8 @@ public java.lang.String getCertificateId() {
    * 
    * Optional. It must be unique within a location and match the regular
    * expression `[a-zA-Z0-9_-]{1,63}`. This field is required when using a
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-   * in the Enterprise
-   * [CaPool.Tier][google.cloud.security.privateca.v1.CaPool.Tier], but is
-   * optional and its value is ignored otherwise.
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the Enterprise [CertificateAuthority.Tier][],
+   * but is optional and its value is ignored otherwise.
    * 

    *
    * string certificate_id = 2 [(.google.api.field_behavior) = OPTIONAL];
@@ -282,8 +273,7 @@ public com.google.protobuf.ByteString getCertificateIdBytes() {
    *
    *
    * 
-   * Required. A [Certificate][google.cloud.security.privateca.v1.Certificate]
-   * with initial field values.
+   * Required. A [Certificate][google.cloud.security.privateca.v1.Certificate] with initial field values.
    * 

    *
    * 
@@ -300,8 +290,7 @@ public boolean hasCertificate() {
    *
    *
    * 
-   * Required. A [Certificate][google.cloud.security.privateca.v1.Certificate]
-   * with initial field values.
+   * Required. A [Certificate][google.cloud.security.privateca.v1.Certificate] with initial field values.
    * 

    *
    * 
@@ -320,8 +309,7 @@ public com.google.cloud.security.privateca.v1.Certificate getCertificate() {
    *
    *
    * 
-   * Required. A [Certificate][google.cloud.security.privateca.v1.Certificate]
-   * with initial field values.
+   * Required. A [Certificate][google.cloud.security.privateca.v1.Certificate] with initial field values.
    * 

    *
    * 
@@ -339,10 +327,10 @@ public com.google.cloud.security.privateca.v1.CertificateOrBuilder getCertificat
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
@@ -372,10 +360,10 @@ public java.lang.String getRequestId() {
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
@@ -408,15 +396,9 @@ public com.google.protobuf.ByteString getRequestIdBytes() {
    *
    *
    * 
-   * Optional. If this is true, no
-   * [Certificate][google.cloud.security.privateca.v1.Certificate] resource will
-   * be persisted regardless of the
-   * [CaPool][google.cloud.security.privateca.v1.CaPool]'s
-   * [tier][google.cloud.security.privateca.v1.CaPool.tier], and the returned
-   * [Certificate][google.cloud.security.privateca.v1.Certificate] will not
-   * contain the
-   * [pem_certificate][google.cloud.security.privateca.v1.Certificate.pem_certificate]
-   * field.
+   * Optional. If this is true, no [Certificate][google.cloud.security.privateca.v1.Certificate] resource will be persisted regardless
+   * of the [CaPool][google.cloud.security.privateca.v1.CaPool]'s [tier][google.cloud.security.privateca.v1.CaPool.tier], and the returned [Certificate][google.cloud.security.privateca.v1.Certificate]
+   * will not contain the [pem_certificate][google.cloud.security.privateca.v1.Certificate.pem_certificate] field.
    * 

    *
    * bool validate_only = 5 [(.google.api.field_behavior) = OPTIONAL];
@@ -434,24 +416,17 @@ public boolean getValidateOnly() {
    *
    *
    * 
-   * Optional. The resource ID of the
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-   * that should issue the certificate.  This optional field will ignore the
-   * load-balancing scheme of the Pool and directly issue the certificate from
-   * the CA with the specified ID, contained in the same
-   * [CaPool][google.cloud.security.privateca.v1.CaPool] referenced by `parent`.
-   * Per-CA quota rules apply. If left empty, a
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-   * will be chosen from the [CaPool][google.cloud.security.privateca.v1.CaPool]
-   * by the service. For example, to issue a
-   * [Certificate][google.cloud.security.privateca.v1.Certificate] from a
-   * Certificate Authority with resource name
+   * Optional. The resource ID of the [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that should issue the
+   * certificate.  This optional field will ignore the load-balancing scheme of
+   * the Pool and directly issue the certificate from the CA with the specified
+   * ID, contained in the same [CaPool][google.cloud.security.privateca.v1.CaPool] referenced by `parent`. Per-CA quota
+   * rules apply. If left empty, a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will be chosen from
+   * the [CaPool][google.cloud.security.privateca.v1.CaPool] by the service. For example, to issue a [Certificate][google.cloud.security.privateca.v1.Certificate] from
+   * a Certificate Authority with resource name
    * "projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca",
-   * you can set the
-   * [parent][google.cloud.security.privateca.v1.CreateCertificateRequest.parent]
-   * to "projects/my-project/locations/us-central1/caPools/my-pool" and the
-   * [issuing_certificate_authority_id][google.cloud.security.privateca.v1.CreateCertificateRequest.issuing_certificate_authority_id]
-   * to "my-ca".
+   * you can set the [parent][google.cloud.security.privateca.v1.CreateCertificateRequest.parent] to
+   * "projects/my-project/locations/us-central1/caPools/my-pool" and the
+   * [issuing_certificate_authority_id][google.cloud.security.privateca.v1.CreateCertificateRequest.issuing_certificate_authority_id] to "my-ca".
    * 

    *
    * string issuing_certificate_authority_id = 6 [(.google.api.field_behavior) = OPTIONAL];
@@ -475,24 +450,17 @@ public java.lang.String getIssuingCertificateAuthorityId() {
    *
    *
    * 
-   * Optional. The resource ID of the
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-   * that should issue the certificate.  This optional field will ignore the
-   * load-balancing scheme of the Pool and directly issue the certificate from
-   * the CA with the specified ID, contained in the same
-   * [CaPool][google.cloud.security.privateca.v1.CaPool] referenced by `parent`.
-   * Per-CA quota rules apply. If left empty, a
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-   * will be chosen from the [CaPool][google.cloud.security.privateca.v1.CaPool]
-   * by the service. For example, to issue a
-   * [Certificate][google.cloud.security.privateca.v1.Certificate] from a
-   * Certificate Authority with resource name
+   * Optional. The resource ID of the [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that should issue the
+   * certificate.  This optional field will ignore the load-balancing scheme of
+   * the Pool and directly issue the certificate from the CA with the specified
+   * ID, contained in the same [CaPool][google.cloud.security.privateca.v1.CaPool] referenced by `parent`. Per-CA quota
+   * rules apply. If left empty, a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will be chosen from
+   * the [CaPool][google.cloud.security.privateca.v1.CaPool] by the service. For example, to issue a [Certificate][google.cloud.security.privateca.v1.Certificate] from
+   * a Certificate Authority with resource name
    * "projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca",
-   * you can set the
-   * [parent][google.cloud.security.privateca.v1.CreateCertificateRequest.parent]
-   * to "projects/my-project/locations/us-central1/caPools/my-pool" and the
-   * [issuing_certificate_authority_id][google.cloud.security.privateca.v1.CreateCertificateRequest.issuing_certificate_authority_id]
-   * to "my-ca".
+   * you can set the [parent][google.cloud.security.privateca.v1.CreateCertificateRequest.parent] to
+   * "projects/my-project/locations/us-central1/caPools/my-pool" and the
+   * [issuing_certificate_authority_id][google.cloud.security.privateca.v1.CreateCertificateRequest.issuing_certificate_authority_id] to "my-ca".
    * 

    *
    * string issuing_certificate_authority_id = 6 [(.google.api.field_behavior) = OPTIONAL];
@@ -730,8 +698,7 @@ protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.Build
    *
    *
    * 
-   * Request message for
-   * [CertificateAuthorityService.CreateCertificate][google.cloud.security.privateca.v1.CertificateAuthorityService.CreateCertificate].
+   * Request message for [CertificateAuthorityService.CreateCertificate][google.cloud.security.privateca.v1.CertificateAuthorityService.CreateCertificate].
    * 

    *
    * Protobuf type {@code google.cloud.security.privateca.v1.CreateCertificateRequest}
@@ -936,10 +903,8 @@ public Builder mergeFrom(
      *
      *
      * 
-     * Required. The resource name of the
-     * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
-     * [Certificate][google.cloud.security.privateca.v1.Certificate], in the
-     * format `projects/*/locations/*/caPools/*`.
+     * Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the [Certificate][google.cloud.security.privateca.v1.Certificate],
+     * in the format `projects/*/locations/*/caPools/*`.
      * 

      *
      * 
@@ -963,10 +928,8 @@ public java.lang.String getParent() {
      *
      *
      * 
-     * Required. The resource name of the
-     * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
-     * [Certificate][google.cloud.security.privateca.v1.Certificate], in the
-     * format `projects/*/locations/*/caPools/*`.
+     * Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the [Certificate][google.cloud.security.privateca.v1.Certificate],
+     * in the format `projects/*/locations/*/caPools/*`.
      * 

      *
      * 
@@ -990,10 +953,8 @@ public com.google.protobuf.ByteString getParentBytes() {
      *
      *
      * 
-     * Required. The resource name of the
-     * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
-     * [Certificate][google.cloud.security.privateca.v1.Certificate], in the
-     * format `projects/*/locations/*/caPools/*`.
+     * Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the [Certificate][google.cloud.security.privateca.v1.Certificate],
+     * in the format `projects/*/locations/*/caPools/*`.
      * 

      *
      * 
@@ -1016,10 +977,8 @@ public Builder setParent(java.lang.String value) {
      *
      *
      * 
-     * Required. The resource name of the
-     * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
-     * [Certificate][google.cloud.security.privateca.v1.Certificate], in the
-     * format `projects/*/locations/*/caPools/*`.
+     * Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the [Certificate][google.cloud.security.privateca.v1.Certificate],
+     * in the format `projects/*/locations/*/caPools/*`.
      * 

      *
      * 
@@ -1038,10 +997,8 @@ public Builder clearParent() {
      *
      *
      * 
-     * Required. The resource name of the
-     * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
-     * [Certificate][google.cloud.security.privateca.v1.Certificate], in the
-     * format `projects/*/locations/*/caPools/*`.
+     * Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the [Certificate][google.cloud.security.privateca.v1.Certificate],
+     * in the format `projects/*/locations/*/caPools/*`.
      * 

      *
      * 
@@ -1069,10 +1026,8 @@ public Builder setParentBytes(com.google.protobuf.ByteString value) {
      * 
      * Optional. It must be unique within a location and match the regular
      * expression `[a-zA-Z0-9_-]{1,63}`. This field is required when using a
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * in the Enterprise
-     * [CaPool.Tier][google.cloud.security.privateca.v1.CaPool.Tier], but is
-     * optional and its value is ignored otherwise.
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the Enterprise [CertificateAuthority.Tier][],
+     * but is optional and its value is ignored otherwise.
      * 

      *
      * string certificate_id = 2 [(.google.api.field_behavior) = OPTIONAL];
@@ -1096,10 +1051,8 @@ public java.lang.String getCertificateId() {
      * 
      * Optional. It must be unique within a location and match the regular
      * expression `[a-zA-Z0-9_-]{1,63}`. This field is required when using a
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * in the Enterprise
-     * [CaPool.Tier][google.cloud.security.privateca.v1.CaPool.Tier], but is
-     * optional and its value is ignored otherwise.
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the Enterprise [CertificateAuthority.Tier][],
+     * but is optional and its value is ignored otherwise.
      * 

      *
      * string certificate_id = 2 [(.google.api.field_behavior) = OPTIONAL];
@@ -1123,10 +1076,8 @@ public com.google.protobuf.ByteString getCertificateIdBytes() {
      * 
      * Optional. It must be unique within a location and match the regular
      * expression `[a-zA-Z0-9_-]{1,63}`. This field is required when using a
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * in the Enterprise
-     * [CaPool.Tier][google.cloud.security.privateca.v1.CaPool.Tier], but is
-     * optional and its value is ignored otherwise.
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the Enterprise [CertificateAuthority.Tier][],
+     * but is optional and its value is ignored otherwise.
      * 

      *
      * string certificate_id = 2 [(.google.api.field_behavior) = OPTIONAL];
@@ -1149,10 +1100,8 @@ public Builder setCertificateId(java.lang.String value) {
      * 
      * Optional. It must be unique within a location and match the regular
      * expression `[a-zA-Z0-9_-]{1,63}`. This field is required when using a
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * in the Enterprise
-     * [CaPool.Tier][google.cloud.security.privateca.v1.CaPool.Tier], but is
-     * optional and its value is ignored otherwise.
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the Enterprise [CertificateAuthority.Tier][],
+     * but is optional and its value is ignored otherwise.
      * 

      *
      * string certificate_id = 2 [(.google.api.field_behavior) = OPTIONAL];
@@ -1171,10 +1120,8 @@ public Builder clearCertificateId() {
      * 
      * Optional. It must be unique within a location and match the regular
      * expression `[a-zA-Z0-9_-]{1,63}`. This field is required when using a
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * in the Enterprise
-     * [CaPool.Tier][google.cloud.security.privateca.v1.CaPool.Tier], but is
-     * optional and its value is ignored otherwise.
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the Enterprise [CertificateAuthority.Tier][],
+     * but is optional and its value is ignored otherwise.
      * 

      *
      * string certificate_id = 2 [(.google.api.field_behavior) = OPTIONAL];
@@ -1203,8 +1150,7 @@ public Builder setCertificateIdBytes(com.google.protobuf.ByteString value) {
      *
      *
      * 
-     * Required. A [Certificate][google.cloud.security.privateca.v1.Certificate]
-     * with initial field values.
+     * Required. A [Certificate][google.cloud.security.privateca.v1.Certificate] with initial field values.
      * 

      *
      * 
@@ -1220,8 +1166,7 @@ public boolean hasCertificate() {
      *
      *
      * 
-     * Required. A [Certificate][google.cloud.security.privateca.v1.Certificate]
-     * with initial field values.
+     * Required. A [Certificate][google.cloud.security.privateca.v1.Certificate] with initial field values.
      * 

      *
      * 
@@ -1243,8 +1188,7 @@ public com.google.cloud.security.privateca.v1.Certificate getCertificate() {
      *
      *
      * 
-     * Required. A [Certificate][google.cloud.security.privateca.v1.Certificate]
-     * with initial field values.
+     * Required. A [Certificate][google.cloud.security.privateca.v1.Certificate] with initial field values.
      * 

      *
      * 
@@ -1268,8 +1212,7 @@ public Builder setCertificate(com.google.cloud.security.privateca.v1.Certificate
      *
      *
      * 
-     * Required. A [Certificate][google.cloud.security.privateca.v1.Certificate]
-     * with initial field values.
+     * Required. A [Certificate][google.cloud.security.privateca.v1.Certificate] with initial field values.
      * 

      *
      * 
@@ -1291,8 +1234,7 @@ public Builder setCertificate(
      *
      *
      * 
-     * Required. A [Certificate][google.cloud.security.privateca.v1.Certificate]
-     * with initial field values.
+     * Required. A [Certificate][google.cloud.security.privateca.v1.Certificate] with initial field values.
      * 

      *
      * 
@@ -1320,8 +1262,7 @@ public Builder mergeCertificate(com.google.cloud.security.privateca.v1.Certifica
      *
      *
      * 
-     * Required. A [Certificate][google.cloud.security.privateca.v1.Certificate]
-     * with initial field values.
+     * Required. A [Certificate][google.cloud.security.privateca.v1.Certificate] with initial field values.
      * 

      *
      * 
@@ -1343,8 +1284,7 @@ public Builder clearCertificate() {
      *
      *
      * 
-     * Required. A [Certificate][google.cloud.security.privateca.v1.Certificate]
-     * with initial field values.
+     * Required. A [Certificate][google.cloud.security.privateca.v1.Certificate] with initial field values.
      * 

      *
      * 
@@ -1360,8 +1300,7 @@ public com.google.cloud.security.privateca.v1.Certificate.Builder getCertificate
      *
      *
      * 
-     * Required. A [Certificate][google.cloud.security.privateca.v1.Certificate]
-     * with initial field values.
+     * Required. A [Certificate][google.cloud.security.privateca.v1.Certificate] with initial field values.
      * 

      *
      * 
@@ -1381,8 +1320,7 @@ public com.google.cloud.security.privateca.v1.CertificateOrBuilder getCertificat
      *
      *
      * 
-     * Required. A [Certificate][google.cloud.security.privateca.v1.Certificate]
-     * with initial field values.
+     * Required. A [Certificate][google.cloud.security.privateca.v1.Certificate] with initial field values.
      * 

      *
      * 
@@ -1411,10 +1349,10 @@ public com.google.cloud.security.privateca.v1.CertificateOrBuilder getCertificat
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -1443,10 +1381,10 @@ public java.lang.String getRequestId() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -1475,10 +1413,10 @@ public com.google.protobuf.ByteString getRequestIdBytes() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -1506,10 +1444,10 @@ public Builder setRequestId(java.lang.String value) {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -1533,10 +1471,10 @@ public Builder clearRequestId() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -1567,15 +1505,9 @@ public Builder setRequestIdBytes(com.google.protobuf.ByteString value) {
      *
      *
      * 
-     * Optional. If this is true, no
-     * [Certificate][google.cloud.security.privateca.v1.Certificate] resource will
-     * be persisted regardless of the
-     * [CaPool][google.cloud.security.privateca.v1.CaPool]'s
-     * [tier][google.cloud.security.privateca.v1.CaPool.tier], and the returned
-     * [Certificate][google.cloud.security.privateca.v1.Certificate] will not
-     * contain the
-     * [pem_certificate][google.cloud.security.privateca.v1.Certificate.pem_certificate]
-     * field.
+     * Optional. If this is true, no [Certificate][google.cloud.security.privateca.v1.Certificate] resource will be persisted regardless
+     * of the [CaPool][google.cloud.security.privateca.v1.CaPool]'s [tier][google.cloud.security.privateca.v1.CaPool.tier], and the returned [Certificate][google.cloud.security.privateca.v1.Certificate]
+     * will not contain the [pem_certificate][google.cloud.security.privateca.v1.Certificate.pem_certificate] field.
      * 

      *
      * bool validate_only = 5 [(.google.api.field_behavior) = OPTIONAL];
@@ -1590,15 +1522,9 @@ public boolean getValidateOnly() {
      *
      *
      * 
-     * Optional. If this is true, no
-     * [Certificate][google.cloud.security.privateca.v1.Certificate] resource will
-     * be persisted regardless of the
-     * [CaPool][google.cloud.security.privateca.v1.CaPool]'s
-     * [tier][google.cloud.security.privateca.v1.CaPool.tier], and the returned
-     * [Certificate][google.cloud.security.privateca.v1.Certificate] will not
-     * contain the
-     * [pem_certificate][google.cloud.security.privateca.v1.Certificate.pem_certificate]
-     * field.
+     * Optional. If this is true, no [Certificate][google.cloud.security.privateca.v1.Certificate] resource will be persisted regardless
+     * of the [CaPool][google.cloud.security.privateca.v1.CaPool]'s [tier][google.cloud.security.privateca.v1.CaPool.tier], and the returned [Certificate][google.cloud.security.privateca.v1.Certificate]
+     * will not contain the [pem_certificate][google.cloud.security.privateca.v1.Certificate.pem_certificate] field.
      * 

      *
      * bool validate_only = 5 [(.google.api.field_behavior) = OPTIONAL];
@@ -1616,15 +1542,9 @@ public Builder setValidateOnly(boolean value) {
      *
      *
      * 
-     * Optional. If this is true, no
-     * [Certificate][google.cloud.security.privateca.v1.Certificate] resource will
-     * be persisted regardless of the
-     * [CaPool][google.cloud.security.privateca.v1.CaPool]'s
-     * [tier][google.cloud.security.privateca.v1.CaPool.tier], and the returned
-     * [Certificate][google.cloud.security.privateca.v1.Certificate] will not
-     * contain the
-     * [pem_certificate][google.cloud.security.privateca.v1.Certificate.pem_certificate]
-     * field.
+     * Optional. If this is true, no [Certificate][google.cloud.security.privateca.v1.Certificate] resource will be persisted regardless
+     * of the [CaPool][google.cloud.security.privateca.v1.CaPool]'s [tier][google.cloud.security.privateca.v1.CaPool.tier], and the returned [Certificate][google.cloud.security.privateca.v1.Certificate]
+     * will not contain the [pem_certificate][google.cloud.security.privateca.v1.Certificate.pem_certificate] field.
      * 

      *
      * bool validate_only = 5 [(.google.api.field_behavior) = OPTIONAL];
@@ -1643,24 +1563,17 @@ public Builder clearValidateOnly() {
      *
      *
      * 
-     * Optional. The resource ID of the
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * that should issue the certificate.  This optional field will ignore the
-     * load-balancing scheme of the Pool and directly issue the certificate from
-     * the CA with the specified ID, contained in the same
-     * [CaPool][google.cloud.security.privateca.v1.CaPool] referenced by `parent`.
-     * Per-CA quota rules apply. If left empty, a
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * will be chosen from the [CaPool][google.cloud.security.privateca.v1.CaPool]
-     * by the service. For example, to issue a
-     * [Certificate][google.cloud.security.privateca.v1.Certificate] from a
-     * Certificate Authority with resource name
+     * Optional. The resource ID of the [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that should issue the
+     * certificate.  This optional field will ignore the load-balancing scheme of
+     * the Pool and directly issue the certificate from the CA with the specified
+     * ID, contained in the same [CaPool][google.cloud.security.privateca.v1.CaPool] referenced by `parent`. Per-CA quota
+     * rules apply. If left empty, a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will be chosen from
+     * the [CaPool][google.cloud.security.privateca.v1.CaPool] by the service. For example, to issue a [Certificate][google.cloud.security.privateca.v1.Certificate] from
+     * a Certificate Authority with resource name
      * "projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca",
-     * you can set the
-     * [parent][google.cloud.security.privateca.v1.CreateCertificateRequest.parent]
-     * to "projects/my-project/locations/us-central1/caPools/my-pool" and the
-     * [issuing_certificate_authority_id][google.cloud.security.privateca.v1.CreateCertificateRequest.issuing_certificate_authority_id]
-     * to "my-ca".
+     * you can set the [parent][google.cloud.security.privateca.v1.CreateCertificateRequest.parent] to
+     * "projects/my-project/locations/us-central1/caPools/my-pool" and the
+     * [issuing_certificate_authority_id][google.cloud.security.privateca.v1.CreateCertificateRequest.issuing_certificate_authority_id] to "my-ca".
      * 

      *
      * string issuing_certificate_authority_id = 6 [(.google.api.field_behavior) = OPTIONAL];
@@ -1683,24 +1596,17 @@ public java.lang.String getIssuingCertificateAuthorityId() {
      *
      *
      * 
-     * Optional. The resource ID of the
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * that should issue the certificate.  This optional field will ignore the
-     * load-balancing scheme of the Pool and directly issue the certificate from
-     * the CA with the specified ID, contained in the same
-     * [CaPool][google.cloud.security.privateca.v1.CaPool] referenced by `parent`.
-     * Per-CA quota rules apply. If left empty, a
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * will be chosen from the [CaPool][google.cloud.security.privateca.v1.CaPool]
-     * by the service. For example, to issue a
-     * [Certificate][google.cloud.security.privateca.v1.Certificate] from a
-     * Certificate Authority with resource name
+     * Optional. The resource ID of the [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that should issue the
+     * certificate.  This optional field will ignore the load-balancing scheme of
+     * the Pool and directly issue the certificate from the CA with the specified
+     * ID, contained in the same [CaPool][google.cloud.security.privateca.v1.CaPool] referenced by `parent`. Per-CA quota
+     * rules apply. If left empty, a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will be chosen from
+     * the [CaPool][google.cloud.security.privateca.v1.CaPool] by the service. For example, to issue a [Certificate][google.cloud.security.privateca.v1.Certificate] from
+     * a Certificate Authority with resource name
      * "projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca",
-     * you can set the
-     * [parent][google.cloud.security.privateca.v1.CreateCertificateRequest.parent]
-     * to "projects/my-project/locations/us-central1/caPools/my-pool" and the
-     * [issuing_certificate_authority_id][google.cloud.security.privateca.v1.CreateCertificateRequest.issuing_certificate_authority_id]
-     * to "my-ca".
+     * you can set the [parent][google.cloud.security.privateca.v1.CreateCertificateRequest.parent] to
+     * "projects/my-project/locations/us-central1/caPools/my-pool" and the
+     * [issuing_certificate_authority_id][google.cloud.security.privateca.v1.CreateCertificateRequest.issuing_certificate_authority_id] to "my-ca".
      * 

      *
      * string issuing_certificate_authority_id = 6 [(.google.api.field_behavior) = OPTIONAL];
@@ -1723,24 +1629,17 @@ public com.google.protobuf.ByteString getIssuingCertificateAuthorityIdBytes() {
      *
      *
      * 
-     * Optional. The resource ID of the
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * that should issue the certificate.  This optional field will ignore the
-     * load-balancing scheme of the Pool and directly issue the certificate from
-     * the CA with the specified ID, contained in the same
-     * [CaPool][google.cloud.security.privateca.v1.CaPool] referenced by `parent`.
-     * Per-CA quota rules apply. If left empty, a
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * will be chosen from the [CaPool][google.cloud.security.privateca.v1.CaPool]
-     * by the service. For example, to issue a
-     * [Certificate][google.cloud.security.privateca.v1.Certificate] from a
-     * Certificate Authority with resource name
+     * Optional. The resource ID of the [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that should issue the
+     * certificate.  This optional field will ignore the load-balancing scheme of
+     * the Pool and directly issue the certificate from the CA with the specified
+     * ID, contained in the same [CaPool][google.cloud.security.privateca.v1.CaPool] referenced by `parent`. Per-CA quota
+     * rules apply. If left empty, a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will be chosen from
+     * the [CaPool][google.cloud.security.privateca.v1.CaPool] by the service. For example, to issue a [Certificate][google.cloud.security.privateca.v1.Certificate] from
+     * a Certificate Authority with resource name
      * "projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca",
-     * you can set the
-     * [parent][google.cloud.security.privateca.v1.CreateCertificateRequest.parent]
-     * to "projects/my-project/locations/us-central1/caPools/my-pool" and the
-     * [issuing_certificate_authority_id][google.cloud.security.privateca.v1.CreateCertificateRequest.issuing_certificate_authority_id]
-     * to "my-ca".
+     * you can set the [parent][google.cloud.security.privateca.v1.CreateCertificateRequest.parent] to
+     * "projects/my-project/locations/us-central1/caPools/my-pool" and the
+     * [issuing_certificate_authority_id][google.cloud.security.privateca.v1.CreateCertificateRequest.issuing_certificate_authority_id] to "my-ca".
      * 

      *
      * string issuing_certificate_authority_id = 6 [(.google.api.field_behavior) = OPTIONAL];
@@ -1762,24 +1661,17 @@ public Builder setIssuingCertificateAuthorityId(java.lang.String value) {
      *
      *
      * 
-     * Optional. The resource ID of the
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * that should issue the certificate.  This optional field will ignore the
-     * load-balancing scheme of the Pool and directly issue the certificate from
-     * the CA with the specified ID, contained in the same
-     * [CaPool][google.cloud.security.privateca.v1.CaPool] referenced by `parent`.
-     * Per-CA quota rules apply. If left empty, a
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * will be chosen from the [CaPool][google.cloud.security.privateca.v1.CaPool]
-     * by the service. For example, to issue a
-     * [Certificate][google.cloud.security.privateca.v1.Certificate] from a
-     * Certificate Authority with resource name
+     * Optional. The resource ID of the [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that should issue the
+     * certificate.  This optional field will ignore the load-balancing scheme of
+     * the Pool and directly issue the certificate from the CA with the specified
+     * ID, contained in the same [CaPool][google.cloud.security.privateca.v1.CaPool] referenced by `parent`. Per-CA quota
+     * rules apply. If left empty, a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will be chosen from
+     * the [CaPool][google.cloud.security.privateca.v1.CaPool] by the service. For example, to issue a [Certificate][google.cloud.security.privateca.v1.Certificate] from
+     * a Certificate Authority with resource name
      * "projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca",
-     * you can set the
-     * [parent][google.cloud.security.privateca.v1.CreateCertificateRequest.parent]
-     * to "projects/my-project/locations/us-central1/caPools/my-pool" and the
-     * [issuing_certificate_authority_id][google.cloud.security.privateca.v1.CreateCertificateRequest.issuing_certificate_authority_id]
-     * to "my-ca".
+     * you can set the [parent][google.cloud.security.privateca.v1.CreateCertificateRequest.parent] to
+     * "projects/my-project/locations/us-central1/caPools/my-pool" and the
+     * [issuing_certificate_authority_id][google.cloud.security.privateca.v1.CreateCertificateRequest.issuing_certificate_authority_id] to "my-ca".
      * 

      *
      * string issuing_certificate_authority_id = 6 [(.google.api.field_behavior) = OPTIONAL];
@@ -1797,24 +1689,17 @@ public Builder clearIssuingCertificateAuthorityId() {
      *
      *
      * 
-     * Optional. The resource ID of the
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * that should issue the certificate.  This optional field will ignore the
-     * load-balancing scheme of the Pool and directly issue the certificate from
-     * the CA with the specified ID, contained in the same
-     * [CaPool][google.cloud.security.privateca.v1.CaPool] referenced by `parent`.
-     * Per-CA quota rules apply. If left empty, a
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * will be chosen from the [CaPool][google.cloud.security.privateca.v1.CaPool]
-     * by the service. For example, to issue a
-     * [Certificate][google.cloud.security.privateca.v1.Certificate] from a
-     * Certificate Authority with resource name
+     * Optional. The resource ID of the [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that should issue the
+     * certificate.  This optional field will ignore the load-balancing scheme of
+     * the Pool and directly issue the certificate from the CA with the specified
+     * ID, contained in the same [CaPool][google.cloud.security.privateca.v1.CaPool] referenced by `parent`. Per-CA quota
+     * rules apply. If left empty, a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will be chosen from
+     * the [CaPool][google.cloud.security.privateca.v1.CaPool] by the service. For example, to issue a [Certificate][google.cloud.security.privateca.v1.Certificate] from
+     * a Certificate Authority with resource name
      * "projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca",
-     * you can set the
-     * [parent][google.cloud.security.privateca.v1.CreateCertificateRequest.parent]
-     * to "projects/my-project/locations/us-central1/caPools/my-pool" and the
-     * [issuing_certificate_authority_id][google.cloud.security.privateca.v1.CreateCertificateRequest.issuing_certificate_authority_id]
-     * to "my-ca".
+     * you can set the [parent][google.cloud.security.privateca.v1.CreateCertificateRequest.parent] to
+     * "projects/my-project/locations/us-central1/caPools/my-pool" and the
+     * [issuing_certificate_authority_id][google.cloud.security.privateca.v1.CreateCertificateRequest.issuing_certificate_authority_id] to "my-ca".
      * 

      *
      * string issuing_certificate_authority_id = 6 [(.google.api.field_behavior) = OPTIONAL];
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCertificateRequestOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCertificateRequestOrBuilder.java
index 759ac96c..27440c2a 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCertificateRequestOrBuilder.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCertificateRequestOrBuilder.java
@@ -27,10 +27,8 @@ public interface CreateCertificateRequestOrBuilder
    *
    *
    * 
-   * Required. The resource name of the
-   * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
-   * [Certificate][google.cloud.security.privateca.v1.Certificate], in the
-   * format `projects/*/locations/*/caPools/*`.
+   * Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the [Certificate][google.cloud.security.privateca.v1.Certificate],
+   * in the format `projects/*/locations/*/caPools/*`.
    * 

    *
    * 
@@ -44,10 +42,8 @@ public interface CreateCertificateRequestOrBuilder
    *
    *
    * 
-   * Required. The resource name of the
-   * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
-   * [Certificate][google.cloud.security.privateca.v1.Certificate], in the
-   * format `projects/*/locations/*/caPools/*`.
+   * Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the [Certificate][google.cloud.security.privateca.v1.Certificate],
+   * in the format `projects/*/locations/*/caPools/*`.
    * 

    *
    * 
@@ -64,10 +60,8 @@ public interface CreateCertificateRequestOrBuilder
    * 
    * Optional. It must be unique within a location and match the regular
    * expression `[a-zA-Z0-9_-]{1,63}`. This field is required when using a
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-   * in the Enterprise
-   * [CaPool.Tier][google.cloud.security.privateca.v1.CaPool.Tier], but is
-   * optional and its value is ignored otherwise.
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the Enterprise [CertificateAuthority.Tier][],
+   * but is optional and its value is ignored otherwise.
    * 

    *
    * string certificate_id = 2 [(.google.api.field_behavior) = OPTIONAL];
@@ -81,10 +75,8 @@ public interface CreateCertificateRequestOrBuilder
    * 
    * Optional. It must be unique within a location and match the regular
    * expression `[a-zA-Z0-9_-]{1,63}`. This field is required when using a
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-   * in the Enterprise
-   * [CaPool.Tier][google.cloud.security.privateca.v1.CaPool.Tier], but is
-   * optional and its value is ignored otherwise.
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the Enterprise [CertificateAuthority.Tier][],
+   * but is optional and its value is ignored otherwise.
    * 

    *
    * string certificate_id = 2 [(.google.api.field_behavior) = OPTIONAL];
@@ -97,8 +89,7 @@ public interface CreateCertificateRequestOrBuilder
    *
    *
    * 
-   * Required. A [Certificate][google.cloud.security.privateca.v1.Certificate]
-   * with initial field values.
+   * Required. A [Certificate][google.cloud.security.privateca.v1.Certificate] with initial field values.
    * 

    *
    * 
@@ -112,8 +103,7 @@ public interface CreateCertificateRequestOrBuilder
    *
    *
    * 
-   * Required. A [Certificate][google.cloud.security.privateca.v1.Certificate]
-   * with initial field values.
+   * Required. A [Certificate][google.cloud.security.privateca.v1.Certificate] with initial field values.
    * 

    *
    * 
@@ -127,8 +117,7 @@ public interface CreateCertificateRequestOrBuilder
    *
    *
    * 
-   * Required. A [Certificate][google.cloud.security.privateca.v1.Certificate]
-   * with initial field values.
+   * Required. A [Certificate][google.cloud.security.privateca.v1.Certificate] with initial field values.
    * 

    *
    * 
@@ -141,10 +130,10 @@ public interface CreateCertificateRequestOrBuilder
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
@@ -163,10 +152,10 @@ public interface CreateCertificateRequestOrBuilder
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
@@ -186,15 +175,9 @@ public interface CreateCertificateRequestOrBuilder
    *
    *
    * 
-   * Optional. If this is true, no
-   * [Certificate][google.cloud.security.privateca.v1.Certificate] resource will
-   * be persisted regardless of the
-   * [CaPool][google.cloud.security.privateca.v1.CaPool]'s
-   * [tier][google.cloud.security.privateca.v1.CaPool.tier], and the returned
-   * [Certificate][google.cloud.security.privateca.v1.Certificate] will not
-   * contain the
-   * [pem_certificate][google.cloud.security.privateca.v1.Certificate.pem_certificate]
-   * field.
+   * Optional. If this is true, no [Certificate][google.cloud.security.privateca.v1.Certificate] resource will be persisted regardless
+   * of the [CaPool][google.cloud.security.privateca.v1.CaPool]'s [tier][google.cloud.security.privateca.v1.CaPool.tier], and the returned [Certificate][google.cloud.security.privateca.v1.Certificate]
+   * will not contain the [pem_certificate][google.cloud.security.privateca.v1.Certificate.pem_certificate] field.
    * 

    *
    * bool validate_only = 5 [(.google.api.field_behavior) = OPTIONAL];
@@ -207,24 +190,17 @@ public interface CreateCertificateRequestOrBuilder
    *
    *
    * 
-   * Optional. The resource ID of the
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-   * that should issue the certificate.  This optional field will ignore the
-   * load-balancing scheme of the Pool and directly issue the certificate from
-   * the CA with the specified ID, contained in the same
-   * [CaPool][google.cloud.security.privateca.v1.CaPool] referenced by `parent`.
-   * Per-CA quota rules apply. If left empty, a
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-   * will be chosen from the [CaPool][google.cloud.security.privateca.v1.CaPool]
-   * by the service. For example, to issue a
-   * [Certificate][google.cloud.security.privateca.v1.Certificate] from a
-   * Certificate Authority with resource name
+   * Optional. The resource ID of the [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that should issue the
+   * certificate.  This optional field will ignore the load-balancing scheme of
+   * the Pool and directly issue the certificate from the CA with the specified
+   * ID, contained in the same [CaPool][google.cloud.security.privateca.v1.CaPool] referenced by `parent`. Per-CA quota
+   * rules apply. If left empty, a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will be chosen from
+   * the [CaPool][google.cloud.security.privateca.v1.CaPool] by the service. For example, to issue a [Certificate][google.cloud.security.privateca.v1.Certificate] from
+   * a Certificate Authority with resource name
    * "projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca",
-   * you can set the
-   * [parent][google.cloud.security.privateca.v1.CreateCertificateRequest.parent]
-   * to "projects/my-project/locations/us-central1/caPools/my-pool" and the
-   * [issuing_certificate_authority_id][google.cloud.security.privateca.v1.CreateCertificateRequest.issuing_certificate_authority_id]
-   * to "my-ca".
+   * you can set the [parent][google.cloud.security.privateca.v1.CreateCertificateRequest.parent] to
+   * "projects/my-project/locations/us-central1/caPools/my-pool" and the
+   * [issuing_certificate_authority_id][google.cloud.security.privateca.v1.CreateCertificateRequest.issuing_certificate_authority_id] to "my-ca".
    * 

    *
    * string issuing_certificate_authority_id = 6 [(.google.api.field_behavior) = OPTIONAL];
@@ -237,24 +213,17 @@ public interface CreateCertificateRequestOrBuilder
    *
    *
    * 
-   * Optional. The resource ID of the
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-   * that should issue the certificate.  This optional field will ignore the
-   * load-balancing scheme of the Pool and directly issue the certificate from
-   * the CA with the specified ID, contained in the same
-   * [CaPool][google.cloud.security.privateca.v1.CaPool] referenced by `parent`.
-   * Per-CA quota rules apply. If left empty, a
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-   * will be chosen from the [CaPool][google.cloud.security.privateca.v1.CaPool]
-   * by the service. For example, to issue a
-   * [Certificate][google.cloud.security.privateca.v1.Certificate] from a
-   * Certificate Authority with resource name
+   * Optional. The resource ID of the [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that should issue the
+   * certificate.  This optional field will ignore the load-balancing scheme of
+   * the Pool and directly issue the certificate from the CA with the specified
+   * ID, contained in the same [CaPool][google.cloud.security.privateca.v1.CaPool] referenced by `parent`. Per-CA quota
+   * rules apply. If left empty, a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will be chosen from
+   * the [CaPool][google.cloud.security.privateca.v1.CaPool] by the service. For example, to issue a [Certificate][google.cloud.security.privateca.v1.Certificate] from
+   * a Certificate Authority with resource name
    * "projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca",
-   * you can set the
-   * [parent][google.cloud.security.privateca.v1.CreateCertificateRequest.parent]
-   * to "projects/my-project/locations/us-central1/caPools/my-pool" and the
-   * [issuing_certificate_authority_id][google.cloud.security.privateca.v1.CreateCertificateRequest.issuing_certificate_authority_id]
-   * to "my-ca".
+   * you can set the [parent][google.cloud.security.privateca.v1.CreateCertificateRequest.parent] to
+   * "projects/my-project/locations/us-central1/caPools/my-pool" and the
+   * [issuing_certificate_authority_id][google.cloud.security.privateca.v1.CreateCertificateRequest.issuing_certificate_authority_id] to "my-ca".
    * 

    *
    * string issuing_certificate_authority_id = 6 [(.google.api.field_behavior) = OPTIONAL];
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCertificateTemplateRequest.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCertificateTemplateRequest.java
index 84bf6f3f..3df030e2 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCertificateTemplateRequest.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCertificateTemplateRequest.java
@@ -153,8 +153,8 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
    *
    * 
    * Required. The resource name of the location associated with the
-   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate],
-   * in the format `projects/*/locations/*`.
+   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate], in the format
+   * `projects/*/locations/*`.
    * 

    *
    * 
@@ -180,8 +180,8 @@ public java.lang.String getParent() {
    *
    * 
    * Required. The resource name of the location associated with the
-   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate],
-   * in the format `projects/*/locations/*`.
+   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate], in the format
+   * `projects/*/locations/*`.
    * 

    *
    * 
@@ -260,9 +260,7 @@ public com.google.protobuf.ByteString getCertificateTemplateIdBytes() {
    *
    *
    * 
-   * Required. A
-   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
-   * with initial field values.
+   * Required. A [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with initial field values.
    * 

    *
    * 
@@ -279,9 +277,7 @@ public boolean hasCertificateTemplate() {
    *
    *
    * 
-   * Required. A
-   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
-   * with initial field values.
+   * Required. A [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with initial field values.
    * 

    *
    * 
@@ -300,9 +296,7 @@ public com.google.cloud.security.privateca.v1.CertificateTemplate getCertificate
    *
    *
    * 
-   * Required. A
-   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
-   * with initial field values.
+   * Required. A [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with initial field values.
    * 

    *
    * 
@@ -321,10 +315,10 @@ public com.google.cloud.security.privateca.v1.CertificateTemplate getCertificate
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
@@ -354,10 +348,10 @@ public java.lang.String getRequestId() {
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
@@ -781,8 +775,8 @@ public Builder mergeFrom(
      *
      * 
      * Required. The resource name of the location associated with the
-     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate],
-     * in the format `projects/*/locations/*`.
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate], in the format
+     * `projects/*/locations/*`.
      * 

      *
      * 
@@ -807,8 +801,8 @@ public java.lang.String getParent() {
      *
      * 
      * Required. The resource name of the location associated with the
-     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate],
-     * in the format `projects/*/locations/*`.
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate], in the format
+     * `projects/*/locations/*`.
      * 

      *
      * 
@@ -833,8 +827,8 @@ public com.google.protobuf.ByteString getParentBytes() {
      *
      * 
      * Required. The resource name of the location associated with the
-     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate],
-     * in the format `projects/*/locations/*`.
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate], in the format
+     * `projects/*/locations/*`.
      * 

      *
      * 
@@ -858,8 +852,8 @@ public Builder setParent(java.lang.String value) {
      *
      * 
      * Required. The resource name of the location associated with the
-     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate],
-     * in the format `projects/*/locations/*`.
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate], in the format
+     * `projects/*/locations/*`.
      * 

      *
      * 
@@ -879,8 +873,8 @@ public Builder clearParent() {
      *
      * 
      * Required. The resource name of the location associated with the
-     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate],
-     * in the format `projects/*/locations/*`.
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate], in the format
+     * `projects/*/locations/*`.
      * 

      *
      * 
@@ -1022,9 +1016,7 @@ public Builder setCertificateTemplateIdBytes(com.google.protobuf.ByteString valu
      *
      *
      * 
-     * Required. A
-     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
-     * with initial field values.
+     * Required. A [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with initial field values.
      * 

      *
      * 
@@ -1040,9 +1032,7 @@ public boolean hasCertificateTemplate() {
      *
      *
      * 
-     * Required. A
-     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
-     * with initial field values.
+     * Required. A [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with initial field values.
      * 

      *
      * 
@@ -1064,9 +1054,7 @@ public com.google.cloud.security.privateca.v1.CertificateTemplate getCertificate
      *
      *
      * 
-     * Required. A
-     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
-     * with initial field values.
+     * Required. A [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with initial field values.
      * 

      *
      * 
@@ -1091,9 +1079,7 @@ public Builder setCertificateTemplate(
      *
      *
      * 
-     * Required. A
-     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
-     * with initial field values.
+     * Required. A [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with initial field values.
      * 

      *
      * 
@@ -1115,9 +1101,7 @@ public Builder setCertificateTemplate(
      *
      *
      * 
-     * Required. A
-     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
-     * with initial field values.
+     * Required. A [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with initial field values.
      * 

      *
      * 
@@ -1147,9 +1131,7 @@ public Builder mergeCertificateTemplate(
      *
      *
      * 
-     * Required. A
-     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
-     * with initial field values.
+     * Required. A [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with initial field values.
      * 

      *
      * 
@@ -1171,9 +1153,7 @@ public Builder clearCertificateTemplate() {
      *
      *
      * 
-     * Required. A
-     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
-     * with initial field values.
+     * Required. A [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with initial field values.
      * 

      *
      * 
@@ -1190,9 +1170,7 @@ public Builder clearCertificateTemplate() {
      *
      *
      * 
-     * Required. A
-     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
-     * with initial field values.
+     * Required. A [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with initial field values.
      * 

      *
      * 
@@ -1213,9 +1191,7 @@ public Builder clearCertificateTemplate() {
      *
      *
      * 
-     * Required. A
-     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
-     * with initial field values.
+     * Required. A [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with initial field values.
      * 

      *
      * 
@@ -1244,10 +1220,10 @@ public Builder clearCertificateTemplate() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -1276,10 +1252,10 @@ public java.lang.String getRequestId() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -1308,10 +1284,10 @@ public com.google.protobuf.ByteString getRequestIdBytes() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -1339,10 +1315,10 @@ public Builder setRequestId(java.lang.String value) {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -1366,10 +1342,10 @@ public Builder clearRequestId() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCertificateTemplateRequestOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCertificateTemplateRequestOrBuilder.java
index a4d1a643..e2b08066 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCertificateTemplateRequestOrBuilder.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCertificateTemplateRequestOrBuilder.java
@@ -28,8 +28,8 @@ public interface CreateCertificateTemplateRequestOrBuilder
    *
    * 
    * Required. The resource name of the location associated with the
-   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate],
-   * in the format `projects/*/locations/*`.
+   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate], in the format
+   * `projects/*/locations/*`.
    * 

    *
    * 
@@ -44,8 +44,8 @@ public interface CreateCertificateTemplateRequestOrBuilder
    *
    * 
    * Required. The resource name of the location associated with the
-   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate],
-   * in the format `projects/*/locations/*`.
+   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate], in the format
+   * `projects/*/locations/*`.
    * 

    *
    * 
@@ -87,9 +87,7 @@ public interface CreateCertificateTemplateRequestOrBuilder
    *
    *
    * 
-   * Required. A
-   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
-   * with initial field values.
+   * Required. A [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with initial field values.
    * 

    *
    * 
@@ -103,9 +101,7 @@ public interface CreateCertificateTemplateRequestOrBuilder
    *
    *
    * 
-   * Required. A
-   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
-   * with initial field values.
+   * Required. A [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with initial field values.
    * 

    *
    * 
@@ -119,9 +115,7 @@ public interface CreateCertificateTemplateRequestOrBuilder
    *
    *
    * 
-   * Required. A
-   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
-   * with initial field values.
+   * Required. A [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with initial field values.
    * 

    *
    * 
@@ -135,10 +129,10 @@ public interface CreateCertificateTemplateRequestOrBuilder
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
@@ -157,10 +151,10 @@ public interface CreateCertificateTemplateRequestOrBuilder
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/DeleteCaPoolRequest.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/DeleteCaPoolRequest.java
index d089abb4..f0fcfdfd 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/DeleteCaPoolRequest.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/DeleteCaPoolRequest.java
@@ -126,9 +126,8 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
    *
    *
    * 
-   * Required. The resource name for this
-   * [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
-   * `projects/*/locations/*/caPools/*`.
+   * Required. The resource name for this [CaPool][google.cloud.security.privateca.v1.CaPool] in the
+   * format `projects/*/locations/*/caPools/*`.
    * 

    *
    * 
@@ -153,9 +152,8 @@ public java.lang.String getName() {
    *
    *
    * 
-   * Required. The resource name for this
-   * [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
-   * `projects/*/locations/*/caPools/*`.
+   * Required. The resource name for this [CaPool][google.cloud.security.privateca.v1.CaPool] in the
+   * format `projects/*/locations/*/caPools/*`.
    * 

    *
    * 
@@ -183,10 +181,10 @@ public com.google.protobuf.ByteString getNameBytes() {
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
@@ -216,10 +214,10 @@ public java.lang.String getRequestId() {
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
@@ -587,9 +585,8 @@ public Builder mergeFrom(
      *
      *
      * 
-     * Required. The resource name for this
-     * [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
-     * `projects/*/locations/*/caPools/*`.
+     * Required. The resource name for this [CaPool][google.cloud.security.privateca.v1.CaPool] in the
+     * format `projects/*/locations/*/caPools/*`.
      * 

      *
      * 
@@ -613,9 +610,8 @@ public java.lang.String getName() {
      *
      *
      * 
-     * Required. The resource name for this
-     * [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
-     * `projects/*/locations/*/caPools/*`.
+     * Required. The resource name for this [CaPool][google.cloud.security.privateca.v1.CaPool] in the
+     * format `projects/*/locations/*/caPools/*`.
      * 

      *
      * 
@@ -639,9 +635,8 @@ public com.google.protobuf.ByteString getNameBytes() {
      *
      *
      * 
-     * Required. The resource name for this
-     * [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
-     * `projects/*/locations/*/caPools/*`.
+     * Required. The resource name for this [CaPool][google.cloud.security.privateca.v1.CaPool] in the
+     * format `projects/*/locations/*/caPools/*`.
      * 

      *
      * 
@@ -664,9 +659,8 @@ public Builder setName(java.lang.String value) {
      *
      *
      * 
-     * Required. The resource name for this
-     * [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
-     * `projects/*/locations/*/caPools/*`.
+     * Required. The resource name for this [CaPool][google.cloud.security.privateca.v1.CaPool] in the
+     * format `projects/*/locations/*/caPools/*`.
      * 

      *
      * 
@@ -685,9 +679,8 @@ public Builder clearName() {
      *
      *
      * 
-     * Required. The resource name for this
-     * [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
-     * `projects/*/locations/*/caPools/*`.
+     * Required. The resource name for this [CaPool][google.cloud.security.privateca.v1.CaPool] in the
+     * format `projects/*/locations/*/caPools/*`.
      * 

      *
      * 
@@ -713,10 +706,10 @@ public Builder setNameBytes(com.google.protobuf.ByteString value) {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -745,10 +738,10 @@ public java.lang.String getRequestId() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -777,10 +770,10 @@ public com.google.protobuf.ByteString getRequestIdBytes() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -808,10 +801,10 @@ public Builder setRequestId(java.lang.String value) {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -835,10 +828,10 @@ public Builder clearRequestId() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/DeleteCaPoolRequestOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/DeleteCaPoolRequestOrBuilder.java
index 6157b837..3b956b0d 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/DeleteCaPoolRequestOrBuilder.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/DeleteCaPoolRequestOrBuilder.java
@@ -27,9 +27,8 @@ public interface DeleteCaPoolRequestOrBuilder
    *
    *
    * 
-   * Required. The resource name for this
-   * [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
-   * `projects/*/locations/*/caPools/*`.
+   * Required. The resource name for this [CaPool][google.cloud.security.privateca.v1.CaPool] in the
+   * format `projects/*/locations/*/caPools/*`.
    * 

    *
    * 
@@ -43,9 +42,8 @@ public interface DeleteCaPoolRequestOrBuilder
    *
    *
    * 
-   * Required. The resource name for this
-   * [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
-   * `projects/*/locations/*/caPools/*`.
+   * Required. The resource name for this [CaPool][google.cloud.security.privateca.v1.CaPool] in the
+   * format `projects/*/locations/*/caPools/*`.
    * 

    *
    * 
@@ -60,10 +58,10 @@ public interface DeleteCaPoolRequestOrBuilder
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
@@ -82,10 +80,10 @@ public interface DeleteCaPoolRequestOrBuilder
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/DeleteCertificateAuthorityRequest.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/DeleteCertificateAuthorityRequest.java
index 1f0ff7c8..30735a5d 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/DeleteCertificateAuthorityRequest.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/DeleteCertificateAuthorityRequest.java
@@ -132,9 +132,8 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
    *
    *
    * 
-   * Required. The resource name for this
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-   * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+   * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+   * format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
    * 

    *
    * 
@@ -159,9 +158,8 @@ public java.lang.String getName() {
    *
    *
    * 
-   * Required. The resource name for this
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-   * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+   * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+   * format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
    * 

    *
    * 
@@ -189,10 +187,10 @@ public com.google.protobuf.ByteString getNameBytes() {
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
@@ -222,10 +220,10 @@ public java.lang.String getRequestId() {
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
@@ -639,9 +637,8 @@ public Builder mergeFrom(
      *
      *
      * 
-     * Required. The resource name for this
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+     * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+     * format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
      * 

      *
      * 
@@ -665,9 +662,8 @@ public java.lang.String getName() {
      *
      *
      * 
-     * Required. The resource name for this
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+     * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+     * format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
      * 

      *
      * 
@@ -691,9 +687,8 @@ public com.google.protobuf.ByteString getNameBytes() {
      *
      *
      * 
-     * Required. The resource name for this
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+     * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+     * format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
      * 

      *
      * 
@@ -716,9 +711,8 @@ public Builder setName(java.lang.String value) {
      *
      *
      * 
-     * Required. The resource name for this
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+     * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+     * format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
      * 

      *
      * 
@@ -737,9 +731,8 @@ public Builder clearName() {
      *
      *
      * 
-     * Required. The resource name for this
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+     * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+     * format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
      * 

      *
      * 
@@ -765,10 +758,10 @@ public Builder setNameBytes(com.google.protobuf.ByteString value) {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -797,10 +790,10 @@ public java.lang.String getRequestId() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -829,10 +822,10 @@ public com.google.protobuf.ByteString getRequestIdBytes() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -860,10 +853,10 @@ public Builder setRequestId(java.lang.String value) {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -887,10 +880,10 @@ public Builder clearRequestId() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/DeleteCertificateAuthorityRequestOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/DeleteCertificateAuthorityRequestOrBuilder.java
index 5fe86cde..d48c4c3c 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/DeleteCertificateAuthorityRequestOrBuilder.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/DeleteCertificateAuthorityRequestOrBuilder.java
@@ -27,9 +27,8 @@ public interface DeleteCertificateAuthorityRequestOrBuilder
    *
    *
    * 
-   * Required. The resource name for this
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-   * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+   * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+   * format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
    * 

    *
    * 
@@ -43,9 +42,8 @@ public interface DeleteCertificateAuthorityRequestOrBuilder
    *
    *
    * 
-   * Required. The resource name for this
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-   * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+   * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+   * format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
    * 

    *
    * 
@@ -60,10 +58,10 @@ public interface DeleteCertificateAuthorityRequestOrBuilder
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
@@ -82,10 +80,10 @@ public interface DeleteCertificateAuthorityRequestOrBuilder
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/DeleteCertificateTemplateRequest.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/DeleteCertificateTemplateRequest.java
index 0c75e4cc..f183b86b 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/DeleteCertificateTemplateRequest.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/DeleteCertificateTemplateRequest.java
@@ -127,9 +127,8 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
    *
    *
    * 
-   * Required. The resource name for this
-   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
-   * in the format `projects/*/locations/*/certificateTemplates/*`.
+   * Required. The resource name for this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in the format
+   * `projects/*/locations/*/certificateTemplates/*`.
    * 

    *
    * 
@@ -154,9 +153,8 @@ public java.lang.String getName() {
    *
    *
    * 
-   * Required. The resource name for this
-   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
-   * in the format `projects/*/locations/*/certificateTemplates/*`.
+   * Required. The resource name for this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in the format
+   * `projects/*/locations/*/certificateTemplates/*`.
    * 

    *
    * 
@@ -184,10 +182,10 @@ public com.google.protobuf.ByteString getNameBytes() {
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
@@ -217,10 +215,10 @@ public java.lang.String getRequestId() {
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
@@ -599,9 +597,8 @@ public Builder mergeFrom(
      *
      *
      * 
-     * Required. The resource name for this
-     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
-     * in the format `projects/*/locations/*/certificateTemplates/*`.
+     * Required. The resource name for this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in the format
+     * `projects/*/locations/*/certificateTemplates/*`.
      * 

      *
      * 
@@ -625,9 +622,8 @@ public java.lang.String getName() {
      *
      *
      * 
-     * Required. The resource name for this
-     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
-     * in the format `projects/*/locations/*/certificateTemplates/*`.
+     * Required. The resource name for this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in the format
+     * `projects/*/locations/*/certificateTemplates/*`.
      * 

      *
      * 
@@ -651,9 +647,8 @@ public com.google.protobuf.ByteString getNameBytes() {
      *
      *
      * 
-     * Required. The resource name for this
-     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
-     * in the format `projects/*/locations/*/certificateTemplates/*`.
+     * Required. The resource name for this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in the format
+     * `projects/*/locations/*/certificateTemplates/*`.
      * 

      *
      * 
@@ -676,9 +671,8 @@ public Builder setName(java.lang.String value) {
      *
      *
      * 
-     * Required. The resource name for this
-     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
-     * in the format `projects/*/locations/*/certificateTemplates/*`.
+     * Required. The resource name for this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in the format
+     * `projects/*/locations/*/certificateTemplates/*`.
      * 

      *
      * 
@@ -697,9 +691,8 @@ public Builder clearName() {
      *
      *
      * 
-     * Required. The resource name for this
-     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
-     * in the format `projects/*/locations/*/certificateTemplates/*`.
+     * Required. The resource name for this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in the format
+     * `projects/*/locations/*/certificateTemplates/*`.
      * 

      *
      * 
@@ -725,10 +718,10 @@ public Builder setNameBytes(com.google.protobuf.ByteString value) {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -757,10 +750,10 @@ public java.lang.String getRequestId() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -789,10 +782,10 @@ public com.google.protobuf.ByteString getRequestIdBytes() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -820,10 +813,10 @@ public Builder setRequestId(java.lang.String value) {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -847,10 +840,10 @@ public Builder clearRequestId() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/DeleteCertificateTemplateRequestOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/DeleteCertificateTemplateRequestOrBuilder.java
index 1db60286..f61466ab 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/DeleteCertificateTemplateRequestOrBuilder.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/DeleteCertificateTemplateRequestOrBuilder.java
@@ -27,9 +27,8 @@ public interface DeleteCertificateTemplateRequestOrBuilder
    *
    *
    * 
-   * Required. The resource name for this
-   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
-   * in the format `projects/*/locations/*/certificateTemplates/*`.
+   * Required. The resource name for this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in the format
+   * `projects/*/locations/*/certificateTemplates/*`.
    * 

    *
    * 
@@ -43,9 +42,8 @@ public interface DeleteCertificateTemplateRequestOrBuilder
    *
    *
    * 
-   * Required. The resource name for this
-   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
-   * in the format `projects/*/locations/*/certificateTemplates/*`.
+   * Required. The resource name for this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in the format
+   * `projects/*/locations/*/certificateTemplates/*`.
    * 

    *
    * 
@@ -60,10 +58,10 @@ public interface DeleteCertificateTemplateRequestOrBuilder
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
@@ -82,10 +80,10 @@ public interface DeleteCertificateTemplateRequestOrBuilder
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/DisableCertificateAuthorityRequest.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/DisableCertificateAuthorityRequest.java
index 46420f80..806c7e46 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/DisableCertificateAuthorityRequest.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/DisableCertificateAuthorityRequest.java
@@ -128,9 +128,8 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
    *
    *
    * 
-   * Required. The resource name for this
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-   * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+   * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+   * format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
    * 

    *
    * 
@@ -155,9 +154,8 @@ public java.lang.String getName() {
    *
    *
    * 
-   * Required. The resource name for this
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-   * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+   * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+   * format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
    * 

    *
    * 
@@ -185,10 +183,10 @@ public com.google.protobuf.ByteString getNameBytes() {
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
@@ -218,10 +216,10 @@ public java.lang.String getRequestId() {
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
@@ -603,9 +601,8 @@ public Builder mergeFrom(
      *
      *
      * 
-     * Required. The resource name for this
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+     * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+     * format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
      * 

      *
      * 
@@ -629,9 +626,8 @@ public java.lang.String getName() {
      *
      *
      * 
-     * Required. The resource name for this
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+     * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+     * format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
      * 

      *
      * 
@@ -655,9 +651,8 @@ public com.google.protobuf.ByteString getNameBytes() {
      *
      *
      * 
-     * Required. The resource name for this
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+     * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+     * format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
      * 

      *
      * 
@@ -680,9 +675,8 @@ public Builder setName(java.lang.String value) {
      *
      *
      * 
-     * Required. The resource name for this
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+     * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+     * format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
      * 

      *
      * 
@@ -701,9 +695,8 @@ public Builder clearName() {
      *
      *
      * 
-     * Required. The resource name for this
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+     * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+     * format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
      * 

      *
      * 
@@ -729,10 +722,10 @@ public Builder setNameBytes(com.google.protobuf.ByteString value) {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -761,10 +754,10 @@ public java.lang.String getRequestId() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -793,10 +786,10 @@ public com.google.protobuf.ByteString getRequestIdBytes() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -824,10 +817,10 @@ public Builder setRequestId(java.lang.String value) {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -851,10 +844,10 @@ public Builder clearRequestId() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/DisableCertificateAuthorityRequestOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/DisableCertificateAuthorityRequestOrBuilder.java
index c58cfaff..7d918046 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/DisableCertificateAuthorityRequestOrBuilder.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/DisableCertificateAuthorityRequestOrBuilder.java
@@ -27,9 +27,8 @@ public interface DisableCertificateAuthorityRequestOrBuilder
    *
    *
    * 
-   * Required. The resource name for this
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-   * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+   * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+   * format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
    * 

    *
    * 
@@ -43,9 +42,8 @@ public interface DisableCertificateAuthorityRequestOrBuilder
    *
    *
    * 
-   * Required. The resource name for this
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-   * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+   * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+   * format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
    * 

    *
    * 
@@ -60,10 +58,10 @@ public interface DisableCertificateAuthorityRequestOrBuilder
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
@@ -82,10 +80,10 @@ public interface DisableCertificateAuthorityRequestOrBuilder
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/EnableCertificateAuthorityRequest.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/EnableCertificateAuthorityRequest.java
index 2018a94c..92198bc8 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/EnableCertificateAuthorityRequest.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/EnableCertificateAuthorityRequest.java
@@ -127,9 +127,8 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
    *
    *
    * 
-   * Required. The resource name for this
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-   * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+   * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+   * format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
    * 

    *
    * 
@@ -154,9 +153,8 @@ public java.lang.String getName() {
    *
    *
    * 
-   * Required. The resource name for this
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-   * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+   * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+   * format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
    * 

    *
    * 
@@ -184,10 +182,10 @@ public com.google.protobuf.ByteString getNameBytes() {
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
@@ -217,10 +215,10 @@ public java.lang.String getRequestId() {
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
@@ -600,9 +598,8 @@ public Builder mergeFrom(
      *
      *
      * 
-     * Required. The resource name for this
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+     * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+     * format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
      * 

      *
      * 
@@ -626,9 +623,8 @@ public java.lang.String getName() {
      *
      *
      * 
-     * Required. The resource name for this
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+     * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+     * format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
      * 

      *
      * 
@@ -652,9 +648,8 @@ public com.google.protobuf.ByteString getNameBytes() {
      *
      *
      * 
-     * Required. The resource name for this
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+     * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+     * format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
      * 

      *
      * 
@@ -677,9 +672,8 @@ public Builder setName(java.lang.String value) {
      *
      *
      * 
-     * Required. The resource name for this
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+     * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+     * format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
      * 

      *
      * 
@@ -698,9 +692,8 @@ public Builder clearName() {
      *
      *
      * 
-     * Required. The resource name for this
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+     * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+     * format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
      * 

      *
      * 
@@ -726,10 +719,10 @@ public Builder setNameBytes(com.google.protobuf.ByteString value) {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -758,10 +751,10 @@ public java.lang.String getRequestId() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -790,10 +783,10 @@ public com.google.protobuf.ByteString getRequestIdBytes() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -821,10 +814,10 @@ public Builder setRequestId(java.lang.String value) {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -848,10 +841,10 @@ public Builder clearRequestId() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/EnableCertificateAuthorityRequestOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/EnableCertificateAuthorityRequestOrBuilder.java
index f818e098..db3255d9 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/EnableCertificateAuthorityRequestOrBuilder.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/EnableCertificateAuthorityRequestOrBuilder.java
@@ -27,9 +27,8 @@ public interface EnableCertificateAuthorityRequestOrBuilder
    *
    *
    * 
-   * Required. The resource name for this
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-   * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+   * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+   * format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
    * 

    *
    * 
@@ -43,9 +42,8 @@ public interface EnableCertificateAuthorityRequestOrBuilder
    *
    *
    * 
-   * Required. The resource name for this
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-   * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+   * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+   * format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
    * 

    *
    * 
@@ -60,10 +58,10 @@ public interface EnableCertificateAuthorityRequestOrBuilder
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
@@ -82,10 +80,10 @@ public interface EnableCertificateAuthorityRequestOrBuilder
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/FetchCaCertsRequest.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/FetchCaCertsRequest.java
index 12692112..43ae789b 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/FetchCaCertsRequest.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/FetchCaCertsRequest.java
@@ -126,9 +126,8 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
    *
    *
    * 
-   * Required. The resource name for the
-   * [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
-   * `projects/*/locations/*/caPools/*`.
+   * Required. The resource name for the [CaPool][google.cloud.security.privateca.v1.CaPool] in the
+   * format `projects/*/locations/*/caPools/*`.
    * 

    *
    * 
@@ -153,9 +152,8 @@ public java.lang.String getCaPool() {
    *
    *
    * 
-   * Required. The resource name for the
-   * [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
-   * `projects/*/locations/*/caPools/*`.
+   * Required. The resource name for the [CaPool][google.cloud.security.privateca.v1.CaPool] in the
+   * format `projects/*/locations/*/caPools/*`.
    * 

    *
    * 
@@ -183,10 +181,10 @@ public com.google.protobuf.ByteString getCaPoolBytes() {
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
@@ -216,10 +214,10 @@ public java.lang.String getRequestId() {
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
@@ -587,9 +585,8 @@ public Builder mergeFrom(
      *
      *
      * 
-     * Required. The resource name for the
-     * [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
-     * `projects/*/locations/*/caPools/*`.
+     * Required. The resource name for the [CaPool][google.cloud.security.privateca.v1.CaPool] in the
+     * format `projects/*/locations/*/caPools/*`.
      * 

      *
      * 
@@ -613,9 +610,8 @@ public java.lang.String getCaPool() {
      *
      *
      * 
-     * Required. The resource name for the
-     * [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
-     * `projects/*/locations/*/caPools/*`.
+     * Required. The resource name for the [CaPool][google.cloud.security.privateca.v1.CaPool] in the
+     * format `projects/*/locations/*/caPools/*`.
      * 

      *
      * 
@@ -639,9 +635,8 @@ public com.google.protobuf.ByteString getCaPoolBytes() {
      *
      *
      * 
-     * Required. The resource name for the
-     * [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
-     * `projects/*/locations/*/caPools/*`.
+     * Required. The resource name for the [CaPool][google.cloud.security.privateca.v1.CaPool] in the
+     * format `projects/*/locations/*/caPools/*`.
      * 

      *
      * 
@@ -664,9 +659,8 @@ public Builder setCaPool(java.lang.String value) {
      *
      *
      * 
-     * Required. The resource name for the
-     * [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
-     * `projects/*/locations/*/caPools/*`.
+     * Required. The resource name for the [CaPool][google.cloud.security.privateca.v1.CaPool] in the
+     * format `projects/*/locations/*/caPools/*`.
      * 

      *
      * 
@@ -685,9 +679,8 @@ public Builder clearCaPool() {
      *
      *
      * 
-     * Required. The resource name for the
-     * [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
-     * `projects/*/locations/*/caPools/*`.
+     * Required. The resource name for the [CaPool][google.cloud.security.privateca.v1.CaPool] in the
+     * format `projects/*/locations/*/caPools/*`.
      * 

      *
      * 
@@ -713,10 +706,10 @@ public Builder setCaPoolBytes(com.google.protobuf.ByteString value) {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -745,10 +738,10 @@ public java.lang.String getRequestId() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -777,10 +770,10 @@ public com.google.protobuf.ByteString getRequestIdBytes() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -808,10 +801,10 @@ public Builder setRequestId(java.lang.String value) {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -835,10 +828,10 @@ public Builder clearRequestId() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/FetchCaCertsRequestOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/FetchCaCertsRequestOrBuilder.java
index f66fc399..93037db3 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/FetchCaCertsRequestOrBuilder.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/FetchCaCertsRequestOrBuilder.java
@@ -27,9 +27,8 @@ public interface FetchCaCertsRequestOrBuilder
    *
    *
    * 
-   * Required. The resource name for the
-   * [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
-   * `projects/*/locations/*/caPools/*`.
+   * Required. The resource name for the [CaPool][google.cloud.security.privateca.v1.CaPool] in the
+   * format `projects/*/locations/*/caPools/*`.
    * 

    *
    * 
@@ -43,9 +42,8 @@ public interface FetchCaCertsRequestOrBuilder
    *
    *
    * 
-   * Required. The resource name for the
-   * [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
-   * `projects/*/locations/*/caPools/*`.
+   * Required. The resource name for the [CaPool][google.cloud.security.privateca.v1.CaPool] in the
+   * format `projects/*/locations/*/caPools/*`.
    * 

    *
    * 
@@ -60,10 +58,10 @@ public interface FetchCaCertsRequestOrBuilder
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
@@ -82,10 +80,10 @@ public interface FetchCaCertsRequestOrBuilder
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/FetchCaCertsResponse.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/FetchCaCertsResponse.java
index 118c2d82..9fa83527 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/FetchCaCertsResponse.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/FetchCaCertsResponse.java
@@ -911,8 +911,7 @@ public com.google.protobuf.Parser getParserForType() {
    *
    * 
    * The PEM encoded CA certificate chains of all
-   * [ACTIVE][CertificateAuthority.State.ACTIVE]
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * [ACTIVE][CertificateAuthority.State.ACTIVE] [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
    * resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
    * 

    *
@@ -929,8 +928,7 @@ public com.google.protobuf.Parser getParserForType() {
    *
    * 
    * The PEM encoded CA certificate chains of all
-   * [ACTIVE][CertificateAuthority.State.ACTIVE]
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * [ACTIVE][CertificateAuthority.State.ACTIVE] [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
    * resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
    * 

    *
@@ -948,8 +946,7 @@ public com.google.protobuf.Parser getParserForType() {
    *
    * 
    * The PEM encoded CA certificate chains of all
-   * [ACTIVE][CertificateAuthority.State.ACTIVE]
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * [ACTIVE][CertificateAuthority.State.ACTIVE] [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
    * resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
    * 

    *
@@ -965,8 +962,7 @@ public int getCaCertsCount() {
    *
    * 
    * The PEM encoded CA certificate chains of all
-   * [ACTIVE][CertificateAuthority.State.ACTIVE]
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * [ACTIVE][CertificateAuthority.State.ACTIVE] [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
    * resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
    * 

    *
@@ -983,8 +979,7 @@ public com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain get
    *
    * 
    * The PEM encoded CA certificate chains of all
-   * [ACTIVE][CertificateAuthority.State.ACTIVE]
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * [ACTIVE][CertificateAuthority.State.ACTIVE] [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
    * resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
    * 

    *
@@ -1382,8 +1377,7 @@ private void ensureCaCertsIsMutable() {
      *
      * 
      * The PEM encoded CA certificate chains of all
-     * [ACTIVE][CertificateAuthority.State.ACTIVE]
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * [ACTIVE][CertificateAuthority.State.ACTIVE] [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
      * resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
      * 

      *
@@ -1404,8 +1398,7 @@ private void ensureCaCertsIsMutable() {
      *
      * 
      * The PEM encoded CA certificate chains of all
-     * [ACTIVE][CertificateAuthority.State.ACTIVE]
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * [ACTIVE][CertificateAuthority.State.ACTIVE] [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
      * resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
      * 

      *
@@ -1425,8 +1418,7 @@ public int getCaCertsCount() {
      *
      * 
      * The PEM encoded CA certificate chains of all
-     * [ACTIVE][CertificateAuthority.State.ACTIVE]
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * [ACTIVE][CertificateAuthority.State.ACTIVE] [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
      * resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
      * 

      *
@@ -1447,8 +1439,7 @@ public com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain get
      *
      * 
      * The PEM encoded CA certificate chains of all
-     * [ACTIVE][CertificateAuthority.State.ACTIVE]
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * [ACTIVE][CertificateAuthority.State.ACTIVE] [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
      * resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
      * 

      *
@@ -1475,8 +1466,7 @@ public Builder setCaCerts(
      *
      * 
      * The PEM encoded CA certificate chains of all
-     * [ACTIVE][CertificateAuthority.State.ACTIVE]
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * [ACTIVE][CertificateAuthority.State.ACTIVE] [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
      * resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
      * 

      *
@@ -1502,8 +1492,7 @@ public Builder setCaCerts(
      *
      * 
      * The PEM encoded CA certificate chains of all
-     * [ACTIVE][CertificateAuthority.State.ACTIVE]
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * [ACTIVE][CertificateAuthority.State.ACTIVE] [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
      * resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
      * 

      *
@@ -1530,8 +1519,7 @@ public Builder addCaCerts(
      *
      * 
      * The PEM encoded CA certificate chains of all
-     * [ACTIVE][CertificateAuthority.State.ACTIVE]
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * [ACTIVE][CertificateAuthority.State.ACTIVE] [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
      * resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
      * 

      *
@@ -1558,8 +1546,7 @@ public Builder addCaCerts(
      *
      * 
      * The PEM encoded CA certificate chains of all
-     * [ACTIVE][CertificateAuthority.State.ACTIVE]
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * [ACTIVE][CertificateAuthority.State.ACTIVE] [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
      * resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
      * 

      *
@@ -1584,8 +1571,7 @@ public Builder addCaCerts(
      *
      * 
      * The PEM encoded CA certificate chains of all
-     * [ACTIVE][CertificateAuthority.State.ACTIVE]
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * [ACTIVE][CertificateAuthority.State.ACTIVE] [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
      * resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
      * 

      *
@@ -1611,8 +1597,7 @@ public Builder addCaCerts(
      *
      * 
      * The PEM encoded CA certificate chains of all
-     * [ACTIVE][CertificateAuthority.State.ACTIVE]
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * [ACTIVE][CertificateAuthority.State.ACTIVE] [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
      * resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
      * 

      *
@@ -1638,8 +1623,7 @@ public Builder addAllCaCerts(
      *
      * 
      * The PEM encoded CA certificate chains of all
-     * [ACTIVE][CertificateAuthority.State.ACTIVE]
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * [ACTIVE][CertificateAuthority.State.ACTIVE] [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
      * resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
      * 

      *
@@ -1662,8 +1646,7 @@ public Builder clearCaCerts() {
      *
      * 
      * The PEM encoded CA certificate chains of all
-     * [ACTIVE][CertificateAuthority.State.ACTIVE]
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * [ACTIVE][CertificateAuthority.State.ACTIVE] [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
      * resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
      * 

      *
@@ -1686,8 +1669,7 @@ public Builder removeCaCerts(int index) {
      *
      * 
      * The PEM encoded CA certificate chains of all
-     * [ACTIVE][CertificateAuthority.State.ACTIVE]
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * [ACTIVE][CertificateAuthority.State.ACTIVE] [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
      * resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
      * 

      *
@@ -1704,8 +1686,7 @@ public Builder removeCaCerts(int index) {
      *
      * 
      * The PEM encoded CA certificate chains of all
-     * [ACTIVE][CertificateAuthority.State.ACTIVE]
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * [ACTIVE][CertificateAuthority.State.ACTIVE] [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
      * resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
      * 

      *
@@ -1726,8 +1707,7 @@ public Builder removeCaCerts(int index) {
      *
      * 
      * The PEM encoded CA certificate chains of all
-     * [ACTIVE][CertificateAuthority.State.ACTIVE]
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * [ACTIVE][CertificateAuthority.State.ACTIVE] [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
      * resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
      * 

      *
@@ -1750,8 +1730,7 @@ public Builder removeCaCerts(int index) {
      *
      * 
      * The PEM encoded CA certificate chains of all
-     * [ACTIVE][CertificateAuthority.State.ACTIVE]
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * [ACTIVE][CertificateAuthority.State.ACTIVE] [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
      * resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
      * 

      *
@@ -1771,8 +1750,7 @@ public Builder removeCaCerts(int index) {
      *
      * 
      * The PEM encoded CA certificate chains of all
-     * [ACTIVE][CertificateAuthority.State.ACTIVE]
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * [ACTIVE][CertificateAuthority.State.ACTIVE] [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
      * resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
      * 

      *
@@ -1793,8 +1771,7 @@ public Builder removeCaCerts(int index) {
      *
      * 
      * The PEM encoded CA certificate chains of all
-     * [ACTIVE][CertificateAuthority.State.ACTIVE]
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * [ACTIVE][CertificateAuthority.State.ACTIVE] [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
      * resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
      * 

      *
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/FetchCaCertsResponseOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/FetchCaCertsResponseOrBuilder.java
index 4a08352b..c1157ebc 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/FetchCaCertsResponseOrBuilder.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/FetchCaCertsResponseOrBuilder.java
@@ -28,8 +28,7 @@ public interface FetchCaCertsResponseOrBuilder
    *
    * 
    * The PEM encoded CA certificate chains of all
-   * [ACTIVE][CertificateAuthority.State.ACTIVE]
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * [ACTIVE][CertificateAuthority.State.ACTIVE] [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
    * resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
    * 

    *
@@ -43,8 +42,7 @@ public interface FetchCaCertsResponseOrBuilder
    *
    * 
    * The PEM encoded CA certificate chains of all
-   * [ACTIVE][CertificateAuthority.State.ACTIVE]
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * [ACTIVE][CertificateAuthority.State.ACTIVE] [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
    * resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
    * 

    *
@@ -57,8 +55,7 @@ public interface FetchCaCertsResponseOrBuilder
    *
    * 
    * The PEM encoded CA certificate chains of all
-   * [ACTIVE][CertificateAuthority.State.ACTIVE]
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * [ACTIVE][CertificateAuthority.State.ACTIVE] [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
    * resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
    * 

    *
@@ -71,8 +68,7 @@ public interface FetchCaCertsResponseOrBuilder
    *
    * 
    * The PEM encoded CA certificate chains of all
-   * [ACTIVE][CertificateAuthority.State.ACTIVE]
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * [ACTIVE][CertificateAuthority.State.ACTIVE] [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
    * resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
    * 

    *
@@ -87,8 +83,7 @@ public interface FetchCaCertsResponseOrBuilder
    *
    * 
    * The PEM encoded CA certificate chains of all
-   * [ACTIVE][CertificateAuthority.State.ACTIVE]
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * [ACTIVE][CertificateAuthority.State.ACTIVE] [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
    * resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
    * 

    *
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/FetchCertificateAuthorityCsrRequest.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/FetchCertificateAuthorityCsrRequest.java
index 952c7e1b..5ce45231 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/FetchCertificateAuthorityCsrRequest.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/FetchCertificateAuthorityCsrRequest.java
@@ -121,9 +121,8 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
    *
    *
    * 
-   * Required. The resource name for this
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-   * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+   * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+   * format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
    * 

    *
    * 
@@ -148,9 +147,8 @@ public java.lang.String getName() {
    *
    *
    * 
-   * Required. The resource name for this
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-   * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+   * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+   * format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
    * 

    *
    * 
@@ -516,9 +514,8 @@ public Builder mergeFrom(
      *
      *
      * 
-     * Required. The resource name for this
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+     * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+     * format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
      * 

      *
      * 
@@ -542,9 +539,8 @@ public java.lang.String getName() {
      *
      *
      * 
-     * Required. The resource name for this
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+     * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+     * format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
      * 

      *
      * 
@@ -568,9 +564,8 @@ public com.google.protobuf.ByteString getNameBytes() {
      *
      *
      * 
-     * Required. The resource name for this
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+     * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+     * format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
      * 

      *
      * 
@@ -593,9 +588,8 @@ public Builder setName(java.lang.String value) {
      *
      *
      * 
-     * Required. The resource name for this
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+     * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+     * format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
      * 

      *
      * 
@@ -614,9 +608,8 @@ public Builder clearName() {
      *
      *
      * 
-     * Required. The resource name for this
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+     * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+     * format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
      * 

      *
      * 
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/FetchCertificateAuthorityCsrRequestOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/FetchCertificateAuthorityCsrRequestOrBuilder.java
index feb2578d..8e979132 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/FetchCertificateAuthorityCsrRequestOrBuilder.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/FetchCertificateAuthorityCsrRequestOrBuilder.java
@@ -27,9 +27,8 @@ public interface FetchCertificateAuthorityCsrRequestOrBuilder
    *
    *
    * 
-   * Required. The resource name for this
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-   * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+   * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+   * format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
    * 

    *
    * 
@@ -43,9 +42,8 @@ public interface FetchCertificateAuthorityCsrRequestOrBuilder
    *
    *
    * 
-   * Required. The resource name for this
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-   * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+   * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+   * format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
    * 

    *
    * 
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCaPoolRequest.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCaPoolRequest.java
index 6b76ab67..a8ebca73 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCaPoolRequest.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCaPoolRequest.java
@@ -22,8 +22,7 @@
  *
  *
  * 
- * Request message for
- * [CertificateAuthorityService.GetCaPool][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCaPool].
+ * Request message for [CertificateAuthorityService.GetCaPool][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCaPool].
  * 

  *
  * Protobuf type {@code google.cloud.security.privateca.v1.GetCaPoolRequest}
@@ -118,8 +117,7 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
    *
    *
    * 
-   * Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the
-   * [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
+   * Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
    * 

    *
    * 
@@ -144,8 +142,7 @@ public java.lang.String getName() {
    *
    *
    * 
-   * Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the
-   * [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
+   * Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
    * 

    *
    * 
@@ -331,8 +328,7 @@ protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.Build
    *
    *
    * 
-   * Request message for
-   * [CertificateAuthorityService.GetCaPool][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCaPool].
+   * Request message for [CertificateAuthorityService.GetCaPool][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCaPool].
    * 

    *
    * Protobuf type {@code google.cloud.security.privateca.v1.GetCaPoolRequest}
@@ -492,8 +488,7 @@ public Builder mergeFrom(
      *
      *
      * 
-     * Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the
-     * [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
+     * Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
      * 

      *
      * 
@@ -517,8 +512,7 @@ public java.lang.String getName() {
      *
      *
      * 
-     * Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the
-     * [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
+     * Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
      * 

      *
      * 
@@ -542,8 +536,7 @@ public com.google.protobuf.ByteString getNameBytes() {
      *
      *
      * 
-     * Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the
-     * [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
+     * Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
      * 

      *
      * 
@@ -566,8 +559,7 @@ public Builder setName(java.lang.String value) {
      *
      *
      * 
-     * Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the
-     * [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
+     * Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
      * 

      *
      * 
@@ -586,8 +578,7 @@ public Builder clearName() {
      *
      *
      * 
-     * Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the
-     * [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
+     * Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
      * 

      *
      * 
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCaPoolRequestOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCaPoolRequestOrBuilder.java
index c0fa79d7..bdc066df 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCaPoolRequestOrBuilder.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCaPoolRequestOrBuilder.java
@@ -27,8 +27,7 @@ public interface GetCaPoolRequestOrBuilder
    *
    *
    * 
-   * Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the
-   * [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
+   * Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
    * 

    *
    * 
@@ -42,8 +41,7 @@ public interface GetCaPoolRequestOrBuilder
    *
    *
    * 
-   * Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the
-   * [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
+   * Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
    * 

    *
    * 
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCertificateAuthorityRequest.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCertificateAuthorityRequest.java
index bbadb47d..8d84125f 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCertificateAuthorityRequest.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCertificateAuthorityRequest.java
@@ -22,8 +22,7 @@
  *
  *
  * 
- * Request message for
- * [CertificateAuthorityService.GetCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCertificateAuthority].
+ * Request message for [CertificateAuthorityService.GetCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCertificateAuthority].
  * 

  *
  * Protobuf type {@code google.cloud.security.privateca.v1.GetCertificateAuthorityRequest}
@@ -119,10 +118,8 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
    *
    *
    * 
-   * Required. The
-   * [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-   * to get.
+   * Required. The [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] to
+   * get.
    * 

    *
    * 
@@ -147,10 +144,8 @@ public java.lang.String getName() {
    *
    *
    * 
-   * Required. The
-   * [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-   * to get.
+   * Required. The [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] to
+   * get.
    * 

    *
    * 
@@ -337,8 +332,7 @@ protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.Build
    *
    *
    * 
-   * Request message for
-   * [CertificateAuthorityService.GetCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCertificateAuthority].
+   * Request message for [CertificateAuthorityService.GetCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCertificateAuthority].
    * 

    *
    * Protobuf type {@code google.cloud.security.privateca.v1.GetCertificateAuthorityRequest}
@@ -505,10 +499,8 @@ public Builder mergeFrom(
      *
      *
      * 
-     * Required. The
-     * [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * to get.
+     * Required. The [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] to
+     * get.
      * 

      *
      * 
@@ -532,10 +524,8 @@ public java.lang.String getName() {
      *
      *
      * 
-     * Required. The
-     * [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * to get.
+     * Required. The [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] to
+     * get.
      * 

      *
      * 
@@ -559,10 +549,8 @@ public com.google.protobuf.ByteString getNameBytes() {
      *
      *
      * 
-     * Required. The
-     * [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * to get.
+     * Required. The [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] to
+     * get.
      * 

      *
      * 
@@ -585,10 +573,8 @@ public Builder setName(java.lang.String value) {
      *
      *
      * 
-     * Required. The
-     * [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * to get.
+     * Required. The [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] to
+     * get.
      * 

      *
      * 
@@ -607,10 +593,8 @@ public Builder clearName() {
      *
      *
      * 
-     * Required. The
-     * [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * to get.
+     * Required. The [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] to
+     * get.
      * 

      *
      * 
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCertificateAuthorityRequestOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCertificateAuthorityRequestOrBuilder.java
index f3c91dec..236eb1e1 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCertificateAuthorityRequestOrBuilder.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCertificateAuthorityRequestOrBuilder.java
@@ -27,10 +27,8 @@ public interface GetCertificateAuthorityRequestOrBuilder
    *
    *
    * 
-   * Required. The
-   * [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-   * to get.
+   * Required. The [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] to
+   * get.
    * 

    *
    * 
@@ -44,10 +42,8 @@ public interface GetCertificateAuthorityRequestOrBuilder
    *
    *
    * 
-   * Required. The
-   * [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-   * to get.
+   * Required. The [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] to
+   * get.
    * 

    *
    * 
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCertificateRequest.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCertificateRequest.java
index f0f52e05..a9aa4f0f 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCertificateRequest.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCertificateRequest.java
@@ -118,9 +118,7 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
    *
    *
    * 
-   * Required. The [name][google.cloud.security.privateca.v1.Certificate.name]
-   * of the [Certificate][google.cloud.security.privateca.v1.Certificate] to
-   * get.
+   * Required. The [name][google.cloud.security.privateca.v1.Certificate.name] of the [Certificate][google.cloud.security.privateca.v1.Certificate] to get.
    * 

    *
    * 
@@ -145,9 +143,7 @@ public java.lang.String getName() {
    *
    *
    * 
-   * Required. The [name][google.cloud.security.privateca.v1.Certificate.name]
-   * of the [Certificate][google.cloud.security.privateca.v1.Certificate] to
-   * get.
+   * Required. The [name][google.cloud.security.privateca.v1.Certificate.name] of the [Certificate][google.cloud.security.privateca.v1.Certificate] to get.
    * 

    *
    * 
@@ -496,9 +492,7 @@ public Builder mergeFrom(
      *
      *
      * 
-     * Required. The [name][google.cloud.security.privateca.v1.Certificate.name]
-     * of the [Certificate][google.cloud.security.privateca.v1.Certificate] to
-     * get.
+     * Required. The [name][google.cloud.security.privateca.v1.Certificate.name] of the [Certificate][google.cloud.security.privateca.v1.Certificate] to get.
      * 

      *
      * 
@@ -522,9 +516,7 @@ public java.lang.String getName() {
      *
      *
      * 
-     * Required. The [name][google.cloud.security.privateca.v1.Certificate.name]
-     * of the [Certificate][google.cloud.security.privateca.v1.Certificate] to
-     * get.
+     * Required. The [name][google.cloud.security.privateca.v1.Certificate.name] of the [Certificate][google.cloud.security.privateca.v1.Certificate] to get.
      * 

      *
      * 
@@ -548,9 +540,7 @@ public com.google.protobuf.ByteString getNameBytes() {
      *
      *
      * 
-     * Required. The [name][google.cloud.security.privateca.v1.Certificate.name]
-     * of the [Certificate][google.cloud.security.privateca.v1.Certificate] to
-     * get.
+     * Required. The [name][google.cloud.security.privateca.v1.Certificate.name] of the [Certificate][google.cloud.security.privateca.v1.Certificate] to get.
      * 

      *
      * 
@@ -573,9 +563,7 @@ public Builder setName(java.lang.String value) {
      *
      *
      * 
-     * Required. The [name][google.cloud.security.privateca.v1.Certificate.name]
-     * of the [Certificate][google.cloud.security.privateca.v1.Certificate] to
-     * get.
+     * Required. The [name][google.cloud.security.privateca.v1.Certificate.name] of the [Certificate][google.cloud.security.privateca.v1.Certificate] to get.
      * 

      *
      * 
@@ -594,9 +582,7 @@ public Builder clearName() {
      *
      *
      * 
-     * Required. The [name][google.cloud.security.privateca.v1.Certificate.name]
-     * of the [Certificate][google.cloud.security.privateca.v1.Certificate] to
-     * get.
+     * Required. The [name][google.cloud.security.privateca.v1.Certificate.name] of the [Certificate][google.cloud.security.privateca.v1.Certificate] to get.
      * 

      *
      * 
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCertificateRequestOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCertificateRequestOrBuilder.java
index 60e00320..57d34b00 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCertificateRequestOrBuilder.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCertificateRequestOrBuilder.java
@@ -27,9 +27,7 @@ public interface GetCertificateRequestOrBuilder
    *
    *
    * 
-   * Required. The [name][google.cloud.security.privateca.v1.Certificate.name]
-   * of the [Certificate][google.cloud.security.privateca.v1.Certificate] to
-   * get.
+   * Required. The [name][google.cloud.security.privateca.v1.Certificate.name] of the [Certificate][google.cloud.security.privateca.v1.Certificate] to get.
    * 

    *
    * 
@@ -43,9 +41,7 @@ public interface GetCertificateRequestOrBuilder
    *
    *
    * 
-   * Required. The [name][google.cloud.security.privateca.v1.Certificate.name]
-   * of the [Certificate][google.cloud.security.privateca.v1.Certificate] to
-   * get.
+   * Required. The [name][google.cloud.security.privateca.v1.Certificate.name] of the [Certificate][google.cloud.security.privateca.v1.Certificate] to get.
    * 

    *
    * 
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCertificateRevocationListRequest.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCertificateRevocationListRequest.java
index ce53bf33..c927f12d 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCertificateRevocationListRequest.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCertificateRevocationListRequest.java
@@ -121,11 +121,8 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
    *
    *
    * 
-   * Required. The
-   * [name][google.cloud.security.privateca.v1.CertificateRevocationList.name]
-   * of the
-   * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
-   * to get.
+   * Required. The [name][google.cloud.security.privateca.v1.CertificateRevocationList.name] of the
+   * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] to get.
    * 

    *
    * 
@@ -150,11 +147,8 @@ public java.lang.String getName() {
    *
    *
    * 
-   * Required. The
-   * [name][google.cloud.security.privateca.v1.CertificateRevocationList.name]
-   * of the
-   * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
-   * to get.
+   * Required. The [name][google.cloud.security.privateca.v1.CertificateRevocationList.name] of the
+   * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] to get.
    * 

    *
    * 
@@ -520,11 +514,8 @@ public Builder mergeFrom(
      *
      *
      * 
-     * Required. The
-     * [name][google.cloud.security.privateca.v1.CertificateRevocationList.name]
-     * of the
-     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
-     * to get.
+     * Required. The [name][google.cloud.security.privateca.v1.CertificateRevocationList.name] of the
+     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] to get.
      * 

      *
      * 
@@ -548,11 +539,8 @@ public java.lang.String getName() {
      *
      *
      * 
-     * Required. The
-     * [name][google.cloud.security.privateca.v1.CertificateRevocationList.name]
-     * of the
-     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
-     * to get.
+     * Required. The [name][google.cloud.security.privateca.v1.CertificateRevocationList.name] of the
+     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] to get.
      * 

      *
      * 
@@ -576,11 +564,8 @@ public com.google.protobuf.ByteString getNameBytes() {
      *
      *
      * 
-     * Required. The
-     * [name][google.cloud.security.privateca.v1.CertificateRevocationList.name]
-     * of the
-     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
-     * to get.
+     * Required. The [name][google.cloud.security.privateca.v1.CertificateRevocationList.name] of the
+     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] to get.
      * 

      *
      * 
@@ -603,11 +588,8 @@ public Builder setName(java.lang.String value) {
      *
      *
      * 
-     * Required. The
-     * [name][google.cloud.security.privateca.v1.CertificateRevocationList.name]
-     * of the
-     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
-     * to get.
+     * Required. The [name][google.cloud.security.privateca.v1.CertificateRevocationList.name] of the
+     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] to get.
      * 

      *
      * 
@@ -626,11 +608,8 @@ public Builder clearName() {
      *
      *
      * 
-     * Required. The
-     * [name][google.cloud.security.privateca.v1.CertificateRevocationList.name]
-     * of the
-     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
-     * to get.
+     * Required. The [name][google.cloud.security.privateca.v1.CertificateRevocationList.name] of the
+     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] to get.
      * 

      *
      * 
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCertificateRevocationListRequestOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCertificateRevocationListRequestOrBuilder.java
index e900a451..09cd9cc3 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCertificateRevocationListRequestOrBuilder.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCertificateRevocationListRequestOrBuilder.java
@@ -27,11 +27,8 @@ public interface GetCertificateRevocationListRequestOrBuilder
    *
    *
    * 
-   * Required. The
-   * [name][google.cloud.security.privateca.v1.CertificateRevocationList.name]
-   * of the
-   * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
-   * to get.
+   * Required. The [name][google.cloud.security.privateca.v1.CertificateRevocationList.name] of the
+   * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] to get.
    * 

    *
    * 
@@ -45,11 +42,8 @@ public interface GetCertificateRevocationListRequestOrBuilder
    *
    *
    * 
-   * Required. The
-   * [name][google.cloud.security.privateca.v1.CertificateRevocationList.name]
-   * of the
-   * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
-   * to get.
+   * Required. The [name][google.cloud.security.privateca.v1.CertificateRevocationList.name] of the
+   * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] to get.
    * 

    *
    * 
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCertificateTemplateRequest.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCertificateTemplateRequest.java
index 4288c1d5..6135af88 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCertificateTemplateRequest.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCertificateTemplateRequest.java
@@ -118,10 +118,8 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
    *
    *
    * 
-   * Required. The
-   * [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the
-   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
-   * to get.
+   * Required. The [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] to
+   * get.
    * 

    *
    * 
@@ -146,10 +144,8 @@ public java.lang.String getName() {
    *
    *
    * 
-   * Required. The
-   * [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the
-   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
-   * to get.
+   * Required. The [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] to
+   * get.
    * 

    *
    * 
@@ -504,10 +500,8 @@ public Builder mergeFrom(
      *
      *
      * 
-     * Required. The
-     * [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the
-     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
-     * to get.
+     * Required. The [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] to
+     * get.
      * 

      *
      * 
@@ -531,10 +525,8 @@ public java.lang.String getName() {
      *
      *
      * 
-     * Required. The
-     * [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the
-     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
-     * to get.
+     * Required. The [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] to
+     * get.
      * 

      *
      * 
@@ -558,10 +550,8 @@ public com.google.protobuf.ByteString getNameBytes() {
      *
      *
      * 
-     * Required. The
-     * [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the
-     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
-     * to get.
+     * Required. The [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] to
+     * get.
      * 

      *
      * 
@@ -584,10 +574,8 @@ public Builder setName(java.lang.String value) {
      *
      *
      * 
-     * Required. The
-     * [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the
-     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
-     * to get.
+     * Required. The [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] to
+     * get.
      * 

      *
      * 
@@ -606,10 +594,8 @@ public Builder clearName() {
      *
      *
      * 
-     * Required. The
-     * [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the
-     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
-     * to get.
+     * Required. The [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] to
+     * get.
      * 

      *
      * 
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCertificateTemplateRequestOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCertificateTemplateRequestOrBuilder.java
index c3d7f178..cfebc0ed 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCertificateTemplateRequestOrBuilder.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCertificateTemplateRequestOrBuilder.java
@@ -27,10 +27,8 @@ public interface GetCertificateTemplateRequestOrBuilder
    *
    *
    * 
-   * Required. The
-   * [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the
-   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
-   * to get.
+   * Required. The [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] to
+   * get.
    * 

    *
    * 
@@ -44,10 +42,8 @@ public interface GetCertificateTemplateRequestOrBuilder
    *
    *
    * 
-   * Required. The
-   * [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the
-   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
-   * to get.
+   * Required. The [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] to
+   * get.
    * 

    *
    * 
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCaPoolsRequest.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCaPoolsRequest.java
index bbc600c4..b8be2119 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCaPoolsRequest.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCaPoolsRequest.java
@@ -204,13 +204,12 @@ public com.google.protobuf.ByteString getParentBytes() {
    *
    *
    * 
-   * Optional. Limit on the number of
-   * [CaPools][google.cloud.security.privateca.v1.CaPool] to include in the
-   * response. Further [CaPools][google.cloud.security.privateca.v1.CaPool] can
-   * subsequently be obtained by including the
-   * [ListCaPoolsResponse.next_page_token][google.cloud.security.privateca.v1.ListCaPoolsResponse.next_page_token]
-   * in a subsequent request. If unspecified, the server will pick an
-   * appropriate default.
+   * Optional. Limit on the number of [CaPools][google.cloud.security.privateca.v1.CaPool] to
+   * include in the response.
+   * Further [CaPools][google.cloud.security.privateca.v1.CaPool] can subsequently be
+   * obtained by including the
+   * [ListCaPoolsResponse.next_page_token][google.cloud.security.privateca.v1.ListCaPoolsResponse.next_page_token] in a subsequent
+   * request. If unspecified, the server will pick an appropriate default.
    * 

    *
    * int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];
@@ -885,13 +884,12 @@ public Builder setParentBytes(com.google.protobuf.ByteString value) {
      *
      *
      * 
-     * Optional. Limit on the number of
-     * [CaPools][google.cloud.security.privateca.v1.CaPool] to include in the
-     * response. Further [CaPools][google.cloud.security.privateca.v1.CaPool] can
-     * subsequently be obtained by including the
-     * [ListCaPoolsResponse.next_page_token][google.cloud.security.privateca.v1.ListCaPoolsResponse.next_page_token]
-     * in a subsequent request. If unspecified, the server will pick an
-     * appropriate default.
+     * Optional. Limit on the number of [CaPools][google.cloud.security.privateca.v1.CaPool] to
+     * include in the response.
+     * Further [CaPools][google.cloud.security.privateca.v1.CaPool] can subsequently be
+     * obtained by including the
+     * [ListCaPoolsResponse.next_page_token][google.cloud.security.privateca.v1.ListCaPoolsResponse.next_page_token] in a subsequent
+     * request. If unspecified, the server will pick an appropriate default.
      * 

      *
      * int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];
@@ -906,13 +904,12 @@ public int getPageSize() {
      *
      *
      * 
-     * Optional. Limit on the number of
-     * [CaPools][google.cloud.security.privateca.v1.CaPool] to include in the
-     * response. Further [CaPools][google.cloud.security.privateca.v1.CaPool] can
-     * subsequently be obtained by including the
-     * [ListCaPoolsResponse.next_page_token][google.cloud.security.privateca.v1.ListCaPoolsResponse.next_page_token]
-     * in a subsequent request. If unspecified, the server will pick an
-     * appropriate default.
+     * Optional. Limit on the number of [CaPools][google.cloud.security.privateca.v1.CaPool] to
+     * include in the response.
+     * Further [CaPools][google.cloud.security.privateca.v1.CaPool] can subsequently be
+     * obtained by including the
+     * [ListCaPoolsResponse.next_page_token][google.cloud.security.privateca.v1.ListCaPoolsResponse.next_page_token] in a subsequent
+     * request. If unspecified, the server will pick an appropriate default.
      * 

      *
      * int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];
@@ -930,13 +927,12 @@ public Builder setPageSize(int value) {
      *
      *
      * 
-     * Optional. Limit on the number of
-     * [CaPools][google.cloud.security.privateca.v1.CaPool] to include in the
-     * response. Further [CaPools][google.cloud.security.privateca.v1.CaPool] can
-     * subsequently be obtained by including the
-     * [ListCaPoolsResponse.next_page_token][google.cloud.security.privateca.v1.ListCaPoolsResponse.next_page_token]
-     * in a subsequent request. If unspecified, the server will pick an
-     * appropriate default.
+     * Optional. Limit on the number of [CaPools][google.cloud.security.privateca.v1.CaPool] to
+     * include in the response.
+     * Further [CaPools][google.cloud.security.privateca.v1.CaPool] can subsequently be
+     * obtained by including the
+     * [ListCaPoolsResponse.next_page_token][google.cloud.security.privateca.v1.ListCaPoolsResponse.next_page_token] in a subsequent
+     * request. If unspecified, the server will pick an appropriate default.
      * 

      *
      * int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCaPoolsRequestOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCaPoolsRequestOrBuilder.java
index f773b3e4..4af67afb 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCaPoolsRequestOrBuilder.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCaPoolsRequestOrBuilder.java
@@ -60,13 +60,12 @@ public interface ListCaPoolsRequestOrBuilder
    *
    *
    * 
-   * Optional. Limit on the number of
-   * [CaPools][google.cloud.security.privateca.v1.CaPool] to include in the
-   * response. Further [CaPools][google.cloud.security.privateca.v1.CaPool] can
-   * subsequently be obtained by including the
-   * [ListCaPoolsResponse.next_page_token][google.cloud.security.privateca.v1.ListCaPoolsResponse.next_page_token]
-   * in a subsequent request. If unspecified, the server will pick an
-   * appropriate default.
+   * Optional. Limit on the number of [CaPools][google.cloud.security.privateca.v1.CaPool] to
+   * include in the response.
+   * Further [CaPools][google.cloud.security.privateca.v1.CaPool] can subsequently be
+   * obtained by including the
+   * [ListCaPoolsResponse.next_page_token][google.cloud.security.privateca.v1.ListCaPoolsResponse.next_page_token] in a subsequent
+   * request. If unspecified, the server will pick an appropriate default.
    * 

    *
    * int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateAuthoritiesRequest.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateAuthoritiesRequest.java
index 361229a2..16ebcd11 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateAuthoritiesRequest.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateAuthoritiesRequest.java
@@ -148,10 +148,9 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
    *
    *
    * 
-   * Required. The resource name of the
-   * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
-   * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
-   * in the format `projects/*/locations/*/caPools/*`.
+   * Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+   * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority], in the format
+   * `projects/*/locations/*/caPools/*`.
    * 

    *
    * 
@@ -176,10 +175,9 @@ public java.lang.String getParent() {
    *
    *
    * 
-   * Required. The resource name of the
-   * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
-   * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
-   * in the format `projects/*/locations/*/caPools/*`.
+   * Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+   * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority], in the format
+   * `projects/*/locations/*/caPools/*`.
    * 

    *
    * 
@@ -207,14 +205,12 @@ public com.google.protobuf.ByteString getParentBytes() {
    *
    *
    * 
-   * Optional. Limit on the number of
-   * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority]
-   * to include in the response. Further
-   * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority]
-   * can subsequently be obtained by including the
-   * [ListCertificateAuthoritiesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse.next_page_token]
-   * in a subsequent request. If unspecified, the server will pick an
-   * appropriate default.
+   * Optional. Limit on the number of [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority] to
+   * include in the response.
+   * Further [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority] can subsequently be
+   * obtained by including the
+   * [ListCertificateAuthoritiesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse.next_page_token] in a subsequent
+   * request. If unspecified, the server will pick an appropriate default.
    * 

    *
    * int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];
@@ -775,10 +771,9 @@ public Builder mergeFrom(
      *
      *
      * 
-     * Required. The resource name of the
-     * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
-     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
-     * in the format `projects/*/locations/*/caPools/*`.
+     * Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority], in the format
+     * `projects/*/locations/*/caPools/*`.
      * 

      *
      * 
@@ -802,10 +797,9 @@ public java.lang.String getParent() {
      *
      *
      * 
-     * Required. The resource name of the
-     * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
-     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
-     * in the format `projects/*/locations/*/caPools/*`.
+     * Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority], in the format
+     * `projects/*/locations/*/caPools/*`.
      * 

      *
      * 
@@ -829,10 +823,9 @@ public com.google.protobuf.ByteString getParentBytes() {
      *
      *
      * 
-     * Required. The resource name of the
-     * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
-     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
-     * in the format `projects/*/locations/*/caPools/*`.
+     * Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority], in the format
+     * `projects/*/locations/*/caPools/*`.
      * 

      *
      * 
@@ -855,10 +848,9 @@ public Builder setParent(java.lang.String value) {
      *
      *
      * 
-     * Required. The resource name of the
-     * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
-     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
-     * in the format `projects/*/locations/*/caPools/*`.
+     * Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority], in the format
+     * `projects/*/locations/*/caPools/*`.
      * 

      *
      * 
@@ -877,10 +869,9 @@ public Builder clearParent() {
      *
      *
      * 
-     * Required. The resource name of the
-     * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
-     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
-     * in the format `projects/*/locations/*/caPools/*`.
+     * Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority], in the format
+     * `projects/*/locations/*/caPools/*`.
      * 

      *
      * 
@@ -906,14 +897,12 @@ public Builder setParentBytes(com.google.protobuf.ByteString value) {
      *
      *
      * 
-     * Optional. Limit on the number of
-     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority]
-     * to include in the response. Further
-     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority]
-     * can subsequently be obtained by including the
-     * [ListCertificateAuthoritiesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse.next_page_token]
-     * in a subsequent request. If unspecified, the server will pick an
-     * appropriate default.
+     * Optional. Limit on the number of [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority] to
+     * include in the response.
+     * Further [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority] can subsequently be
+     * obtained by including the
+     * [ListCertificateAuthoritiesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse.next_page_token] in a subsequent
+     * request. If unspecified, the server will pick an appropriate default.
      * 

      *
      * int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];
@@ -928,14 +917,12 @@ public int getPageSize() {
      *
      *
      * 
-     * Optional. Limit on the number of
-     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority]
-     * to include in the response. Further
-     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority]
-     * can subsequently be obtained by including the
-     * [ListCertificateAuthoritiesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse.next_page_token]
-     * in a subsequent request. If unspecified, the server will pick an
-     * appropriate default.
+     * Optional. Limit on the number of [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority] to
+     * include in the response.
+     * Further [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority] can subsequently be
+     * obtained by including the
+     * [ListCertificateAuthoritiesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse.next_page_token] in a subsequent
+     * request. If unspecified, the server will pick an appropriate default.
      * 

      *
      * int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];
@@ -953,14 +940,12 @@ public Builder setPageSize(int value) {
      *
      *
      * 
-     * Optional. Limit on the number of
-     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority]
-     * to include in the response. Further
-     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority]
-     * can subsequently be obtained by including the
-     * [ListCertificateAuthoritiesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse.next_page_token]
-     * in a subsequent request. If unspecified, the server will pick an
-     * appropriate default.
+     * Optional. Limit on the number of [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority] to
+     * include in the response.
+     * Further [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority] can subsequently be
+     * obtained by including the
+     * [ListCertificateAuthoritiesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse.next_page_token] in a subsequent
+     * request. If unspecified, the server will pick an appropriate default.
      * 

      *
      * int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateAuthoritiesRequestOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateAuthoritiesRequestOrBuilder.java
index 7e456af3..caca9737 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateAuthoritiesRequestOrBuilder.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateAuthoritiesRequestOrBuilder.java
@@ -27,10 +27,9 @@ public interface ListCertificateAuthoritiesRequestOrBuilder
    *
    *
    * 
-   * Required. The resource name of the
-   * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
-   * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
-   * in the format `projects/*/locations/*/caPools/*`.
+   * Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+   * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority], in the format
+   * `projects/*/locations/*/caPools/*`.
    * 

    *
    * 
@@ -44,10 +43,9 @@ public interface ListCertificateAuthoritiesRequestOrBuilder
    *
    *
    * 
-   * Required. The resource name of the
-   * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
-   * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
-   * in the format `projects/*/locations/*/caPools/*`.
+   * Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+   * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority], in the format
+   * `projects/*/locations/*/caPools/*`.
    * 

    *
    * 
@@ -62,14 +60,12 @@ public interface ListCertificateAuthoritiesRequestOrBuilder
    *
    *
    * 
-   * Optional. Limit on the number of
-   * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority]
-   * to include in the response. Further
-   * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority]
-   * can subsequently be obtained by including the
-   * [ListCertificateAuthoritiesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse.next_page_token]
-   * in a subsequent request. If unspecified, the server will pick an
-   * appropriate default.
+   * Optional. Limit on the number of [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority] to
+   * include in the response.
+   * Further [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority] can subsequently be
+   * obtained by including the
+   * [ListCertificateAuthoritiesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse.next_page_token] in a subsequent
+   * request. If unspecified, the server will pick an appropriate default.
    * 

    *
    * int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateAuthoritiesResponse.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateAuthoritiesResponse.java
index 7c91ef21..dca26ae0 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateAuthoritiesResponse.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateAuthoritiesResponse.java
@@ -154,8 +154,7 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
    *
    *
    * 
-   * The list of
-   * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+   * The list of [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
    * 

    *
    * 
@@ -171,8 +170,7 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
    *
    *
    * 
-   * The list of
-   * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+   * The list of [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
    * 

    *
    * 
@@ -189,8 +187,7 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
    *
    *
    * 
-   * The list of
-   * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+   * The list of [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
    * 

    *
    * 
@@ -205,8 +202,7 @@ public int getCertificateAuthoritiesCount() {
    *
    *
    * 
-   * The list of
-   * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+   * The list of [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
    * 

    *
    * 
@@ -222,8 +218,7 @@ public com.google.cloud.security.privateca.v1.CertificateAuthority getCertificat
    *
    *
    * 
-   * The list of
-   * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+   * The list of [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
    * 

    *
    * 
@@ -800,8 +795,7 @@ private void ensureCertificateAuthoritiesIsMutable() {
      *
      *
      * 
-     * The list of
-     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+     * The list of [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
      * 

      *
      * 
@@ -820,8 +814,7 @@ private void ensureCertificateAuthoritiesIsMutable() {
      *
      *
      * 
-     * The list of
-     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+     * The list of [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
      * 

      *
      * 
@@ -839,8 +832,7 @@ public int getCertificateAuthoritiesCount() {
      *
      *
      * 
-     * The list of
-     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+     * The list of [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
      * 

      *
      * 
@@ -859,8 +851,7 @@ public com.google.cloud.security.privateca.v1.CertificateAuthority getCertificat
      *
      *
      * 
-     * The list of
-     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+     * The list of [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
      * 

      *
      * 
@@ -885,8 +876,7 @@ public Builder setCertificateAuthorities(
      *
      *
      * 
-     * The list of
-     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+     * The list of [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
      * 

      *
      * 
@@ -909,8 +899,7 @@ public Builder setCertificateAuthorities(
      *
      *
      * 
-     * The list of
-     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+     * The list of [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
      * 

      *
      * 
@@ -935,8 +924,7 @@ public Builder addCertificateAuthorities(
      *
      *
      * 
-     * The list of
-     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+     * The list of [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
      * 

      *
      * 
@@ -961,8 +949,7 @@ public Builder addCertificateAuthorities(
      *
      *
      * 
-     * The list of
-     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+     * The list of [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
      * 

      *
      * 
@@ -984,8 +971,7 @@ public Builder addCertificateAuthorities(
      *
      *
      * 
-     * The list of
-     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+     * The list of [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
      * 

      *
      * 
@@ -1008,8 +994,7 @@ public Builder addCertificateAuthorities(
      *
      *
      * 
-     * The list of
-     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+     * The list of [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
      * 

      *
      * 
@@ -1032,8 +1017,7 @@ public Builder addAllCertificateAuthorities(
      *
      *
      * 
-     * The list of
-     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+     * The list of [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
      * 

      *
      * 
@@ -1054,8 +1038,7 @@ public Builder clearCertificateAuthorities() {
      *
      *
      * 
-     * The list of
-     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+     * The list of [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
      * 

      *
      * 
@@ -1076,8 +1059,7 @@ public Builder removeCertificateAuthorities(int index) {
      *
      *
      * 
-     * The list of
-     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+     * The list of [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
      * 

      *
      * 
@@ -1092,8 +1074,7 @@ public Builder removeCertificateAuthorities(int index) {
      *
      *
      * 
-     * The list of
-     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+     * The list of [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
      * 

      *
      * 
@@ -1112,8 +1093,7 @@ public Builder removeCertificateAuthorities(int index) {
      *
      *
      * 
-     * The list of
-     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+     * The list of [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
      * 

      *
      * 
@@ -1133,8 +1113,7 @@ public Builder removeCertificateAuthorities(int index) {
      *
      *
      * 
-     * The list of
-     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+     * The list of [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
      * 

      *
      * 
@@ -1151,8 +1130,7 @@ public Builder removeCertificateAuthorities(int index) {
      *
      *
      * 
-     * The list of
-     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+     * The list of [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
      * 

      *
      * 
@@ -1170,8 +1148,7 @@ public Builder removeCertificateAuthorities(int index) {
      *
      *
      * 
-     * The list of
-     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+     * The list of [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
      * 

      *
      * 
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateAuthoritiesResponseOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateAuthoritiesResponseOrBuilder.java
index 95f52c9c..7250603c 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateAuthoritiesResponseOrBuilder.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateAuthoritiesResponseOrBuilder.java
@@ -27,8 +27,7 @@ public interface ListCertificateAuthoritiesResponseOrBuilder
    *
    *
    * 
-   * The list of
-   * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+   * The list of [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
    * 

    *
    * 
@@ -41,8 +40,7 @@ public interface ListCertificateAuthoritiesResponseOrBuilder
    *
    *
    * 
-   * The list of
-   * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+   * The list of [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
    * 

    *
    * 
@@ -54,8 +52,7 @@ public interface ListCertificateAuthoritiesResponseOrBuilder
    *
    *
    * 
-   * The list of
-   * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+   * The list of [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
    * 

    *
    * 
@@ -67,8 +64,7 @@ public interface ListCertificateAuthoritiesResponseOrBuilder
    *
    *
    * 
-   * The list of
-   * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+   * The list of [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
    * 

    *
    * 
@@ -81,8 +77,7 @@ public interface ListCertificateAuthoritiesResponseOrBuilder
    *
    *
    * 
-   * The list of
-   * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+   * The list of [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
    * 

    *
    * 
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateRevocationListsRequest.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateRevocationListsRequest.java
index 50ea72ce..4ebe5fd9 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateRevocationListsRequest.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateRevocationListsRequest.java
@@ -151,8 +151,8 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
    *
    * 
    * Required. The resource name of the location associated with the
-   * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList],
-   * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+   * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList], in the format
+   * `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
    * 

    *
    * 
@@ -178,8 +178,8 @@ public java.lang.String getParent() {
    *
    * 
    * Required. The resource name of the location associated with the
-   * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList],
-   * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+   * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList], in the format
+   * `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
    * 

    *
    * 
@@ -208,13 +208,11 @@ public com.google.protobuf.ByteString getParentBytes() {
    *
    * 
    * Optional. Limit on the number of
-   * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList]
-   * to include in the response. Further
-   * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList]
+   * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList] to include in the
+   * response. Further [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList]
    * can subsequently be obtained by including the
-   * [ListCertificateRevocationListsResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse.next_page_token]
-   * in a subsequent request. If unspecified, the server will pick an
-   * appropriate default.
+   * [ListCertificateRevocationListsResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse.next_page_token] in a subsequent
+   * request. If unspecified, the server will pick an appropriate default.
    * 

    *
    * int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];
@@ -783,8 +781,8 @@ public Builder mergeFrom(
      *
      * 
      * Required. The resource name of the location associated with the
-     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList],
-     * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList], in the format
+     * `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
      * 

      *
      * 
@@ -809,8 +807,8 @@ public java.lang.String getParent() {
      *
      * 
      * Required. The resource name of the location associated with the
-     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList],
-     * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList], in the format
+     * `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
      * 

      *
      * 
@@ -835,8 +833,8 @@ public com.google.protobuf.ByteString getParentBytes() {
      *
      * 
      * Required. The resource name of the location associated with the
-     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList],
-     * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList], in the format
+     * `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
      * 

      *
      * 
@@ -860,8 +858,8 @@ public Builder setParent(java.lang.String value) {
      *
      * 
      * Required. The resource name of the location associated with the
-     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList],
-     * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList], in the format
+     * `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
      * 

      *
      * 
@@ -881,8 +879,8 @@ public Builder clearParent() {
      *
      * 
      * Required. The resource name of the location associated with the
-     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList],
-     * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList], in the format
+     * `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
      * 

      *
      * 
@@ -909,13 +907,11 @@ public Builder setParentBytes(com.google.protobuf.ByteString value) {
      *
      * 
      * Optional. Limit on the number of
-     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList]
-     * to include in the response. Further
-     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList]
+     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList] to include in the
+     * response. Further [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList]
      * can subsequently be obtained by including the
-     * [ListCertificateRevocationListsResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse.next_page_token]
-     * in a subsequent request. If unspecified, the server will pick an
-     * appropriate default.
+     * [ListCertificateRevocationListsResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse.next_page_token] in a subsequent
+     * request. If unspecified, the server will pick an appropriate default.
      * 

      *
      * int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];
@@ -931,13 +927,11 @@ public int getPageSize() {
      *
      * 
      * Optional. Limit on the number of
-     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList]
-     * to include in the response. Further
-     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList]
+     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList] to include in the
+     * response. Further [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList]
      * can subsequently be obtained by including the
-     * [ListCertificateRevocationListsResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse.next_page_token]
-     * in a subsequent request. If unspecified, the server will pick an
-     * appropriate default.
+     * [ListCertificateRevocationListsResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse.next_page_token] in a subsequent
+     * request. If unspecified, the server will pick an appropriate default.
      * 

      *
      * int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];
@@ -956,13 +950,11 @@ public Builder setPageSize(int value) {
      *
      * 
      * Optional. Limit on the number of
-     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList]
-     * to include in the response. Further
-     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList]
+     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList] to include in the
+     * response. Further [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList]
      * can subsequently be obtained by including the
-     * [ListCertificateRevocationListsResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse.next_page_token]
-     * in a subsequent request. If unspecified, the server will pick an
-     * appropriate default.
+     * [ListCertificateRevocationListsResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse.next_page_token] in a subsequent
+     * request. If unspecified, the server will pick an appropriate default.
      * 

      *
      * int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateRevocationListsRequestOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateRevocationListsRequestOrBuilder.java
index 826ab4e3..a841291f 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateRevocationListsRequestOrBuilder.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateRevocationListsRequestOrBuilder.java
@@ -28,8 +28,8 @@ public interface ListCertificateRevocationListsRequestOrBuilder
    *
    * 
    * Required. The resource name of the location associated with the
-   * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList],
-   * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+   * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList], in the format
+   * `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
    * 

    *
    * 
@@ -44,8 +44,8 @@ public interface ListCertificateRevocationListsRequestOrBuilder
    *
    * 
    * Required. The resource name of the location associated with the
-   * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList],
-   * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+   * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList], in the format
+   * `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
    * 

    *
    * 
@@ -61,13 +61,11 @@ public interface ListCertificateRevocationListsRequestOrBuilder
    *
    * 
    * Optional. Limit on the number of
-   * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList]
-   * to include in the response. Further
-   * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList]
+   * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList] to include in the
+   * response. Further [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList]
    * can subsequently be obtained by including the
-   * [ListCertificateRevocationListsResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse.next_page_token]
-   * in a subsequent request. If unspecified, the server will pick an
-   * appropriate default.
+   * [ListCertificateRevocationListsResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse.next_page_token] in a subsequent
+   * request. If unspecified, the server will pick an appropriate default.
    * 

    *
    * int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateRevocationListsResponse.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateRevocationListsResponse.java
index 8db54fe8..918cb738 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateRevocationListsResponse.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateRevocationListsResponse.java
@@ -156,8 +156,7 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
    *
    *
    * 
-   * The list of
-   * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+   * The list of [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
    * 

    *
    * 
@@ -173,8 +172,7 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
    *
    *
    * 
-   * The list of
-   * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+   * The list of [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
    * 

    *
    * 
@@ -191,8 +189,7 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
    *
    *
    * 
-   * The list of
-   * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+   * The list of [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
    * 

    *
    * 
@@ -207,8 +204,7 @@ public int getCertificateRevocationListsCount() {
    *
    *
    * 
-   * The list of
-   * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+   * The list of [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
    * 

    *
    * 
@@ -224,8 +220,7 @@ public int getCertificateRevocationListsCount() {
    *
    *
    * 
-   * The list of
-   * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+   * The list of [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
    * 

    *
    * 
@@ -810,8 +805,7 @@ private void ensureCertificateRevocationListsIsMutable() {
      *
      *
      * 
-     * The list of
-     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * The list of [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
      * 

      *
      * 
@@ -830,8 +824,7 @@ private void ensureCertificateRevocationListsIsMutable() {
      *
      *
      * 
-     * The list of
-     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * The list of [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
      * 

      *
      * 
@@ -849,8 +842,7 @@ public int getCertificateRevocationListsCount() {
      *
      *
      * 
-     * The list of
-     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * The list of [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
      * 

      *
      * 
@@ -869,8 +861,7 @@ public int getCertificateRevocationListsCount() {
      *
      *
      * 
-     * The list of
-     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * The list of [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
      * 

      *
      * 
@@ -895,8 +886,7 @@ public Builder setCertificateRevocationLists(
      *
      *
      * 
-     * The list of
-     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * The list of [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
      * 

      *
      * 
@@ -919,8 +909,7 @@ public Builder setCertificateRevocationLists(
      *
      *
      * 
-     * The list of
-     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * The list of [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
      * 

      *
      * 
@@ -945,8 +934,7 @@ public Builder addCertificateRevocationLists(
      *
      *
      * 
-     * The list of
-     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * The list of [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
      * 

      *
      * 
@@ -971,8 +959,7 @@ public Builder addCertificateRevocationLists(
      *
      *
      * 
-     * The list of
-     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * The list of [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
      * 

      *
      * 
@@ -994,8 +981,7 @@ public Builder addCertificateRevocationLists(
      *
      *
      * 
-     * The list of
-     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * The list of [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
      * 

      *
      * 
@@ -1018,8 +1004,7 @@ public Builder addCertificateRevocationLists(
      *
      *
      * 
-     * The list of
-     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * The list of [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
      * 

      *
      * 
@@ -1043,8 +1028,7 @@ public Builder addAllCertificateRevocationLists(
      *
      *
      * 
-     * The list of
-     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * The list of [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
      * 

      *
      * 
@@ -1065,8 +1049,7 @@ public Builder clearCertificateRevocationLists() {
      *
      *
      * 
-     * The list of
-     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * The list of [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
      * 

      *
      * 
@@ -1087,8 +1070,7 @@ public Builder removeCertificateRevocationLists(int index) {
      *
      *
      * 
-     * The list of
-     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * The list of [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
      * 

      *
      * 
@@ -1103,8 +1085,7 @@ public Builder removeCertificateRevocationLists(int index) {
      *
      *
      * 
-     * The list of
-     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * The list of [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
      * 

      *
      * 
@@ -1123,8 +1104,7 @@ public Builder removeCertificateRevocationLists(int index) {
      *
      *
      * 
-     * The list of
-     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * The list of [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
      * 

      *
      * 
@@ -1144,8 +1124,7 @@ public Builder removeCertificateRevocationLists(int index) {
      *
      *
      * 
-     * The list of
-     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * The list of [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
      * 

      *
      * 
@@ -1163,8 +1142,7 @@ public Builder removeCertificateRevocationLists(int index) {
      *
      *
      * 
-     * The list of
-     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * The list of [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
      * 

      *
      * 
@@ -1183,8 +1161,7 @@ public Builder removeCertificateRevocationLists(int index) {
      *
      *
      * 
-     * The list of
-     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * The list of [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
      * 

      *
      * 
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateRevocationListsResponseOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateRevocationListsResponseOrBuilder.java
index 1586ac1c..659f61a7 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateRevocationListsResponseOrBuilder.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateRevocationListsResponseOrBuilder.java
@@ -27,8 +27,7 @@ public interface ListCertificateRevocationListsResponseOrBuilder
    *
    *
    * 
-   * The list of
-   * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+   * The list of [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
    * 

    *
    * 
@@ -41,8 +40,7 @@ public interface ListCertificateRevocationListsResponseOrBuilder
    *
    *
    * 
-   * The list of
-   * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+   * The list of [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
    * 

    *
    * 
@@ -55,8 +53,7 @@ com.google.cloud.security.privateca.v1.CertificateRevocationList getCertificateR
    *
    *
    * 
-   * The list of
-   * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+   * The list of [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
    * 

    *
    * 
@@ -68,8 +65,7 @@ com.google.cloud.security.privateca.v1.CertificateRevocationList getCertificateR
    *
    *
    * 
-   * The list of
-   * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+   * The list of [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
    * 

    *
    * 
@@ -83,8 +79,7 @@ com.google.cloud.security.privateca.v1.CertificateRevocationList getCertificateR
    *
    *
    * 
-   * The list of
-   * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+   * The list of [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
    * 

    *
    * 
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateTemplatesRequest.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateTemplatesRequest.java
index b0eecb9d..d1ffd203 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateTemplatesRequest.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateTemplatesRequest.java
@@ -149,8 +149,8 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
    *
    * 
    * Required. The resource name of the location associated with the
-   * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate],
-   * in the format `projects/*/locations/*`.
+   * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate], in the format
+   * `projects/*/locations/*`.
    * 

    *
    * 
@@ -176,8 +176,8 @@ public java.lang.String getParent() {
    *
    * 
    * Required. The resource name of the location associated with the
-   * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate],
-   * in the format `projects/*/locations/*`.
+   * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate], in the format
+   * `projects/*/locations/*`.
    * 

    *
    * 
@@ -206,13 +206,11 @@ public com.google.protobuf.ByteString getParentBytes() {
    *
    * 
    * Optional. Limit on the number of
-   * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate]
-   * to include in the response. Further
-   * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate]
-   * can subsequently be obtained by including the
-   * [ListCertificateTemplatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateTemplatesResponse.next_page_token]
-   * in a subsequent request. If unspecified, the server will pick an
-   * appropriate default.
+   * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate] to include in the response.
+   * Further [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate] can subsequently be
+   * obtained by including the
+   * [ListCertificateTemplatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateTemplatesResponse.next_page_token] in a subsequent
+   * request. If unspecified, the server will pick an appropriate default.
    * 

    *
    * int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];
@@ -771,8 +769,8 @@ public Builder mergeFrom(
      *
      * 
      * Required. The resource name of the location associated with the
-     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate],
-     * in the format `projects/*/locations/*`.
+     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate], in the format
+     * `projects/*/locations/*`.
      * 

      *
      * 
@@ -797,8 +795,8 @@ public java.lang.String getParent() {
      *
      * 
      * Required. The resource name of the location associated with the
-     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate],
-     * in the format `projects/*/locations/*`.
+     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate], in the format
+     * `projects/*/locations/*`.
      * 

      *
      * 
@@ -823,8 +821,8 @@ public com.google.protobuf.ByteString getParentBytes() {
      *
      * 
      * Required. The resource name of the location associated with the
-     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate],
-     * in the format `projects/*/locations/*`.
+     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate], in the format
+     * `projects/*/locations/*`.
      * 

      *
      * 
@@ -848,8 +846,8 @@ public Builder setParent(java.lang.String value) {
      *
      * 
      * Required. The resource name of the location associated with the
-     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate],
-     * in the format `projects/*/locations/*`.
+     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate], in the format
+     * `projects/*/locations/*`.
      * 

      *
      * 
@@ -869,8 +867,8 @@ public Builder clearParent() {
      *
      * 
      * Required. The resource name of the location associated with the
-     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate],
-     * in the format `projects/*/locations/*`.
+     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate], in the format
+     * `projects/*/locations/*`.
      * 

      *
      * 
@@ -897,13 +895,11 @@ public Builder setParentBytes(com.google.protobuf.ByteString value) {
      *
      * 
      * Optional. Limit on the number of
-     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate]
-     * to include in the response. Further
-     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate]
-     * can subsequently be obtained by including the
-     * [ListCertificateTemplatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateTemplatesResponse.next_page_token]
-     * in a subsequent request. If unspecified, the server will pick an
-     * appropriate default.
+     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate] to include in the response.
+     * Further [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate] can subsequently be
+     * obtained by including the
+     * [ListCertificateTemplatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateTemplatesResponse.next_page_token] in a subsequent
+     * request. If unspecified, the server will pick an appropriate default.
      * 

      *
      * int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];
@@ -919,13 +915,11 @@ public int getPageSize() {
      *
      * 
      * Optional. Limit on the number of
-     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate]
-     * to include in the response. Further
-     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate]
-     * can subsequently be obtained by including the
-     * [ListCertificateTemplatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateTemplatesResponse.next_page_token]
-     * in a subsequent request. If unspecified, the server will pick an
-     * appropriate default.
+     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate] to include in the response.
+     * Further [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate] can subsequently be
+     * obtained by including the
+     * [ListCertificateTemplatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateTemplatesResponse.next_page_token] in a subsequent
+     * request. If unspecified, the server will pick an appropriate default.
      * 

      *
      * int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];
@@ -944,13 +938,11 @@ public Builder setPageSize(int value) {
      *
      * 
      * Optional. Limit on the number of
-     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate]
-     * to include in the response. Further
-     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate]
-     * can subsequently be obtained by including the
-     * [ListCertificateTemplatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateTemplatesResponse.next_page_token]
-     * in a subsequent request. If unspecified, the server will pick an
-     * appropriate default.
+     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate] to include in the response.
+     * Further [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate] can subsequently be
+     * obtained by including the
+     * [ListCertificateTemplatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateTemplatesResponse.next_page_token] in a subsequent
+     * request. If unspecified, the server will pick an appropriate default.
      * 

      *
      * int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateTemplatesRequestOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateTemplatesRequestOrBuilder.java
index 811d893a..f05faf3c 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateTemplatesRequestOrBuilder.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateTemplatesRequestOrBuilder.java
@@ -28,8 +28,8 @@ public interface ListCertificateTemplatesRequestOrBuilder
    *
    * 
    * Required. The resource name of the location associated with the
-   * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate],
-   * in the format `projects/*/locations/*`.
+   * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate], in the format
+   * `projects/*/locations/*`.
    * 

    *
    * 
@@ -44,8 +44,8 @@ public interface ListCertificateTemplatesRequestOrBuilder
    *
    * 
    * Required. The resource name of the location associated with the
-   * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate],
-   * in the format `projects/*/locations/*`.
+   * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate], in the format
+   * `projects/*/locations/*`.
    * 

    *
    * 
@@ -61,13 +61,11 @@ public interface ListCertificateTemplatesRequestOrBuilder
    *
    * 
    * Optional. Limit on the number of
-   * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate]
-   * to include in the response. Further
-   * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate]
-   * can subsequently be obtained by including the
-   * [ListCertificateTemplatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateTemplatesResponse.next_page_token]
-   * in a subsequent request. If unspecified, the server will pick an
-   * appropriate default.
+   * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate] to include in the response.
+   * Further [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate] can subsequently be
+   * obtained by including the
+   * [ListCertificateTemplatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateTemplatesResponse.next_page_token] in a subsequent
+   * request. If unspecified, the server will pick an appropriate default.
    * 

    *
    * int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateTemplatesResponse.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateTemplatesResponse.java
index 15beb449..9e668dce 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateTemplatesResponse.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateTemplatesResponse.java
@@ -153,8 +153,7 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
    *
    *
    * 
-   * The list of
-   * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+   * The list of [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
    * 

    *
    * 
@@ -170,8 +169,7 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
    *
    *
    * 
-   * The list of
-   * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+   * The list of [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
    * 

    *
    * 
@@ -188,8 +186,7 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
    *
    *
    * 
-   * The list of
-   * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+   * The list of [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
    * 

    *
    * 
@@ -204,8 +201,7 @@ public int getCertificateTemplatesCount() {
    *
    *
    * 
-   * The list of
-   * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+   * The list of [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
    * 

    *
    * 
@@ -221,8 +217,7 @@ public com.google.cloud.security.privateca.v1.CertificateTemplate getCertificate
    *
    *
    * 
-   * The list of
-   * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+   * The list of [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
    * 

    *
    * 
@@ -794,8 +789,7 @@ private void ensureCertificateTemplatesIsMutable() {
      *
      *
      * 
-     * The list of
-     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+     * The list of [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
      * 

      *
      * 
@@ -814,8 +808,7 @@ private void ensureCertificateTemplatesIsMutable() {
      *
      *
      * 
-     * The list of
-     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+     * The list of [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
      * 

      *
      * 
@@ -833,8 +826,7 @@ public int getCertificateTemplatesCount() {
      *
      *
      * 
-     * The list of
-     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+     * The list of [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
      * 

      *
      * 
@@ -853,8 +845,7 @@ public com.google.cloud.security.privateca.v1.CertificateTemplate getCertificate
      *
      *
      * 
-     * The list of
-     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+     * The list of [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
      * 

      *
      * 
@@ -879,8 +870,7 @@ public Builder setCertificateTemplates(
      *
      *
      * 
-     * The list of
-     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+     * The list of [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
      * 

      *
      * 
@@ -903,8 +893,7 @@ public Builder setCertificateTemplates(
      *
      *
      * 
-     * The list of
-     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+     * The list of [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
      * 

      *
      * 
@@ -929,8 +918,7 @@ public Builder addCertificateTemplates(
      *
      *
      * 
-     * The list of
-     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+     * The list of [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
      * 

      *
      * 
@@ -955,8 +943,7 @@ public Builder addCertificateTemplates(
      *
      *
      * 
-     * The list of
-     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+     * The list of [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
      * 

      *
      * 
@@ -978,8 +965,7 @@ public Builder addCertificateTemplates(
      *
      *
      * 
-     * The list of
-     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+     * The list of [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
      * 

      *
      * 
@@ -1002,8 +988,7 @@ public Builder addCertificateTemplates(
      *
      *
      * 
-     * The list of
-     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+     * The list of [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
      * 

      *
      * 
@@ -1026,8 +1011,7 @@ public Builder addAllCertificateTemplates(
      *
      *
      * 
-     * The list of
-     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+     * The list of [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
      * 

      *
      * 
@@ -1048,8 +1032,7 @@ public Builder clearCertificateTemplates() {
      *
      *
      * 
-     * The list of
-     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+     * The list of [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
      * 

      *
      * 
@@ -1070,8 +1053,7 @@ public Builder removeCertificateTemplates(int index) {
      *
      *
      * 
-     * The list of
-     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+     * The list of [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
      * 

      *
      * 
@@ -1086,8 +1068,7 @@ public Builder removeCertificateTemplates(int index) {
      *
      *
      * 
-     * The list of
-     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+     * The list of [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
      * 

      *
      * 
@@ -1106,8 +1087,7 @@ public Builder removeCertificateTemplates(int index) {
      *
      *
      * 
-     * The list of
-     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+     * The list of [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
      * 

      *
      * 
@@ -1127,8 +1107,7 @@ public Builder removeCertificateTemplates(int index) {
      *
      *
      * 
-     * The list of
-     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+     * The list of [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
      * 

      *
      * 
@@ -1145,8 +1124,7 @@ public Builder removeCertificateTemplates(int index) {
      *
      *
      * 
-     * The list of
-     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+     * The list of [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
      * 

      *
      * 
@@ -1164,8 +1142,7 @@ public Builder removeCertificateTemplates(int index) {
      *
      *
      * 
-     * The list of
-     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+     * The list of [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
      * 

      *
      * 
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateTemplatesResponseOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateTemplatesResponseOrBuilder.java
index 94f3b057..638295ca 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateTemplatesResponseOrBuilder.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateTemplatesResponseOrBuilder.java
@@ -27,8 +27,7 @@ public interface ListCertificateTemplatesResponseOrBuilder
    *
    *
    * 
-   * The list of
-   * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+   * The list of [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
    * 

    *
    * 
@@ -41,8 +40,7 @@ public interface ListCertificateTemplatesResponseOrBuilder
    *
    *
    * 
-   * The list of
-   * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+   * The list of [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
    * 

    *
    * 
@@ -54,8 +52,7 @@ public interface ListCertificateTemplatesResponseOrBuilder
    *
    *
    * 
-   * The list of
-   * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+   * The list of [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
    * 

    *
    * 
@@ -67,8 +64,7 @@ public interface ListCertificateTemplatesResponseOrBuilder
    *
    *
    * 
-   * The list of
-   * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+   * The list of [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
    * 

    *
    * 
@@ -81,8 +77,7 @@ public interface ListCertificateTemplatesResponseOrBuilder
    *
    *
    * 
-   * The list of
-   * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+   * The list of [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
    * 

    *
    * 
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificatesRequest.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificatesRequest.java
index c67f0410..ab59ec78 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificatesRequest.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificatesRequest.java
@@ -22,8 +22,7 @@
  *
  *
  * 
- * Request message for
- * [CertificateAuthorityService.ListCertificates][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificates].
+ * Request message for [CertificateAuthorityService.ListCertificates][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificates].
  * 

  *
  * Protobuf type {@code google.cloud.security.privateca.v1.ListCertificatesRequest}
@@ -148,8 +147,8 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
    *
    * 
    * Required. The resource name of the location associated with the
-   * [Certificates][google.cloud.security.privateca.v1.Certificate], in the
-   * format `projects/*/locations/*/caPools/*`.
+   * [Certificates][google.cloud.security.privateca.v1.Certificate], in the format
+   * `projects/*/locations/*/caPools/*`.
    * 

    *
    * 
@@ -175,8 +174,8 @@ public java.lang.String getParent() {
    *
    * 
    * Required. The resource name of the location associated with the
-   * [Certificates][google.cloud.security.privateca.v1.Certificate], in the
-   * format `projects/*/locations/*/caPools/*`.
+   * [Certificates][google.cloud.security.privateca.v1.Certificate], in the format
+   * `projects/*/locations/*/caPools/*`.
    * 

    *
    * 
@@ -205,13 +204,11 @@ public com.google.protobuf.ByteString getParentBytes() {
    *
    * 
    * Optional. Limit on the number of
-   * [Certificates][google.cloud.security.privateca.v1.Certificate] to include
-   * in the response. Further
-   * [Certificates][google.cloud.security.privateca.v1.Certificate] can
-   * subsequently be obtained by including the
-   * [ListCertificatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificatesResponse.next_page_token]
-   * in a subsequent request. If unspecified, the server will pick an
-   * appropriate default.
+   * [Certificates][google.cloud.security.privateca.v1.Certificate] to include in the
+   * response. Further [Certificates][google.cloud.security.privateca.v1.Certificate] can subsequently be obtained
+   * by including the
+   * [ListCertificatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificatesResponse.next_page_token] in a subsequent
+   * request. If unspecified, the server will pick an appropriate default.
    * 

    *
    * int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];
@@ -280,8 +277,8 @@ public com.google.protobuf.ByteString getPageTokenBytes() {
    *
    *
    * 
-   * Optional. Only include resources that match the filter in the response. For
-   * details on supported filters and syntax, see [Certificates Filtering
+   * Optional. Only include resources that match the filter in the response. For details
+   * on supported filters and syntax, see [Certificates Filtering
    * documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#filtering_support).
    * 

    *
@@ -305,8 +302,8 @@ public java.lang.String getFilter() {
    *
    *
    * 
-   * Optional. Only include resources that match the filter in the response. For
-   * details on supported filters and syntax, see [Certificates Filtering
+   * Optional. Only include resources that match the filter in the response. For details
+   * on supported filters and syntax, see [Certificates Filtering
    * documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#filtering_support).
    * 

    *
@@ -333,8 +330,8 @@ public com.google.protobuf.ByteString getFilterBytes() {
    *
    *
    * 
-   * Optional. Specify how the results should be sorted. For details on
-   * supported fields and syntax, see [Certificates Sorting
+   * Optional. Specify how the results should be sorted. For details on supported fields
+   * and syntax, see [Certificates Sorting
    * documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#sorting_support).
    * 

    *
@@ -358,8 +355,8 @@ public java.lang.String getOrderBy() {
    *
    *
    * 
-   * Optional. Specify how the results should be sorted. For details on
-   * supported fields and syntax, see [Certificates Sorting
+   * Optional. Specify how the results should be sorted. For details on supported fields
+   * and syntax, see [Certificates Sorting
    * documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#sorting_support).
    * 

    *
@@ -580,8 +577,7 @@ protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.Build
    *
    *
    * 
-   * Request message for
-   * [CertificateAuthorityService.ListCertificates][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificates].
+   * Request message for [CertificateAuthorityService.ListCertificates][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificates].
    * 

    *
    * Protobuf type {@code google.cloud.security.privateca.v1.ListCertificatesRequest}
@@ -772,8 +768,8 @@ public Builder mergeFrom(
      *
      * 
      * Required. The resource name of the location associated with the
-     * [Certificates][google.cloud.security.privateca.v1.Certificate], in the
-     * format `projects/*/locations/*/caPools/*`.
+     * [Certificates][google.cloud.security.privateca.v1.Certificate], in the format
+     * `projects/*/locations/*/caPools/*`.
      * 

      *
      * 
@@ -798,8 +794,8 @@ public java.lang.String getParent() {
      *
      * 
      * Required. The resource name of the location associated with the
-     * [Certificates][google.cloud.security.privateca.v1.Certificate], in the
-     * format `projects/*/locations/*/caPools/*`.
+     * [Certificates][google.cloud.security.privateca.v1.Certificate], in the format
+     * `projects/*/locations/*/caPools/*`.
      * 

      *
      * 
@@ -824,8 +820,8 @@ public com.google.protobuf.ByteString getParentBytes() {
      *
      * 
      * Required. The resource name of the location associated with the
-     * [Certificates][google.cloud.security.privateca.v1.Certificate], in the
-     * format `projects/*/locations/*/caPools/*`.
+     * [Certificates][google.cloud.security.privateca.v1.Certificate], in the format
+     * `projects/*/locations/*/caPools/*`.
      * 

      *
      * 
@@ -849,8 +845,8 @@ public Builder setParent(java.lang.String value) {
      *
      * 
      * Required. The resource name of the location associated with the
-     * [Certificates][google.cloud.security.privateca.v1.Certificate], in the
-     * format `projects/*/locations/*/caPools/*`.
+     * [Certificates][google.cloud.security.privateca.v1.Certificate], in the format
+     * `projects/*/locations/*/caPools/*`.
      * 

      *
      * 
@@ -870,8 +866,8 @@ public Builder clearParent() {
      *
      * 
      * Required. The resource name of the location associated with the
-     * [Certificates][google.cloud.security.privateca.v1.Certificate], in the
-     * format `projects/*/locations/*/caPools/*`.
+     * [Certificates][google.cloud.security.privateca.v1.Certificate], in the format
+     * `projects/*/locations/*/caPools/*`.
      * 

      *
      * 
@@ -898,13 +894,11 @@ public Builder setParentBytes(com.google.protobuf.ByteString value) {
      *
      * 
      * Optional. Limit on the number of
-     * [Certificates][google.cloud.security.privateca.v1.Certificate] to include
-     * in the response. Further
-     * [Certificates][google.cloud.security.privateca.v1.Certificate] can
-     * subsequently be obtained by including the
-     * [ListCertificatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificatesResponse.next_page_token]
-     * in a subsequent request. If unspecified, the server will pick an
-     * appropriate default.
+     * [Certificates][google.cloud.security.privateca.v1.Certificate] to include in the
+     * response. Further [Certificates][google.cloud.security.privateca.v1.Certificate] can subsequently be obtained
+     * by including the
+     * [ListCertificatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificatesResponse.next_page_token] in a subsequent
+     * request. If unspecified, the server will pick an appropriate default.
      * 

      *
      * int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];
@@ -920,13 +914,11 @@ public int getPageSize() {
      *
      * 
      * Optional. Limit on the number of
-     * [Certificates][google.cloud.security.privateca.v1.Certificate] to include
-     * in the response. Further
-     * [Certificates][google.cloud.security.privateca.v1.Certificate] can
-     * subsequently be obtained by including the
-     * [ListCertificatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificatesResponse.next_page_token]
-     * in a subsequent request. If unspecified, the server will pick an
-     * appropriate default.
+     * [Certificates][google.cloud.security.privateca.v1.Certificate] to include in the
+     * response. Further [Certificates][google.cloud.security.privateca.v1.Certificate] can subsequently be obtained
+     * by including the
+     * [ListCertificatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificatesResponse.next_page_token] in a subsequent
+     * request. If unspecified, the server will pick an appropriate default.
      * 

      *
      * int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];
@@ -945,13 +937,11 @@ public Builder setPageSize(int value) {
      *
      * 
      * Optional. Limit on the number of
-     * [Certificates][google.cloud.security.privateca.v1.Certificate] to include
-     * in the response. Further
-     * [Certificates][google.cloud.security.privateca.v1.Certificate] can
-     * subsequently be obtained by including the
-     * [ListCertificatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificatesResponse.next_page_token]
-     * in a subsequent request. If unspecified, the server will pick an
-     * appropriate default.
+     * [Certificates][google.cloud.security.privateca.v1.Certificate] to include in the
+     * response. Further [Certificates][google.cloud.security.privateca.v1.Certificate] can subsequently be obtained
+     * by including the
+     * [ListCertificatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificatesResponse.next_page_token] in a subsequent
+     * request. If unspecified, the server will pick an appropriate default.
      * 

      *
      * int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];
@@ -1081,8 +1071,8 @@ public Builder setPageTokenBytes(com.google.protobuf.ByteString value) {
      *
      *
      * 
-     * Optional. Only include resources that match the filter in the response. For
-     * details on supported filters and syntax, see [Certificates Filtering
+     * Optional. Only include resources that match the filter in the response. For details
+     * on supported filters and syntax, see [Certificates Filtering
      * documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#filtering_support).
      * 

      *
@@ -1105,8 +1095,8 @@ public java.lang.String getFilter() {
      *
      *
      * 
-     * Optional. Only include resources that match the filter in the response. For
-     * details on supported filters and syntax, see [Certificates Filtering
+     * Optional. Only include resources that match the filter in the response. For details
+     * on supported filters and syntax, see [Certificates Filtering
      * documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#filtering_support).
      * 

      *
@@ -1129,8 +1119,8 @@ public com.google.protobuf.ByteString getFilterBytes() {
      *
      *
      * 
-     * Optional. Only include resources that match the filter in the response. For
-     * details on supported filters and syntax, see [Certificates Filtering
+     * Optional. Only include resources that match the filter in the response. For details
+     * on supported filters and syntax, see [Certificates Filtering
      * documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#filtering_support).
      * 

      *
@@ -1152,8 +1142,8 @@ public Builder setFilter(java.lang.String value) {
      *
      *
      * 
-     * Optional. Only include resources that match the filter in the response. For
-     * details on supported filters and syntax, see [Certificates Filtering
+     * Optional. Only include resources that match the filter in the response. For details
+     * on supported filters and syntax, see [Certificates Filtering
      * documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#filtering_support).
      * 

      *
@@ -1171,8 +1161,8 @@ public Builder clearFilter() {
      *
      *
      * 
-     * Optional. Only include resources that match the filter in the response. For
-     * details on supported filters and syntax, see [Certificates Filtering
+     * Optional. Only include resources that match the filter in the response. For details
+     * on supported filters and syntax, see [Certificates Filtering
      * documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#filtering_support).
      * 

      *
@@ -1197,8 +1187,8 @@ public Builder setFilterBytes(com.google.protobuf.ByteString value) {
      *
      *
      * 
-     * Optional. Specify how the results should be sorted. For details on
-     * supported fields and syntax, see [Certificates Sorting
+     * Optional. Specify how the results should be sorted. For details on supported fields
+     * and syntax, see [Certificates Sorting
      * documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#sorting_support).
      * 

      *
@@ -1221,8 +1211,8 @@ public java.lang.String getOrderBy() {
      *
      *
      * 
-     * Optional. Specify how the results should be sorted. For details on
-     * supported fields and syntax, see [Certificates Sorting
+     * Optional. Specify how the results should be sorted. For details on supported fields
+     * and syntax, see [Certificates Sorting
      * documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#sorting_support).
      * 

      *
@@ -1245,8 +1235,8 @@ public com.google.protobuf.ByteString getOrderByBytes() {
      *
      *
      * 
-     * Optional. Specify how the results should be sorted. For details on
-     * supported fields and syntax, see [Certificates Sorting
+     * Optional. Specify how the results should be sorted. For details on supported fields
+     * and syntax, see [Certificates Sorting
      * documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#sorting_support).
      * 

      *
@@ -1268,8 +1258,8 @@ public Builder setOrderBy(java.lang.String value) {
      *
      *
      * 
-     * Optional. Specify how the results should be sorted. For details on
-     * supported fields and syntax, see [Certificates Sorting
+     * Optional. Specify how the results should be sorted. For details on supported fields
+     * and syntax, see [Certificates Sorting
      * documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#sorting_support).
      * 

      *
@@ -1287,8 +1277,8 @@ public Builder clearOrderBy() {
      *
      *
      * 
-     * Optional. Specify how the results should be sorted. For details on
-     * supported fields and syntax, see [Certificates Sorting
+     * Optional. Specify how the results should be sorted. For details on supported fields
+     * and syntax, see [Certificates Sorting
      * documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#sorting_support).
      * 

      *
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificatesRequestOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificatesRequestOrBuilder.java
index 2ffe474c..08628f74 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificatesRequestOrBuilder.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificatesRequestOrBuilder.java
@@ -28,8 +28,8 @@ public interface ListCertificatesRequestOrBuilder
    *
    * 
    * Required. The resource name of the location associated with the
-   * [Certificates][google.cloud.security.privateca.v1.Certificate], in the
-   * format `projects/*/locations/*/caPools/*`.
+   * [Certificates][google.cloud.security.privateca.v1.Certificate], in the format
+   * `projects/*/locations/*/caPools/*`.
    * 

    *
    * 
@@ -44,8 +44,8 @@ public interface ListCertificatesRequestOrBuilder
    *
    * 
    * Required. The resource name of the location associated with the
-   * [Certificates][google.cloud.security.privateca.v1.Certificate], in the
-   * format `projects/*/locations/*/caPools/*`.
+   * [Certificates][google.cloud.security.privateca.v1.Certificate], in the format
+   * `projects/*/locations/*/caPools/*`.
    * 

    *
    * 
@@ -61,13 +61,11 @@ public interface ListCertificatesRequestOrBuilder
    *
    * 
    * Optional. Limit on the number of
-   * [Certificates][google.cloud.security.privateca.v1.Certificate] to include
-   * in the response. Further
-   * [Certificates][google.cloud.security.privateca.v1.Certificate] can
-   * subsequently be obtained by including the
-   * [ListCertificatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificatesResponse.next_page_token]
-   * in a subsequent request. If unspecified, the server will pick an
-   * appropriate default.
+   * [Certificates][google.cloud.security.privateca.v1.Certificate] to include in the
+   * response. Further [Certificates][google.cloud.security.privateca.v1.Certificate] can subsequently be obtained
+   * by including the
+   * [ListCertificatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificatesResponse.next_page_token] in a subsequent
+   * request. If unspecified, the server will pick an appropriate default.
    * 

    *
    * int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];
@@ -107,8 +105,8 @@ public interface ListCertificatesRequestOrBuilder
    *
    *
    * 
-   * Optional. Only include resources that match the filter in the response. For
-   * details on supported filters and syntax, see [Certificates Filtering
+   * Optional. Only include resources that match the filter in the response. For details
+   * on supported filters and syntax, see [Certificates Filtering
    * documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#filtering_support).
    * 

    *
@@ -121,8 +119,8 @@ public interface ListCertificatesRequestOrBuilder
    *
    *
    * 
-   * Optional. Only include resources that match the filter in the response. For
-   * details on supported filters and syntax, see [Certificates Filtering
+   * Optional. Only include resources that match the filter in the response. For details
+   * on supported filters and syntax, see [Certificates Filtering
    * documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#filtering_support).
    * 

    *
@@ -136,8 +134,8 @@ public interface ListCertificatesRequestOrBuilder
    *
    *
    * 
-   * Optional. Specify how the results should be sorted. For details on
-   * supported fields and syntax, see [Certificates Sorting
+   * Optional. Specify how the results should be sorted. For details on supported fields
+   * and syntax, see [Certificates Sorting
    * documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#sorting_support).
    * 

    *
@@ -150,8 +148,8 @@ public interface ListCertificatesRequestOrBuilder
    *
    *
    * 
-   * Optional. Specify how the results should be sorted. For details on
-   * supported fields and syntax, see [Certificates Sorting
+   * Optional. Specify how the results should be sorted. For details on supported fields
+   * and syntax, see [Certificates Sorting
    * documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#sorting_support).
    * 

    *
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificatesResponse.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificatesResponse.java
index 44bbb311..41860045 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificatesResponse.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificatesResponse.java
@@ -22,8 +22,7 @@
  *
  *
  * 
- * Response message for
- * [CertificateAuthorityService.ListCertificates][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificates].
+ * Response message for [CertificateAuthorityService.ListCertificates][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificates].
  * 

  *
  * Protobuf type {@code google.cloud.security.privateca.v1.ListCertificatesResponse}
@@ -519,8 +518,7 @@ protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.Build
    *
    *
    * 
-   * Response message for
-   * [CertificateAuthorityService.ListCertificates][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificates].
+   * Response message for [CertificateAuthorityService.ListCertificates][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificates].
    * 

    *
    * Protobuf type {@code google.cloud.security.privateca.v1.ListCertificatesResponse}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/OperationMetadata.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/OperationMetadata.java
index 5488788b..7e85048f 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/OperationMetadata.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/OperationMetadata.java
@@ -423,9 +423,8 @@ public com.google.protobuf.ByteString getStatusMessageBytes() {
    * 
    * Output only. Identifies whether the user has requested cancellation
    * of the operation. Operations that have successfully been cancelled
-   * have [Operation.error][] value with a
-   * [google.rpc.Status.code][google.rpc.Status.code] of 1, corresponding to
-   * `Code.CANCELLED`.
+   * have [Operation.error][] value with a [google.rpc.Status.code][google.rpc.Status.code] of 1,
+   * corresponding to `Code.CANCELLED`.
    * 

    *
    * bool requested_cancellation = 6 [(.google.api.field_behavior) = OUTPUT_ONLY];
@@ -1638,9 +1637,8 @@ public Builder setStatusMessageBytes(com.google.protobuf.ByteString value) {
      * 
      * Output only. Identifies whether the user has requested cancellation
      * of the operation. Operations that have successfully been cancelled
-     * have [Operation.error][] value with a
-     * [google.rpc.Status.code][google.rpc.Status.code] of 1, corresponding to
-     * `Code.CANCELLED`.
+     * have [Operation.error][] value with a [google.rpc.Status.code][google.rpc.Status.code] of 1,
+     * corresponding to `Code.CANCELLED`.
      * 

      *
      * bool requested_cancellation = 6 [(.google.api.field_behavior) = OUTPUT_ONLY];
@@ -1657,9 +1655,8 @@ public boolean getRequestedCancellation() {
      * 
      * Output only. Identifies whether the user has requested cancellation
      * of the operation. Operations that have successfully been cancelled
-     * have [Operation.error][] value with a
-     * [google.rpc.Status.code][google.rpc.Status.code] of 1, corresponding to
-     * `Code.CANCELLED`.
+     * have [Operation.error][] value with a [google.rpc.Status.code][google.rpc.Status.code] of 1,
+     * corresponding to `Code.CANCELLED`.
      * 

      *
      * bool requested_cancellation = 6 [(.google.api.field_behavior) = OUTPUT_ONLY];
@@ -1679,9 +1676,8 @@ public Builder setRequestedCancellation(boolean value) {
      * 
      * Output only. Identifies whether the user has requested cancellation
      * of the operation. Operations that have successfully been cancelled
-     * have [Operation.error][] value with a
-     * [google.rpc.Status.code][google.rpc.Status.code] of 1, corresponding to
-     * `Code.CANCELLED`.
+     * have [Operation.error][] value with a [google.rpc.Status.code][google.rpc.Status.code] of 1,
+     * corresponding to `Code.CANCELLED`.
      * 

      *
      * bool requested_cancellation = 6 [(.google.api.field_behavior) = OUTPUT_ONLY];
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/OperationMetadataOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/OperationMetadataOrBuilder.java
index 4b1c70e4..ea977b3c 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/OperationMetadataOrBuilder.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/OperationMetadataOrBuilder.java
@@ -180,9 +180,8 @@ public interface OperationMetadataOrBuilder
    * 
    * Output only. Identifies whether the user has requested cancellation
    * of the operation. Operations that have successfully been cancelled
-   * have [Operation.error][] value with a
-   * [google.rpc.Status.code][google.rpc.Status.code] of 1, corresponding to
-   * `Code.CANCELLED`.
+   * have [Operation.error][] value with a [google.rpc.Status.code][google.rpc.Status.code] of 1,
+   * corresponding to `Code.CANCELLED`.
    * 

    *
    * bool requested_cancellation = 6 [(.google.api.field_behavior) = OUTPUT_ONLY];
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/PrivateCaResourcesProto.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/PrivateCaResourcesProto.java
index 7d6244b2..b9afba38 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/PrivateCaResourcesProto.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/PrivateCaResourcesProto.java
@@ -63,6 +63,10 @@ public static void registerAllExtensions(com.google.protobuf.ExtensionRegistry r
       internal_static_google_cloud_security_privateca_v1_CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType_descriptor;
   static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
       internal_static_google_cloud_security_privateca_v1_CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_fieldAccessorTable;
   static final com.google.protobuf.Descriptors.Descriptor
       internal_static_google_cloud_security_privateca_v1_CaPool_IssuancePolicy_IssuanceModes_descriptor;
   static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
@@ -249,7 +253,7 @@ public static com.google.protobuf.Descriptors.FileDescriptor getDescriptor() {
           + "ca.googleapis.com/CertificateAuthority\022h"
           + "projects/{project}/locations/{location}/"
           + "caPools/{ca_pool}/certificateAuthorities"
-          + "/{certificate_authority}\"\302\r\n\006CaPool\022\021\n\004n"
+          + "/{certificate_authority}\"\360\016\n\006CaPool\022\021\n\004n"
           + "ame\030\001 \001(\tB\003\340A\003\022E\n\004tier\030\002 \001(\0162/.google.cl"
           + "oud.security.privateca.v1.CaPool.TierB\006\340"
           + "A\002\340A\005\022W\n\017issuance_policy\030\003 \001(\01329.google."
@@ -260,7 +264,7 @@ public static com.google.protobuf.Descriptors.FileDescriptor getDescriptor() {
           + "\005 \003(\01326.google.cloud.security.privateca."
           + "v1.CaPool.LabelsEntryB\003\340A\001\032K\n\021Publishing"
           + "Options\022\034\n\017publish_ca_cert\030\001 \001(\010B\003\340A\002\022\030\n"
-          + "\013publish_crl\030\002 \001(\010B\003\340A\002\032\301\010\n\016IssuancePoli"
+          + "\013publish_crl\030\002 \001(\010B\003\340A\002\032\357\t\n\016IssuancePoli"
           + "cy\022h\n\021allowed_key_types\030\001 \003(\0132H.google.c"
           + "loud.security.privateca.v1.CaPool.Issuan"
           + "cePolicy.AllowedKeyTypeB\003\340A\001\0228\n\020maximum_"
@@ -275,226 +279,230 @@ public static com.google.protobuf.Descriptors.FileDescriptor getDescriptor() {
           + "ntityConstraintsB\003\340A\001\022h\n\026passthrough_ext"
           + "ensions\030\006 \001(\0132C.google.cloud.security.pr"
           + "ivateca.v1.CertificateExtensionConstrain"
-          + "tsB\003\340A\001\032\227\003\n\016AllowedKeyType\022b\n\003rsa\030\001 \001(\0132"
+          + "tsB\003\340A\001\032\305\004\n\016AllowedKeyType\022b\n\003rsa\030\001 \001(\0132"
           + "S.google.cloud.security.privateca.v1.CaP"
           + "ool.IssuancePolicy.AllowedKeyType.RsaKey"
-          + "TypeH\000\022m\n\016elliptic_curve\030\002 \001(\0162S.google."
+          + "TypeH\000\022l\n\016elliptic_curve\030\002 \001(\0132R.google."
           + "cloud.security.privateca.v1.CaPool.Issua"
-          + "ncePolicy.AllowedKeyType.NamedCurveH\000\032J\n"
-          + "\nRsaKeyType\022\035\n\020min_modulus_size\030\001 \001(\003B\003\340"
-          + "A\001\022\035\n\020max_modulus_size\030\002 \001(\003B\003\340A\001\"Z\n\nNam"
-          + "edCurve\022\033\n\027NAMED_CURVE_UNSPECIFIED\020\000\022\016\n\n"
-          + "ECDSA_P256\020\002\022\016\n\nECDSA_P384\020\003\022\017\n\013EDDSA_25"
-          + "519\020\004B\n\n\010key_type\032`\n\rIssuanceModes\022%\n\030al"
-          + "low_csr_based_issuance\030\001 \001(\010B\003\340A\002\022(\n\033all"
-          + "ow_config_based_issuance\030\002 \001(\010B\003\340A\002\032-\n\013L"
-          + "abelsEntry\022\013\n\003key\030\001 \001(\t\022\r\n\005value\030\002 \001(\t:\002"
-          + "8\001\"8\n\004Tier\022\024\n\020TIER_UNSPECIFIED\020\000\022\016\n\nENTE"
-          + "RPRISE\020\001\022\n\n\006DEVOPS\020\002:_\352A\\\n\037privateca.goo"
-          + "gleapis.com/CaPool\0229projects/{project}/l"
-          + "ocations/{location}/caPools/{ca_pool}\"\274\010"
-          + "\n\031CertificateRevocationList\022\021\n\004name\030\001 \001("
-          + "\tB\003\340A\003\022\034\n\017sequence_number\030\002 \001(\003B\003\340A\003\022s\n\024"
-          + "revoked_certificates\030\003 \003(\0132P.google.clou"
-          + "d.security.privateca.v1.CertificateRevoc"
-          + "ationList.RevokedCertificateB\003\340A\003\022\024\n\007pem"
-          + "_crl\030\004 \001(\tB\003\340A\003\022\027\n\naccess_url\030\005 \001(\tB\003\340A\003"
-          + "\022W\n\005state\030\006 \001(\0162C.google.cloud.security."
-          + "privateca.v1.CertificateRevocationList.S"
-          + "tateB\003\340A\003\0224\n\013create_time\030\007 \001(\0132\032.google."
-          + "protobuf.TimestampB\003\340A\003\0224\n\013update_time\030\010"
-          + " \001(\0132\032.google.protobuf.TimestampB\003\340A\003\022\030\n"
-          + "\013revision_id\030\t \001(\tB\003\340A\003\022^\n\006labels\030\n \003(\0132"
-          + "I.google.cloud.security.privateca.v1.Cer"
-          + "tificateRevocationList.LabelsEntryB\003\340A\001\032"
-          + "\300\001\n\022RevokedCertificate\022>\n\013certificate\030\001 "
-          + "\001(\tB)\372A&\n$privateca.googleapis.com/Certi"
-          + "ficate\022\031\n\021hex_serial_number\030\002 \001(\t\022O\n\021rev"
-          + "ocation_reason\030\003 \001(\01624.google.cloud.secu"
-          + "rity.privateca.v1.RevocationReason\032-\n\013La"
-          + "belsEntry\022\013\n\003key\030\001 \001(\t\022\r\n\005value\030\002 \001(\t:\0028"
-          + "\001\":\n\005State\022\025\n\021STATE_UNSPECIFIED\020\000\022\n\n\006ACT"
-          + "IVE\020\001\022\016\n\nSUPERSEDED\020\002:\334\001\352A\330\001\n2privateca."
-          + "googleapis.com/CertificateRevocationList"
-          + "\022\241\001projects/{project}/locations/{locatio"
-          + "n}/caPools/{ca_pool}/certificateAuthorit"
-          + "ies/{certificate_authority}/certificateR"
-          + "evocationLists/{certificate_revocation_l"
-          + "ist}\"\217\n\n\013Certificate\022:\n\004name\030\001 \001(\tB,\340A\003\372"
-          + "A&\n$privateca.googleapis.com/Certificate"
-          + "\022\026\n\007pem_csr\030\002 \001(\tB\003\340A\005H\000\022L\n\006config\030\003 \001(\013"
-          + "25.google.cloud.security.privateca.v1.Ce"
-          + "rtificateConfigB\003\340A\005H\000\022[\n\034issuer_certifi"
-          + "cate_authority\030\004 \001(\tB5\340A\003\372A/\n-privateca."
-          + "googleapis.com/CertificateAuthority\0223\n\010l"
-          + "ifetime\030\005 \001(\0132\031.google.protobuf.Duration"
-          + "B\006\340A\002\340A\005\022R\n\024certificate_template\030\006 \001(\tB4"
-          + "\340A\005\372A.\n,privateca.googleapis.com/Certifi"
-          + "cateTemplate\022Q\n\014subject_mode\030\007 \001(\01626.goo"
-          + "gle.cloud.security.privateca.v1.SubjectR"
-          + "equestModeB\003\340A\005\022b\n\022revocation_details\030\010 "
-          + "\001(\0132A.google.cloud.security.privateca.v1"
-          + ".Certificate.RevocationDetailsB\003\340A\003\022\034\n\017p"
-          + "em_certificate\030\t \001(\tB\003\340A\003\022`\n\027certificate"
-          + "_description\030\n \001(\0132:.google.cloud.securi"
-          + "ty.privateca.v1.CertificateDescriptionB\003"
-          + "\340A\003\022\"\n\025pem_certificate_chain\030\013 \003(\tB\003\340A\003\022"
-          + "4\n\013create_time\030\014 \001(\0132\032.google.protobuf.T"
-          + "imestampB\003\340A\003\0224\n\013update_time\030\r \001(\0132\032.goo"
-          + "gle.protobuf.TimestampB\003\340A\003\022P\n\006labels\030\016 "
-          + "\003(\0132;.google.cloud.security.privateca.v1"
-          + ".Certificate.LabelsEntryB\003\340A\001\032\230\001\n\021Revoca"
-          + "tionDetails\022N\n\020revocation_state\030\001 \001(\01624."
-          + "google.cloud.security.privateca.v1.Revoc"
-          + "ationReason\0223\n\017revocation_time\030\002 \001(\0132\032.g"
-          + "oogle.protobuf.Timestamp\032-\n\013LabelsEntry\022"
-          + "\013\n\003key\030\001 \001(\t\022\r\n\005value\030\002 \001(\t:\0028\001:\177\352A|\n$pr"
-          + "ivateca.googleapis.com/Certificate\022Tproj"
-          + "ects/{project}/locations/{location}/caPo"
-          + "ols/{ca_pool}/certificates/{certificate}"
-          + "B\024\n\022certificate_config\"\227\006\n\023CertificateTe"
-          + "mplate\022B\n\004name\030\001 \001(\tB4\340A\003\372A.\n,privateca."
-          + "googleapis.com/CertificateTemplate\022R\n\021pr"
-          + "edefined_values\030\002 \001(\01322.google.cloud.sec"
-          + "urity.privateca.v1.X509ParametersB\003\340A\001\022e"
-          + "\n\024identity_constraints\030\003 \001(\0132B.google.cl"
-          + "oud.security.privateca.v1.CertificateIde"
-          + "ntityConstraintsB\003\340A\001\022h\n\026passthrough_ext"
-          + "ensions\030\004 \001(\0132C.google.cloud.security.pr"
-          + "ivateca.v1.CertificateExtensionConstrain"
-          + "tsB\003\340A\001\022\030\n\013description\030\005 \001(\tB\003\340A\001\0224\n\013cre"
-          + "ate_time\030\006 \001(\0132\032.google.protobuf.Timesta"
-          + "mpB\003\340A\003\0224\n\013update_time\030\007 \001(\0132\032.google.pr"
-          + "otobuf.TimestampB\003\340A\003\022X\n\006labels\030\010 \003(\0132C."
-          + "google.cloud.security.privateca.v1.Certi"
-          + "ficateTemplate.LabelsEntryB\003\340A\001\032-\n\013Label"
-          + "sEntry\022\013\n\003key\030\001 \001(\t\022\r\n\005value\030\002 \001(\t:\0028\001:\207"
-          + "\001\352A\203\001\n,privateca.googleapis.com/Certific"
-          + "ateTemplate\022Sprojects/{project}/location"
-          + "s/{location}/certificateTemplates/{certi"
-          + "ficate_template}\"\337\003\n\016X509Parameters\022D\n\tk"
-          + "ey_usage\030\001 \001(\0132,.google.cloud.security.p"
-          + "rivateca.v1.KeyUsageB\003\340A\001\022U\n\nca_options\030"
-          + "\002 \001(\0132<.google.cloud.security.privateca."
-          + "v1.X509Parameters.CaOptionsB\003\340A\001\022E\n\npoli"
-          + "cy_ids\030\003 \003(\0132,.google.cloud.security.pri"
-          + "vateca.v1.ObjectIdB\003\340A\001\022\035\n\020aia_ocsp_serv"
-          + "ers\030\004 \003(\tB\003\340A\001\022U\n\025additional_extensions\030"
-          + "\005 \003(\01321.google.cloud.security.privateca."
-          + "v1.X509ExtensionB\003\340A\001\032s\n\tCaOptions\022\027\n\005is"
-          + "_ca\030\001 \001(\010B\003\340A\001H\000\210\001\001\022(\n\026max_issuer_path_l"
-          + "ength\030\002 \001(\005B\003\340A\001H\001\210\001\001B\010\n\006_is_caB\031\n\027_max_"
-          + "issuer_path_length\"\251\002\n\021SubordinateConfig"
-          + "\022V\n\025certificate_authority\030\001 \001(\tB5\340A\002\372A/\n"
-          + "-privateca.googleapis.com/CertificateAut"
-          + "horityH\000\022m\n\020pem_issuer_chain\030\002 \001(\0132L.goo"
-          + "gle.cloud.security.privateca.v1.Subordin"
-          + "ateConfig.SubordinateConfigChainB\003\340A\002H\000\032"
-          + "7\n\026SubordinateConfigChain\022\035\n\020pem_certifi"
-          + "cates\030\001 \003(\tB\003\340A\002B\024\n\022subordinate_config\"\235"
-          + "\001\n\tPublicKey\022\020\n\003key\030\001 \001(\014B\003\340A\002\022L\n\006format"
-          + "\030\002 \001(\01627.google.cloud.security.privateca"
-          + ".v1.PublicKey.KeyFormatB\003\340A\002\"0\n\tKeyForma"
-          + "t\022\032\n\026KEY_FORMAT_UNSPECIFIED\020\000\022\007\n\003PEM\020\001\"\264"
-          + "\003\n\021CertificateConfig\022`\n\016subject_config\030\001"
-          + " \001(\0132C.google.cloud.security.privateca.v"
-          + "1.CertificateConfig.SubjectConfigB\003\340A\002\022L"
-          + "\n\013x509_config\030\002 \001(\01322.google.cloud.secur"
-          + "ity.privateca.v1.X509ParametersB\003\340A\002\022F\n\n"
-          + "public_key\030\003 \001(\0132-.google.cloud.security"
-          + ".privateca.v1.PublicKeyB\003\340A\001\032\246\001\n\rSubject"
-          + "Config\022A\n\007subject\030\001 \001(\0132+.google.cloud.s"
-          + "ecurity.privateca.v1.SubjectB\003\340A\002\022R\n\020sub"
-          + "ject_alt_name\030\002 \001(\01323.google.cloud.secur"
-          + "ity.privateca.v1.SubjectAltNamesB\003\340A\001\"\241\010"
-          + "\n\026CertificateDescription\022j\n\023subject_desc"
-          + "ription\030\001 \001(\0132M.google.cloud.security.pr"
-          + "ivateca.v1.CertificateDescription.Subjec"
-          + "tDescription\022L\n\020x509_description\030\002 \001(\01322"
-          + ".google.cloud.security.privateca.v1.X509"
-          + "Parameters\022A\n\npublic_key\030\003 \001(\0132-.google."
-          + "cloud.security.privateca.v1.PublicKey\022X\n"
-          + "\016subject_key_id\030\004 \001(\0132@.google.cloud.sec"
-          + "urity.privateca.v1.CertificateDescriptio"
-          + "n.KeyId\022Z\n\020authority_key_id\030\005 \001(\0132@.goog"
-          + "le.cloud.security.privateca.v1.Certifica"
-          + "teDescription.KeyId\022\037\n\027crl_distribution_"
-          + "points\030\006 \003(\t\022$\n\034aia_issuing_certificate_"
-          + "urls\030\007 \003(\t\022k\n\020cert_fingerprint\030\010 \001(\0132Q.g"
-          + "oogle.cloud.security.privateca.v1.Certif"
-          + "icateDescription.CertificateFingerprint\032"
-          + "\322\002\n\022SubjectDescription\022<\n\007subject\030\001 \001(\0132"
-          + "+.google.cloud.security.privateca.v1.Sub"
-          + "ject\022M\n\020subject_alt_name\030\002 \001(\01323.google."
-          + "cloud.security.privateca.v1.SubjectAltNa"
-          + "mes\022\031\n\021hex_serial_number\030\003 \001(\t\022+\n\010lifeti"
-          + "me\030\004 \001(\0132\031.google.protobuf.Duration\0223\n\017n"
-          + "ot_before_time\030\005 \001(\0132\032.google.protobuf.T"
-          + "imestamp\0222\n\016not_after_time\030\006 \001(\0132\032.googl"
-          + "e.protobuf.Timestamp\032\034\n\005KeyId\022\023\n\006key_id\030"
-          + "\001 \001(\tB\003\340A\001\032-\n\026CertificateFingerprint\022\023\n\013"
-          + "sha256_hash\030\001 \001(\t\"\'\n\010ObjectId\022\033\n\016object_"
-          + "id_path\030\001 \003(\005B\003\340A\002\"\200\001\n\rX509Extension\022D\n\t"
-          + "object_id\030\001 \001(\0132,.google.cloud.security."
-          + "privateca.v1.ObjectIdB\003\340A\002\022\025\n\010critical\030\002"
-          + " \001(\010B\003\340A\002\022\022\n\005value\030\003 \001(\014B\003\340A\002\"\242\005\n\010KeyUsa"
-          + "ge\022T\n\016base_key_usage\030\001 \001(\0132<.google.clou"
-          + "d.security.privateca.v1.KeyUsage.KeyUsag"
-          + "eOptions\022`\n\022extended_key_usage\030\002 \001(\0132D.g"
-          + "oogle.cloud.security.privateca.v1.KeyUsa"
-          + "ge.ExtendedKeyUsageOptions\022Q\n\033unknown_ex"
-          + "tended_key_usages\030\003 \003(\0132,.google.cloud.s"
-          + "ecurity.privateca.v1.ObjectId\032\347\001\n\017KeyUsa"
-          + "geOptions\022\031\n\021digital_signature\030\001 \001(\010\022\032\n\022"
-          + "content_commitment\030\002 \001(\010\022\030\n\020key_encipher"
-          + "ment\030\003 \001(\010\022\031\n\021data_encipherment\030\004 \001(\010\022\025\n"
-          + "\rkey_agreement\030\005 \001(\010\022\021\n\tcert_sign\030\006 \001(\010\022"
-          + "\020\n\010crl_sign\030\007 \001(\010\022\025\n\rencipher_only\030\010 \001(\010"
-          + "\022\025\n\rdecipher_only\030\t \001(\010\032\240\001\n\027ExtendedKeyU"
-          + "sageOptions\022\023\n\013server_auth\030\001 \001(\010\022\023\n\013clie"
-          + "nt_auth\030\002 \001(\010\022\024\n\014code_signing\030\003 \001(\010\022\030\n\020e"
-          + "mail_protection\030\004 \001(\010\022\025\n\rtime_stamping\030\005"
-          + " \001(\010\022\024\n\014ocsp_signing\030\006 \001(\010\"\270\001\n\007Subject\022\023"
-          + "\n\013common_name\030\001 \001(\t\022\024\n\014country_code\030\002 \001("
-          + "\t\022\024\n\014organization\030\003 \001(\t\022\033\n\023organizationa"
-          + "l_unit\030\004 \001(\t\022\020\n\010locality\030\005 \001(\t\022\020\n\010provin"
-          + "ce\030\006 \001(\t\022\026\n\016street_address\030\007 \001(\t\022\023\n\013post"
-          + "al_code\030\010 \001(\t\"\251\001\n\017SubjectAltNames\022\021\n\tdns"
-          + "_names\030\001 \003(\t\022\014\n\004uris\030\002 \003(\t\022\027\n\017email_addr"
-          + "esses\030\003 \003(\t\022\024\n\014ip_addresses\030\004 \003(\t\022F\n\013cus"
-          + "tom_sans\030\005 \003(\01321.google.cloud.security.p"
-          + "rivateca.v1.X509Extension\"\252\001\n\036Certificat"
-          + "eIdentityConstraints\022.\n\016cel_expression\030\001"
-          + " \001(\0132\021.google.type.ExprB\003\340A\001\022&\n\031allow_su"
-          + "bject_passthrough\030\002 \001(\010B\003\340A\001\0220\n#allow_su"
-          + "bject_alt_names_passthrough\030\003 \001(\010B\003\340A\001\"\236"
-          + "\003\n\037CertificateExtensionConstraints\022|\n\020kn"
-          + "own_extensions\030\001 \003(\0162].google.cloud.secu"
-          + "rity.privateca.v1.CertificateExtensionCo"
-          + "nstraints.KnownCertificateExtensionB\003\340A\001"
-          + "\022P\n\025additional_extensions\030\002 \003(\0132,.google"
-          + ".cloud.security.privateca.v1.ObjectIdB\003\340"
-          + "A\001\"\252\001\n\031KnownCertificateExtension\022+\n\'KNOW"
-          + "N_CERTIFICATE_EXTENSION_UNSPECIFIED\020\000\022\022\n"
-          + "\016BASE_KEY_USAGE\020\001\022\026\n\022EXTENDED_KEY_USAGE\020"
-          + "\002\022\016\n\nCA_OPTIONS\020\003\022\016\n\nPOLICY_IDS\020\004\022\024\n\020AIA"
-          + "_OCSP_SERVERS\020\005*\207\002\n\020RevocationReason\022!\n\035"
-          + "REVOCATION_REASON_UNSPECIFIED\020\000\022\022\n\016KEY_C"
-          + "OMPROMISE\020\001\022$\n CERTIFICATE_AUTHORITY_COM"
-          + "PROMISE\020\002\022\027\n\023AFFILIATION_CHANGED\020\003\022\016\n\nSU"
-          + "PERSEDED\020\004\022\032\n\026CESSATION_OF_OPERATION\020\005\022\024"
-          + "\n\020CERTIFICATE_HOLD\020\006\022\027\n\023PRIVILEGE_WITHDR"
-          + "AWN\020\007\022\"\n\036ATTRIBUTE_AUTHORITY_COMPROMISE\020"
-          + "\010*]\n\022SubjectRequestMode\022$\n SUBJECT_REQUE"
-          + "ST_MODE_UNSPECIFIED\020\000\022\013\n\007DEFAULT\020\001\022\024\n\020RE"
-          + "FLECTED_SPIFFE\020\002B\206\002\n&com.google.cloud.se"
-          + "curity.privateca.v1B\027PrivateCaResourcesP"
-          + "rotoP\001ZKgoogle.golang.org/genproto/googl"
-          + "eapis/cloud/security/privateca/v1;privat"
-          + "eca\370\001\001\252\002\"Google.Cloud.Security.PrivateCA"
-          + ".V1\312\002\"Google\\Cloud\\Security\\PrivateCA\\V1"
-          + "\352\002&Google::Cloud::Security::PrivateCA::V"
-          + "1b\006proto3"
+          + "ncePolicy.AllowedKeyType.EcKeyTypeH\000\032J\n\n"
+          + "RsaKeyType\022\035\n\020min_modulus_size\030\001 \001(\003B\003\340A"
+          + "\001\022\035\n\020max_modulus_size\030\002 \001(\003B\003\340A\001\032\210\002\n\tEcK"
+          + "eyType\022\211\001\n\023signature_algorithm\030\001 \001(\0162g.g"
+          + "oogle.cloud.security.privateca.v1.CaPool"
+          + ".IssuancePolicy.AllowedKeyType.EcKeyType"
+          + ".EcSignatureAlgorithmB\003\340A\001\"o\n\024EcSignatur"
+          + "eAlgorithm\022&\n\"EC_SIGNATURE_ALGORITHM_UNS"
+          + "PECIFIED\020\000\022\016\n\nECDSA_P256\020\001\022\016\n\nECDSA_P384"
+          + "\020\002\022\017\n\013EDDSA_25519\020\003B\n\n\010key_type\032`\n\rIssua"
+          + "nceModes\022%\n\030allow_csr_based_issuance\030\001 \001"
+          + "(\010B\003\340A\002\022(\n\033allow_config_based_issuance\030\002"
+          + " \001(\010B\003\340A\002\032-\n\013LabelsEntry\022\013\n\003key\030\001 \001(\t\022\r\n"
+          + "\005value\030\002 \001(\t:\0028\001\"8\n\004Tier\022\024\n\020TIER_UNSPECI"
+          + "FIED\020\000\022\016\n\nENTERPRISE\020\001\022\n\n\006DEVOPS\020\002:_\352A\\\n"
+          + "\037privateca.googleapis.com/CaPool\0229projec"
+          + "ts/{project}/locations/{location}/caPool"
+          + "s/{ca_pool}\"\274\010\n\031CertificateRevocationLis"
+          + "t\022\021\n\004name\030\001 \001(\tB\003\340A\003\022\034\n\017sequence_number\030"
+          + "\002 \001(\003B\003\340A\003\022s\n\024revoked_certificates\030\003 \003(\013"
+          + "2P.google.cloud.security.privateca.v1.Ce"
+          + "rtificateRevocationList.RevokedCertifica"
+          + "teB\003\340A\003\022\024\n\007pem_crl\030\004 \001(\tB\003\340A\003\022\027\n\naccess_"
+          + "url\030\005 \001(\tB\003\340A\003\022W\n\005state\030\006 \001(\0162C.google.c"
+          + "loud.security.privateca.v1.CertificateRe"
+          + "vocationList.StateB\003\340A\003\0224\n\013create_time\030\007"
+          + " \001(\0132\032.google.protobuf.TimestampB\003\340A\003\0224\n"
+          + "\013update_time\030\010 \001(\0132\032.google.protobuf.Tim"
+          + "estampB\003\340A\003\022\030\n\013revision_id\030\t \001(\tB\003\340A\003\022^\n"
+          + "\006labels\030\n \003(\0132I.google.cloud.security.pr"
+          + "ivateca.v1.CertificateRevocationList.Lab"
+          + "elsEntryB\003\340A\001\032\300\001\n\022RevokedCertificate\022>\n\013"
+          + "certificate\030\001 \001(\tB)\372A&\n$privateca.google"
+          + "apis.com/Certificate\022\031\n\021hex_serial_numbe"
+          + "r\030\002 \001(\t\022O\n\021revocation_reason\030\003 \001(\01624.goo"
+          + "gle.cloud.security.privateca.v1.Revocati"
+          + "onReason\032-\n\013LabelsEntry\022\013\n\003key\030\001 \001(\t\022\r\n\005"
+          + "value\030\002 \001(\t:\0028\001\":\n\005State\022\025\n\021STATE_UNSPEC"
+          + "IFIED\020\000\022\n\n\006ACTIVE\020\001\022\016\n\nSUPERSEDED\020\002:\334\001\352A"
+          + "\330\001\n2privateca.googleapis.com/Certificate"
+          + "RevocationList\022\241\001projects/{project}/loca"
+          + "tions/{location}/caPools/{ca_pool}/certi"
+          + "ficateAuthorities/{certificate_authority"
+          + "}/certificateRevocationLists/{certificat"
+          + "e_revocation_list}\"\217\n\n\013Certificate\022:\n\004na"
+          + "me\030\001 \001(\tB,\340A\003\372A&\n$privateca.googleapis.c"
+          + "om/Certificate\022\026\n\007pem_csr\030\002 \001(\tB\003\340A\005H\000\022L"
+          + "\n\006config\030\003 \001(\01325.google.cloud.security.p"
+          + "rivateca.v1.CertificateConfigB\003\340A\005H\000\022[\n\034"
+          + "issuer_certificate_authority\030\004 \001(\tB5\340A\003\372"
+          + "A/\n-privateca.googleapis.com/Certificate"
+          + "Authority\0223\n\010lifetime\030\005 \001(\0132\031.google.pro"
+          + "tobuf.DurationB\006\340A\002\340A\005\022R\n\024certificate_te"
+          + "mplate\030\006 \001(\tB4\340A\005\372A.\n,privateca.googleap"
+          + "is.com/CertificateTemplate\022Q\n\014subject_mo"
+          + "de\030\007 \001(\01626.google.cloud.security.private"
+          + "ca.v1.SubjectRequestModeB\003\340A\005\022b\n\022revocat"
+          + "ion_details\030\010 \001(\0132A.google.cloud.securit"
+          + "y.privateca.v1.Certificate.RevocationDet"
+          + "ailsB\003\340A\003\022\034\n\017pem_certificate\030\t \001(\tB\003\340A\003\022"
+          + "`\n\027certificate_description\030\n \001(\0132:.googl"
+          + "e.cloud.security.privateca.v1.Certificat"
+          + "eDescriptionB\003\340A\003\022\"\n\025pem_certificate_cha"
+          + "in\030\013 \003(\tB\003\340A\003\0224\n\013create_time\030\014 \001(\0132\032.goo"
+          + "gle.protobuf.TimestampB\003\340A\003\0224\n\013update_ti"
+          + "me\030\r \001(\0132\032.google.protobuf.TimestampB\003\340A"
+          + "\003\022P\n\006labels\030\016 \003(\0132;.google.cloud.securit"
+          + "y.privateca.v1.Certificate.LabelsEntryB\003"
+          + "\340A\001\032\230\001\n\021RevocationDetails\022N\n\020revocation_"
+          + "state\030\001 \001(\01624.google.cloud.security.priv"
+          + "ateca.v1.RevocationReason\0223\n\017revocation_"
+          + "time\030\002 \001(\0132\032.google.protobuf.Timestamp\032-"
+          + "\n\013LabelsEntry\022\013\n\003key\030\001 \001(\t\022\r\n\005value\030\002 \001("
+          + "\t:\0028\001:\177\352A|\n$privateca.googleapis.com/Cer"
+          + "tificate\022Tprojects/{project}/locations/{"
+          + "location}/caPools/{ca_pool}/certificates"
+          + "/{certificate}B\024\n\022certificate_config\"\227\006\n"
+          + "\023CertificateTemplate\022B\n\004name\030\001 \001(\tB4\340A\003\372"
+          + "A.\n,privateca.googleapis.com/Certificate"
+          + "Template\022R\n\021predefined_values\030\002 \001(\01322.go"
+          + "ogle.cloud.security.privateca.v1.X509Par"
+          + "ametersB\003\340A\001\022e\n\024identity_constraints\030\003 \001"
+          + "(\0132B.google.cloud.security.privateca.v1."
+          + "CertificateIdentityConstraintsB\003\340A\001\022h\n\026p"
+          + "assthrough_extensions\030\004 \001(\0132C.google.clo"
+          + "ud.security.privateca.v1.CertificateExte"
+          + "nsionConstraintsB\003\340A\001\022\030\n\013description\030\005 \001"
+          + "(\tB\003\340A\001\0224\n\013create_time\030\006 \001(\0132\032.google.pr"
+          + "otobuf.TimestampB\003\340A\003\0224\n\013update_time\030\007 \001"
+          + "(\0132\032.google.protobuf.TimestampB\003\340A\003\022X\n\006l"
+          + "abels\030\010 \003(\0132C.google.cloud.security.priv"
+          + "ateca.v1.CertificateTemplate.LabelsEntry"
+          + "B\003\340A\001\032-\n\013LabelsEntry\022\013\n\003key\030\001 \001(\t\022\r\n\005val"
+          + "ue\030\002 \001(\t:\0028\001:\207\001\352A\203\001\n,privateca.googleapi"
+          + "s.com/CertificateTemplate\022Sprojects/{pro"
+          + "ject}/locations/{location}/certificateTe"
+          + "mplates/{certificate_template}\"\337\003\n\016X509P"
+          + "arameters\022D\n\tkey_usage\030\001 \001(\0132,.google.cl"
+          + "oud.security.privateca.v1.KeyUsageB\003\340A\001\022"
+          + "U\n\nca_options\030\002 \001(\0132<.google.cloud.secur"
+          + "ity.privateca.v1.X509Parameters.CaOption"
+          + "sB\003\340A\001\022E\n\npolicy_ids\030\003 \003(\0132,.google.clou"
+          + "d.security.privateca.v1.ObjectIdB\003\340A\001\022\035\n"
+          + "\020aia_ocsp_servers\030\004 \003(\tB\003\340A\001\022U\n\025addition"
+          + "al_extensions\030\005 \003(\01321.google.cloud.secur"
+          + "ity.privateca.v1.X509ExtensionB\003\340A\001\032s\n\tC"
+          + "aOptions\022\027\n\005is_ca\030\001 \001(\010B\003\340A\001H\000\210\001\001\022(\n\026max"
+          + "_issuer_path_length\030\002 \001(\005B\003\340A\001H\001\210\001\001B\010\n\006_"
+          + "is_caB\031\n\027_max_issuer_path_length\"\251\002\n\021Sub"
+          + "ordinateConfig\022V\n\025certificate_authority\030"
+          + "\001 \001(\tB5\340A\002\372A/\n-privateca.googleapis.com/"
+          + "CertificateAuthorityH\000\022m\n\020pem_issuer_cha"
+          + "in\030\002 \001(\0132L.google.cloud.security.private"
+          + "ca.v1.SubordinateConfig.SubordinateConfi"
+          + "gChainB\003\340A\002H\000\0327\n\026SubordinateConfigChain\022"
+          + "\035\n\020pem_certificates\030\001 \003(\tB\003\340A\002B\024\n\022subord"
+          + "inate_config\"\235\001\n\tPublicKey\022\020\n\003key\030\001 \001(\014B"
+          + "\003\340A\002\022L\n\006format\030\002 \001(\01627.google.cloud.secu"
+          + "rity.privateca.v1.PublicKey.KeyFormatB\003\340"
+          + "A\002\"0\n\tKeyFormat\022\032\n\026KEY_FORMAT_UNSPECIFIE"
+          + "D\020\000\022\007\n\003PEM\020\001\"\264\003\n\021CertificateConfig\022`\n\016su"
+          + "bject_config\030\001 \001(\0132C.google.cloud.securi"
+          + "ty.privateca.v1.CertificateConfig.Subjec"
+          + "tConfigB\003\340A\002\022L\n\013x509_config\030\002 \001(\01322.goog"
+          + "le.cloud.security.privateca.v1.X509Param"
+          + "etersB\003\340A\002\022F\n\npublic_key\030\003 \001(\0132-.google."
+          + "cloud.security.privateca.v1.PublicKeyB\003\340"
+          + "A\001\032\246\001\n\rSubjectConfig\022A\n\007subject\030\001 \001(\0132+."
+          + "google.cloud.security.privateca.v1.Subje"
+          + "ctB\003\340A\002\022R\n\020subject_alt_name\030\002 \001(\01323.goog"
+          + "le.cloud.security.privateca.v1.SubjectAl"
+          + "tNamesB\003\340A\001\"\241\010\n\026CertificateDescription\022j"
+          + "\n\023subject_description\030\001 \001(\0132M.google.clo"
+          + "ud.security.privateca.v1.CertificateDesc"
+          + "ription.SubjectDescription\022L\n\020x509_descr"
+          + "iption\030\002 \001(\01322.google.cloud.security.pri"
+          + "vateca.v1.X509Parameters\022A\n\npublic_key\030\003"
+          + " \001(\0132-.google.cloud.security.privateca.v"
+          + "1.PublicKey\022X\n\016subject_key_id\030\004 \001(\0132@.go"
+          + "ogle.cloud.security.privateca.v1.Certifi"
+          + "cateDescription.KeyId\022Z\n\020authority_key_i"
+          + "d\030\005 \001(\0132@.google.cloud.security.privatec"
+          + "a.v1.CertificateDescription.KeyId\022\037\n\027crl"
+          + "_distribution_points\030\006 \003(\t\022$\n\034aia_issuin"
+          + "g_certificate_urls\030\007 \003(\t\022k\n\020cert_fingerp"
+          + "rint\030\010 \001(\0132Q.google.cloud.security.priva"
+          + "teca.v1.CertificateDescription.Certifica"
+          + "teFingerprint\032\322\002\n\022SubjectDescription\022<\n\007"
+          + "subject\030\001 \001(\0132+.google.cloud.security.pr"
+          + "ivateca.v1.Subject\022M\n\020subject_alt_name\030\002"
+          + " \001(\01323.google.cloud.security.privateca.v"
+          + "1.SubjectAltNames\022\031\n\021hex_serial_number\030\003"
+          + " \001(\t\022+\n\010lifetime\030\004 \001(\0132\031.google.protobuf"
+          + ".Duration\0223\n\017not_before_time\030\005 \001(\0132\032.goo"
+          + "gle.protobuf.Timestamp\0222\n\016not_after_time"
+          + "\030\006 \001(\0132\032.google.protobuf.Timestamp\032\034\n\005Ke"
+          + "yId\022\023\n\006key_id\030\001 \001(\tB\003\340A\001\032-\n\026CertificateF"
+          + "ingerprint\022\023\n\013sha256_hash\030\001 \001(\t\"\'\n\010Objec"
+          + "tId\022\033\n\016object_id_path\030\001 \003(\005B\003\340A\002\"\200\001\n\rX50"
+          + "9Extension\022D\n\tobject_id\030\001 \001(\0132,.google.c"
+          + "loud.security.privateca.v1.ObjectIdB\003\340A\002"
+          + "\022\025\n\010critical\030\002 \001(\010B\003\340A\002\022\022\n\005value\030\003 \001(\014B\003"
+          + "\340A\002\"\242\005\n\010KeyUsage\022T\n\016base_key_usage\030\001 \001(\013"
+          + "2<.google.cloud.security.privateca.v1.Ke"
+          + "yUsage.KeyUsageOptions\022`\n\022extended_key_u"
+          + "sage\030\002 \001(\0132D.google.cloud.security.priva"
+          + "teca.v1.KeyUsage.ExtendedKeyUsageOptions"
+          + "\022Q\n\033unknown_extended_key_usages\030\003 \003(\0132,."
+          + "google.cloud.security.privateca.v1.Objec"
+          + "tId\032\347\001\n\017KeyUsageOptions\022\031\n\021digital_signa"
+          + "ture\030\001 \001(\010\022\032\n\022content_commitment\030\002 \001(\010\022\030"
+          + "\n\020key_encipherment\030\003 \001(\010\022\031\n\021data_enciphe"
+          + "rment\030\004 \001(\010\022\025\n\rkey_agreement\030\005 \001(\010\022\021\n\tce"
+          + "rt_sign\030\006 \001(\010\022\020\n\010crl_sign\030\007 \001(\010\022\025\n\rencip"
+          + "her_only\030\010 \001(\010\022\025\n\rdecipher_only\030\t \001(\010\032\240\001"
+          + "\n\027ExtendedKeyUsageOptions\022\023\n\013server_auth"
+          + "\030\001 \001(\010\022\023\n\013client_auth\030\002 \001(\010\022\024\n\014code_sign"
+          + "ing\030\003 \001(\010\022\030\n\020email_protection\030\004 \001(\010\022\025\n\rt"
+          + "ime_stamping\030\005 \001(\010\022\024\n\014ocsp_signing\030\006 \001(\010"
+          + "\"\270\001\n\007Subject\022\023\n\013common_name\030\001 \001(\t\022\024\n\014cou"
+          + "ntry_code\030\002 \001(\t\022\024\n\014organization\030\003 \001(\t\022\033\n"
+          + "\023organizational_unit\030\004 \001(\t\022\020\n\010locality\030\005"
+          + " \001(\t\022\020\n\010province\030\006 \001(\t\022\026\n\016street_address"
+          + "\030\007 \001(\t\022\023\n\013postal_code\030\010 \001(\t\"\251\001\n\017SubjectA"
+          + "ltNames\022\021\n\tdns_names\030\001 \003(\t\022\014\n\004uris\030\002 \003(\t"
+          + "\022\027\n\017email_addresses\030\003 \003(\t\022\024\n\014ip_addresse"
+          + "s\030\004 \003(\t\022F\n\013custom_sans\030\005 \003(\01321.google.cl"
+          + "oud.security.privateca.v1.X509Extension\""
+          + "\252\001\n\036CertificateIdentityConstraints\022.\n\016ce"
+          + "l_expression\030\001 \001(\0132\021.google.type.ExprB\003\340"
+          + "A\001\022&\n\031allow_subject_passthrough\030\002 \001(\010B\003\340"
+          + "A\001\0220\n#allow_subject_alt_names_passthroug"
+          + "h\030\003 \001(\010B\003\340A\001\"\236\003\n\037CertificateExtensionCon"
+          + "straints\022|\n\020known_extensions\030\001 \003(\0162].goo"
+          + "gle.cloud.security.privateca.v1.Certific"
+          + "ateExtensionConstraints.KnownCertificate"
+          + "ExtensionB\003\340A\001\022P\n\025additional_extensions\030"
+          + "\002 \003(\0132,.google.cloud.security.privateca."
+          + "v1.ObjectIdB\003\340A\001\"\252\001\n\031KnownCertificateExt"
+          + "ension\022+\n\'KNOWN_CERTIFICATE_EXTENSION_UN"
+          + "SPECIFIED\020\000\022\022\n\016BASE_KEY_USAGE\020\001\022\026\n\022EXTEN"
+          + "DED_KEY_USAGE\020\002\022\016\n\nCA_OPTIONS\020\003\022\016\n\nPOLIC"
+          + "Y_IDS\020\004\022\024\n\020AIA_OCSP_SERVERS\020\005*\207\002\n\020Revoca"
+          + "tionReason\022!\n\035REVOCATION_REASON_UNSPECIF"
+          + "IED\020\000\022\022\n\016KEY_COMPROMISE\020\001\022$\n CERTIFICATE"
+          + "_AUTHORITY_COMPROMISE\020\002\022\027\n\023AFFILIATION_C"
+          + "HANGED\020\003\022\016\n\nSUPERSEDED\020\004\022\032\n\026CESSATION_OF"
+          + "_OPERATION\020\005\022\024\n\020CERTIFICATE_HOLD\020\006\022\027\n\023PR"
+          + "IVILEGE_WITHDRAWN\020\007\022\"\n\036ATTRIBUTE_AUTHORI"
+          + "TY_COMPROMISE\020\010*]\n\022SubjectRequestMode\022$\n"
+          + " SUBJECT_REQUEST_MODE_UNSPECIFIED\020\000\022\013\n\007D"
+          + "EFAULT\020\001\022\024\n\020REFLECTED_SPIFFE\020\002B\206\002\n&com.g"
+          + "oogle.cloud.security.privateca.v1B\027Priva"
+          + "teCaResourcesProtoP\001ZKgoogle.golang.org/"
+          + "genproto/googleapis/cloud/security/priva"
+          + "teca/v1;privateca\370\001\001\252\002\"Google.Cloud.Secu"
+          + "rity.PrivateCA.V1\312\002\"Google\\Cloud\\Securit"
+          + "y\\PrivateCA\\V1\352\002&Google::Cloud::Security"
+          + "::PrivateCA::V1b\006proto3"
     };
     descriptor =
         com.google.protobuf.Descriptors.FileDescriptor.internalBuildGeneratedFileFrom(
@@ -614,6 +622,16 @@ public static com.google.protobuf.Descriptors.FileDescriptor getDescriptor() {
             new java.lang.String[] {
               "MinModulusSize", "MaxModulusSize",
             });
+    internal_static_google_cloud_security_privateca_v1_CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_descriptor =
+        internal_static_google_cloud_security_privateca_v1_CaPool_IssuancePolicy_AllowedKeyType_descriptor
+            .getNestedTypes()
+            .get(1);
+    internal_static_google_cloud_security_privateca_v1_CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_descriptor,
+            new java.lang.String[] {
+              "SignatureAlgorithm",
+            });
     internal_static_google_cloud_security_privateca_v1_CaPool_IssuancePolicy_IssuanceModes_descriptor =
         internal_static_google_cloud_security_privateca_v1_CaPool_IssuancePolicy_descriptor
             .getNestedTypes()
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/RevokeCertificateRequest.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/RevokeCertificateRequest.java
index 07567fa1..149bc5d8 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/RevokeCertificateRequest.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/RevokeCertificateRequest.java
@@ -134,8 +134,8 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
    *
    *
    * 
-   * Required. The resource name for this
-   * [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
+   * Required. The resource name for this [Certificate][google.cloud.security.privateca.v1.Certificate] in the
+   * format
    * `projects/*/locations/*/caPools/*/certificates/*`.
    * 

    *
@@ -161,8 +161,8 @@ public java.lang.String getName() {
    *
    *
    * 
-   * Required. The resource name for this
-   * [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
+   * Required. The resource name for this [Certificate][google.cloud.security.privateca.v1.Certificate] in the
+   * format
    * `projects/*/locations/*/caPools/*/certificates/*`.
    * 

    *
@@ -191,9 +191,7 @@ public com.google.protobuf.ByteString getNameBytes() {
    *
    *
    * 
-   * Required. The
-   * [RevocationReason][google.cloud.security.privateca.v1.RevocationReason] for
-   * revoking this certificate.
+   * Required. The [RevocationReason][google.cloud.security.privateca.v1.RevocationReason] for revoking this certificate.
    * 

    *
    * 
@@ -210,9 +208,7 @@ public int getReasonValue() {
    *
    *
    * 
-   * Required. The
-   * [RevocationReason][google.cloud.security.privateca.v1.RevocationReason] for
-   * revoking this certificate.
+   * Required. The [RevocationReason][google.cloud.security.privateca.v1.RevocationReason] for revoking this certificate.
    * 

    *
    * 
@@ -237,10 +233,10 @@ public com.google.cloud.security.privateca.v1.RevocationReason getReason() {
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
@@ -270,10 +266,10 @@ public java.lang.String getRequestId() {
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
@@ -664,8 +660,8 @@ public Builder mergeFrom(
      *
      *
      * 
-     * Required. The resource name for this
-     * [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
+     * Required. The resource name for this [Certificate][google.cloud.security.privateca.v1.Certificate] in the
+     * format
      * `projects/*/locations/*/caPools/*/certificates/*`.
      * 

      *
@@ -690,8 +686,8 @@ public java.lang.String getName() {
      *
      *
      * 
-     * Required. The resource name for this
-     * [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
+     * Required. The resource name for this [Certificate][google.cloud.security.privateca.v1.Certificate] in the
+     * format
      * `projects/*/locations/*/caPools/*/certificates/*`.
      * 

      *
@@ -716,8 +712,8 @@ public com.google.protobuf.ByteString getNameBytes() {
      *
      *
      * 
-     * Required. The resource name for this
-     * [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
+     * Required. The resource name for this [Certificate][google.cloud.security.privateca.v1.Certificate] in the
+     * format
      * `projects/*/locations/*/caPools/*/certificates/*`.
      * 

      *
@@ -741,8 +737,8 @@ public Builder setName(java.lang.String value) {
      *
      *
      * 
-     * Required. The resource name for this
-     * [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
+     * Required. The resource name for this [Certificate][google.cloud.security.privateca.v1.Certificate] in the
+     * format
      * `projects/*/locations/*/caPools/*/certificates/*`.
      * 

      *
@@ -762,8 +758,8 @@ public Builder clearName() {
      *
      *
      * 
-     * Required. The resource name for this
-     * [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
+     * Required. The resource name for this [Certificate][google.cloud.security.privateca.v1.Certificate] in the
+     * format
      * `projects/*/locations/*/caPools/*/certificates/*`.
      * 

      *
@@ -790,9 +786,7 @@ public Builder setNameBytes(com.google.protobuf.ByteString value) {
      *
      *
      * 
-     * Required. The
-     * [RevocationReason][google.cloud.security.privateca.v1.RevocationReason] for
-     * revoking this certificate.
+     * Required. The [RevocationReason][google.cloud.security.privateca.v1.RevocationReason] for revoking this certificate.
      * 

      *
      * 
@@ -809,9 +803,7 @@ public int getReasonValue() {
      *
      *
      * 
-     * Required. The
-     * [RevocationReason][google.cloud.security.privateca.v1.RevocationReason] for
-     * revoking this certificate.
+     * Required. The [RevocationReason][google.cloud.security.privateca.v1.RevocationReason] for revoking this certificate.
      * 

      *
      * 
@@ -831,9 +823,7 @@ public Builder setReasonValue(int value) {
      *
      *
      * 
-     * Required. The
-     * [RevocationReason][google.cloud.security.privateca.v1.RevocationReason] for
-     * revoking this certificate.
+     * Required. The [RevocationReason][google.cloud.security.privateca.v1.RevocationReason] for revoking this certificate.
      * 

      *
      * 
@@ -855,9 +845,7 @@ public com.google.cloud.security.privateca.v1.RevocationReason getReason() {
      *
      *
      * 
-     * Required. The
-     * [RevocationReason][google.cloud.security.privateca.v1.RevocationReason] for
-     * revoking this certificate.
+     * Required. The [RevocationReason][google.cloud.security.privateca.v1.RevocationReason] for revoking this certificate.
      * 

      *
      * 
@@ -880,9 +868,7 @@ public Builder setReason(com.google.cloud.security.privateca.v1.RevocationReason
      *
      *
      * 
-     * Required. The
-     * [RevocationReason][google.cloud.security.privateca.v1.RevocationReason] for
-     * revoking this certificate.
+     * Required. The [RevocationReason][google.cloud.security.privateca.v1.RevocationReason] for revoking this certificate.
      * 

      *
      * 
@@ -903,10 +889,10 @@ public Builder clearReason() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -935,10 +921,10 @@ public java.lang.String getRequestId() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -967,10 +953,10 @@ public com.google.protobuf.ByteString getRequestIdBytes() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -998,10 +984,10 @@ public Builder setRequestId(java.lang.String value) {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -1025,10 +1011,10 @@ public Builder clearRequestId() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/RevokeCertificateRequestOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/RevokeCertificateRequestOrBuilder.java
index 3facbbce..cfaa1e53 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/RevokeCertificateRequestOrBuilder.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/RevokeCertificateRequestOrBuilder.java
@@ -27,8 +27,8 @@ public interface RevokeCertificateRequestOrBuilder
    *
    *
    * 
-   * Required. The resource name for this
-   * [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
+   * Required. The resource name for this [Certificate][google.cloud.security.privateca.v1.Certificate] in the
+   * format
    * `projects/*/locations/*/caPools/*/certificates/*`.
    * 

    *
@@ -43,8 +43,8 @@ public interface RevokeCertificateRequestOrBuilder
    *
    *
    * 
-   * Required. The resource name for this
-   * [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
+   * Required. The resource name for this [Certificate][google.cloud.security.privateca.v1.Certificate] in the
+   * format
    * `projects/*/locations/*/caPools/*/certificates/*`.
    * 

    *
@@ -60,9 +60,7 @@ public interface RevokeCertificateRequestOrBuilder
    *
    *
    * 
-   * Required. The
-   * [RevocationReason][google.cloud.security.privateca.v1.RevocationReason] for
-   * revoking this certificate.
+   * Required. The [RevocationReason][google.cloud.security.privateca.v1.RevocationReason] for revoking this certificate.
    * 

    *
    * 
@@ -76,9 +74,7 @@ public interface RevokeCertificateRequestOrBuilder
    *
    *
    * 
-   * Required. The
-   * [RevocationReason][google.cloud.security.privateca.v1.RevocationReason] for
-   * revoking this certificate.
+   * Required. The [RevocationReason][google.cloud.security.privateca.v1.RevocationReason] for revoking this certificate.
    * 

    *
    * 
@@ -93,10 +89,10 @@ public interface RevokeCertificateRequestOrBuilder
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
@@ -115,10 +111,10 @@ public interface RevokeCertificateRequestOrBuilder
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/SubjectRequestMode.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/SubjectRequestMode.java
index a039ed31..96a5b799 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/SubjectRequestMode.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/SubjectRequestMode.java
@@ -61,7 +61,7 @@ public enum SubjectRequestMode implements com.google.protobuf.ProtocolMessageEnu
    * on the caller's identity. This mode will ignore any explicitly specified
    * [Subject][google.cloud.security.privateca.v1.Subject] and/or [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] in the certificate request.
    * This mode requires the caller to have the
-   * `privateca.certificates.createReflected` permission.
+   * `privateca.certificates.createForSelf` permission.
    * 

    *
    * REFLECTED_SPIFFE = 2;
@@ -102,7 +102,7 @@ public enum SubjectRequestMode implements com.google.protobuf.ProtocolMessageEnu
    * on the caller's identity. This mode will ignore any explicitly specified
    * [Subject][google.cloud.security.privateca.v1.Subject] and/or [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] in the certificate request.
    * This mode requires the caller to have the
-   * `privateca.certificates.createReflected` permission.
+   * `privateca.certificates.createForSelf` permission.
    * 

    *
    * REFLECTED_SPIFFE = 2;
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UndeleteCertificateAuthorityRequest.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UndeleteCertificateAuthorityRequest.java
index d6de64ad..7c6c1c2f 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UndeleteCertificateAuthorityRequest.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UndeleteCertificateAuthorityRequest.java
@@ -129,9 +129,8 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
    *
    *
    * 
-   * Required. The resource name for this
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-   * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+   * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+   * format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
    * 

    *
    * 
@@ -156,9 +155,8 @@ public java.lang.String getName() {
    *
    *
    * 
-   * Required. The resource name for this
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-   * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+   * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+   * format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
    * 

    *
    * 
@@ -186,10 +184,10 @@ public com.google.protobuf.ByteString getNameBytes() {
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
@@ -219,10 +217,10 @@ public java.lang.String getRequestId() {
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
@@ -609,9 +607,8 @@ public Builder mergeFrom(
      *
      *
      * 
-     * Required. The resource name for this
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+     * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+     * format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
      * 

      *
      * 
@@ -635,9 +632,8 @@ public java.lang.String getName() {
      *
      *
      * 
-     * Required. The resource name for this
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+     * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+     * format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
      * 

      *
      * 
@@ -661,9 +657,8 @@ public com.google.protobuf.ByteString getNameBytes() {
      *
      *
      * 
-     * Required. The resource name for this
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+     * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+     * format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
      * 

      *
      * 
@@ -686,9 +681,8 @@ public Builder setName(java.lang.String value) {
      *
      *
      * 
-     * Required. The resource name for this
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+     * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+     * format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
      * 

      *
      * 
@@ -707,9 +701,8 @@ public Builder clearName() {
      *
      *
      * 
-     * Required. The resource name for this
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+     * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+     * format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
      * 

      *
      * 
@@ -735,10 +728,10 @@ public Builder setNameBytes(com.google.protobuf.ByteString value) {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -767,10 +760,10 @@ public java.lang.String getRequestId() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -799,10 +792,10 @@ public com.google.protobuf.ByteString getRequestIdBytes() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -830,10 +823,10 @@ public Builder setRequestId(java.lang.String value) {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -857,10 +850,10 @@ public Builder clearRequestId() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UndeleteCertificateAuthorityRequestOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UndeleteCertificateAuthorityRequestOrBuilder.java
index 96a1a612..62f10b34 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UndeleteCertificateAuthorityRequestOrBuilder.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UndeleteCertificateAuthorityRequestOrBuilder.java
@@ -27,9 +27,8 @@ public interface UndeleteCertificateAuthorityRequestOrBuilder
    *
    *
    * 
-   * Required. The resource name for this
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-   * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+   * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+   * format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
    * 

    *
    * 
@@ -43,9 +42,8 @@ public interface UndeleteCertificateAuthorityRequestOrBuilder
    *
    *
    * 
-   * Required. The resource name for this
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-   * in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+   * Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+   * format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
    * 

    *
    * 
@@ -60,10 +58,10 @@ public interface UndeleteCertificateAuthorityRequestOrBuilder
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
@@ -82,10 +80,10 @@ public interface UndeleteCertificateAuthorityRequestOrBuilder
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCaPoolRequest.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCaPoolRequest.java
index 4c10c2ae..d3ca6ab0 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCaPoolRequest.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCaPoolRequest.java
@@ -149,8 +149,7 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
    *
    *
    * 
-   * Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated
-   * values.
+   * Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated values.
    * 

    *
    * 
@@ -167,8 +166,7 @@ public boolean hasCaPool() {
    *
    *
    * 
-   * Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated
-   * values.
+   * Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated values.
    * 

    *
    * 
@@ -187,8 +185,7 @@ public com.google.cloud.security.privateca.v1.CaPool getCaPool() {
    *
    *
    * 
-   * Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated
-   * values.
+   * Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated values.
    * 

    *
    * 
@@ -255,10 +252,10 @@ public com.google.protobuf.FieldMaskOrBuilder getUpdateMaskOrBuilder() {
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
@@ -288,10 +285,10 @@ public java.lang.String getRequestId() {
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
@@ -704,8 +701,7 @@ public Builder mergeFrom(
      *
      *
      * 
-     * Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated
-     * values.
+     * Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated values.
      * 

      *
      * 
@@ -721,8 +717,7 @@ public boolean hasCaPool() {
      *
      *
      * 
-     * Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated
-     * values.
+     * Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated values.
      * 

      *
      * 
@@ -744,8 +739,7 @@ public com.google.cloud.security.privateca.v1.CaPool getCaPool() {
      *
      *
      * 
-     * Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated
-     * values.
+     * Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated values.
      * 

      *
      * 
@@ -769,8 +763,7 @@ public Builder setCaPool(com.google.cloud.security.privateca.v1.CaPool value) {
      *
      *
      * 
-     * Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated
-     * values.
+     * Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated values.
      * 

      *
      * 
@@ -792,8 +785,7 @@ public Builder setCaPool(
      *
      *
      * 
-     * Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated
-     * values.
+     * Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated values.
      * 

      *
      * 
@@ -821,8 +813,7 @@ public Builder mergeCaPool(com.google.cloud.security.privateca.v1.CaPool value)
      *
      *
      * 
-     * Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated
-     * values.
+     * Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated values.
      * 

      *
      * 
@@ -844,8 +835,7 @@ public Builder clearCaPool() {
      *
      *
      * 
-     * Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated
-     * values.
+     * Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated values.
      * 

      *
      * 
@@ -861,8 +851,7 @@ public com.google.cloud.security.privateca.v1.CaPool.Builder getCaPoolBuilder()
      *
      *
      * 
-     * Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated
-     * values.
+     * Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated values.
      * 

      *
      * 
@@ -882,8 +871,7 @@ public com.google.cloud.security.privateca.v1.CaPoolOrBuilder getCaPoolOrBuilder
      *
      *
      * 
-     * Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated
-     * values.
+     * Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated values.
      * 

      *
      * 
@@ -1104,10 +1092,10 @@ public com.google.protobuf.FieldMaskOrBuilder getUpdateMaskOrBuilder() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -1136,10 +1124,10 @@ public java.lang.String getRequestId() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -1168,10 +1156,10 @@ public com.google.protobuf.ByteString getRequestIdBytes() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -1199,10 +1187,10 @@ public Builder setRequestId(java.lang.String value) {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -1226,10 +1214,10 @@ public Builder clearRequestId() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCaPoolRequestOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCaPoolRequestOrBuilder.java
index 6b893762..73ce5c79 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCaPoolRequestOrBuilder.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCaPoolRequestOrBuilder.java
@@ -27,8 +27,7 @@ public interface UpdateCaPoolRequestOrBuilder
    *
    *
    * 
-   * Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated
-   * values.
+   * Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated values.
    * 

    *
    * 
@@ -42,8 +41,7 @@ public interface UpdateCaPoolRequestOrBuilder
    *
    *
    * 
-   * Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated
-   * values.
+   * Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated values.
    * 

    *
    * 
@@ -57,8 +55,7 @@ public interface UpdateCaPoolRequestOrBuilder
    *
    *
    * 
-   * Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated
-   * values.
+   * Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated values.
    * 

    *
    * 
@@ -109,10 +106,10 @@ public interface UpdateCaPoolRequestOrBuilder
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
@@ -131,10 +128,10 @@ public interface UpdateCaPoolRequestOrBuilder
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCertificateAuthorityRequest.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCertificateAuthorityRequest.java
index 24de29c6..688f79dc 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCertificateAuthorityRequest.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCertificateAuthorityRequest.java
@@ -151,9 +151,7 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
    *
    *
    * 
-   * Required.
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-   * with updated values.
+   * Required. [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with updated values.
    * 

    *
    * 
@@ -170,9 +168,7 @@ public boolean hasCertificateAuthority() {
    *
    *
    * 
-   * Required.
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-   * with updated values.
+   * Required. [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with updated values.
    * 

    *
    * 
@@ -191,9 +187,7 @@ public com.google.cloud.security.privateca.v1.CertificateAuthority getCertificat
    *
    *
    * 
-   * Required.
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-   * with updated values.
+   * Required. [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with updated values.
    * 

    *
    * 
@@ -261,10 +255,10 @@ public com.google.protobuf.FieldMaskOrBuilder getUpdateMaskOrBuilder() {
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
@@ -294,10 +288,10 @@ public java.lang.String getRequestId() {
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
@@ -723,9 +717,7 @@ public Builder mergeFrom(
      *
      *
      * 
-     * Required.
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * with updated values.
+     * Required. [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with updated values.
      * 

      *
      * 
@@ -741,9 +733,7 @@ public boolean hasCertificateAuthority() {
      *
      *
      * 
-     * Required.
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * with updated values.
+     * Required. [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with updated values.
      * 

      *
      * 
@@ -765,9 +755,7 @@ public com.google.cloud.security.privateca.v1.CertificateAuthority getCertificat
      *
      *
      * 
-     * Required.
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * with updated values.
+     * Required. [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with updated values.
      * 

      *
      * 
@@ -792,9 +780,7 @@ public Builder setCertificateAuthority(
      *
      *
      * 
-     * Required.
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * with updated values.
+     * Required. [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with updated values.
      * 

      *
      * 
@@ -816,9 +802,7 @@ public Builder setCertificateAuthority(
      *
      *
      * 
-     * Required.
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * with updated values.
+     * Required. [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with updated values.
      * 

      *
      * 
@@ -848,9 +832,7 @@ public Builder mergeCertificateAuthority(
      *
      *
      * 
-     * Required.
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * with updated values.
+     * Required. [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with updated values.
      * 

      *
      * 
@@ -872,9 +854,7 @@ public Builder clearCertificateAuthority() {
      *
      *
      * 
-     * Required.
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * with updated values.
+     * Required. [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with updated values.
      * 

      *
      * 
@@ -891,9 +871,7 @@ public Builder clearCertificateAuthority() {
      *
      *
      * 
-     * Required.
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * with updated values.
+     * Required. [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with updated values.
      * 

      *
      * 
@@ -914,9 +892,7 @@ public Builder clearCertificateAuthority() {
      *
      *
      * 
-     * Required.
-     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-     * with updated values.
+     * Required. [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with updated values.
      * 

      *
      * 
@@ -1137,10 +1113,10 @@ public com.google.protobuf.FieldMaskOrBuilder getUpdateMaskOrBuilder() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -1169,10 +1145,10 @@ public java.lang.String getRequestId() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -1201,10 +1177,10 @@ public com.google.protobuf.ByteString getRequestIdBytes() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -1232,10 +1208,10 @@ public Builder setRequestId(java.lang.String value) {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -1259,10 +1235,10 @@ public Builder clearRequestId() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCertificateAuthorityRequestOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCertificateAuthorityRequestOrBuilder.java
index fb0ae590..0828ce24 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCertificateAuthorityRequestOrBuilder.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCertificateAuthorityRequestOrBuilder.java
@@ -27,9 +27,7 @@ public interface UpdateCertificateAuthorityRequestOrBuilder
    *
    *
    * 
-   * Required.
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-   * with updated values.
+   * Required. [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with updated values.
    * 

    *
    * 
@@ -43,9 +41,7 @@ public interface UpdateCertificateAuthorityRequestOrBuilder
    *
    *
    * 
-   * Required.
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-   * with updated values.
+   * Required. [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with updated values.
    * 

    *
    * 
@@ -59,9 +55,7 @@ public interface UpdateCertificateAuthorityRequestOrBuilder
    *
    *
    * 
-   * Required.
-   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-   * with updated values.
+   * Required. [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with updated values.
    * 

    *
    * 
@@ -113,10 +107,10 @@ public interface UpdateCertificateAuthorityRequestOrBuilder
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
@@ -135,10 +129,10 @@ public interface UpdateCertificateAuthorityRequestOrBuilder
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCertificateRequest.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCertificateRequest.java
index 2ce92af5..7b915b05 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCertificateRequest.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCertificateRequest.java
@@ -22,8 +22,7 @@
  *
  *
  * 
- * Request message for
- * [CertificateAuthorityService.UpdateCertificate][google.cloud.security.privateca.v1.CertificateAuthorityService.UpdateCertificate].
+ * Request message for [CertificateAuthorityService.UpdateCertificate][google.cloud.security.privateca.v1.CertificateAuthorityService.UpdateCertificate].
  * 

  *
  * Protobuf type {@code google.cloud.security.privateca.v1.UpdateCertificateRequest}
@@ -150,8 +149,7 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
    *
    *
    * 
-   * Required. [Certificate][google.cloud.security.privateca.v1.Certificate]
-   * with updated values.
+   * Required. [Certificate][google.cloud.security.privateca.v1.Certificate] with updated values.
    * 

    *
    * 
@@ -168,8 +166,7 @@ public boolean hasCertificate() {
    *
    *
    * 
-   * Required. [Certificate][google.cloud.security.privateca.v1.Certificate]
-   * with updated values.
+   * Required. [Certificate][google.cloud.security.privateca.v1.Certificate] with updated values.
    * 

    *
    * 
@@ -188,8 +185,7 @@ public com.google.cloud.security.privateca.v1.Certificate getCertificate() {
    *
    *
    * 
-   * Required. [Certificate][google.cloud.security.privateca.v1.Certificate]
-   * with updated values.
+   * Required. [Certificate][google.cloud.security.privateca.v1.Certificate] with updated values.
    * 

    *
    * 
@@ -256,10 +252,10 @@ public com.google.protobuf.FieldMaskOrBuilder getUpdateMaskOrBuilder() {
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
@@ -289,10 +285,10 @@ public java.lang.String getRequestId() {
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
@@ -511,8 +507,7 @@ protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.Build
    *
    *
    * 
-   * Request message for
-   * [CertificateAuthorityService.UpdateCertificate][google.cloud.security.privateca.v1.CertificateAuthorityService.UpdateCertificate].
+   * Request message for [CertificateAuthorityService.UpdateCertificate][google.cloud.security.privateca.v1.CertificateAuthorityService.UpdateCertificate].
    * 

    *
    * Protobuf type {@code google.cloud.security.privateca.v1.UpdateCertificateRequest}
@@ -709,8 +704,7 @@ public Builder mergeFrom(
      *
      *
      * 
-     * Required. [Certificate][google.cloud.security.privateca.v1.Certificate]
-     * with updated values.
+     * Required. [Certificate][google.cloud.security.privateca.v1.Certificate] with updated values.
      * 

      *
      * 
@@ -726,8 +720,7 @@ public boolean hasCertificate() {
      *
      *
      * 
-     * Required. [Certificate][google.cloud.security.privateca.v1.Certificate]
-     * with updated values.
+     * Required. [Certificate][google.cloud.security.privateca.v1.Certificate] with updated values.
      * 

      *
      * 
@@ -749,8 +742,7 @@ public com.google.cloud.security.privateca.v1.Certificate getCertificate() {
      *
      *
      * 
-     * Required. [Certificate][google.cloud.security.privateca.v1.Certificate]
-     * with updated values.
+     * Required. [Certificate][google.cloud.security.privateca.v1.Certificate] with updated values.
      * 

      *
      * 
@@ -774,8 +766,7 @@ public Builder setCertificate(com.google.cloud.security.privateca.v1.Certificate
      *
      *
      * 
-     * Required. [Certificate][google.cloud.security.privateca.v1.Certificate]
-     * with updated values.
+     * Required. [Certificate][google.cloud.security.privateca.v1.Certificate] with updated values.
      * 

      *
      * 
@@ -797,8 +788,7 @@ public Builder setCertificate(
      *
      *
      * 
-     * Required. [Certificate][google.cloud.security.privateca.v1.Certificate]
-     * with updated values.
+     * Required. [Certificate][google.cloud.security.privateca.v1.Certificate] with updated values.
      * 

      *
      * 
@@ -826,8 +816,7 @@ public Builder mergeCertificate(com.google.cloud.security.privateca.v1.Certifica
      *
      *
      * 
-     * Required. [Certificate][google.cloud.security.privateca.v1.Certificate]
-     * with updated values.
+     * Required. [Certificate][google.cloud.security.privateca.v1.Certificate] with updated values.
      * 

      *
      * 
@@ -849,8 +838,7 @@ public Builder clearCertificate() {
      *
      *
      * 
-     * Required. [Certificate][google.cloud.security.privateca.v1.Certificate]
-     * with updated values.
+     * Required. [Certificate][google.cloud.security.privateca.v1.Certificate] with updated values.
      * 

      *
      * 
@@ -866,8 +854,7 @@ public com.google.cloud.security.privateca.v1.Certificate.Builder getCertificate
      *
      *
      * 
-     * Required. [Certificate][google.cloud.security.privateca.v1.Certificate]
-     * with updated values.
+     * Required. [Certificate][google.cloud.security.privateca.v1.Certificate] with updated values.
      * 

      *
      * 
@@ -887,8 +874,7 @@ public com.google.cloud.security.privateca.v1.CertificateOrBuilder getCertificat
      *
      *
      * 
-     * Required. [Certificate][google.cloud.security.privateca.v1.Certificate]
-     * with updated values.
+     * Required. [Certificate][google.cloud.security.privateca.v1.Certificate] with updated values.
      * 

      *
      * 
@@ -1109,10 +1095,10 @@ public com.google.protobuf.FieldMaskOrBuilder getUpdateMaskOrBuilder() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -1141,10 +1127,10 @@ public java.lang.String getRequestId() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -1173,10 +1159,10 @@ public com.google.protobuf.ByteString getRequestIdBytes() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -1204,10 +1190,10 @@ public Builder setRequestId(java.lang.String value) {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -1231,10 +1217,10 @@ public Builder clearRequestId() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCertificateRequestOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCertificateRequestOrBuilder.java
index 193c5c55..343ccc99 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCertificateRequestOrBuilder.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCertificateRequestOrBuilder.java
@@ -27,8 +27,7 @@ public interface UpdateCertificateRequestOrBuilder
    *
    *
    * 
-   * Required. [Certificate][google.cloud.security.privateca.v1.Certificate]
-   * with updated values.
+   * Required. [Certificate][google.cloud.security.privateca.v1.Certificate] with updated values.
    * 

    *
    * 
@@ -42,8 +41,7 @@ public interface UpdateCertificateRequestOrBuilder
    *
    *
    * 
-   * Required. [Certificate][google.cloud.security.privateca.v1.Certificate]
-   * with updated values.
+   * Required. [Certificate][google.cloud.security.privateca.v1.Certificate] with updated values.
    * 

    *
    * 
@@ -57,8 +55,7 @@ public interface UpdateCertificateRequestOrBuilder
    *
    *
    * 
-   * Required. [Certificate][google.cloud.security.privateca.v1.Certificate]
-   * with updated values.
+   * Required. [Certificate][google.cloud.security.privateca.v1.Certificate] with updated values.
    * 

    *
    * 
@@ -109,10 +106,10 @@ public interface UpdateCertificateRequestOrBuilder
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
@@ -131,10 +128,10 @@ public interface UpdateCertificateRequestOrBuilder
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCertificateRevocationListRequest.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCertificateRevocationListRequest.java
index c0cd3a35..b150d48e 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCertificateRevocationListRequest.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCertificateRevocationListRequest.java
@@ -155,9 +155,7 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
    *
    *
    * 
-   * Required.
-   * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
-   * with updated values.
+   * Required. [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] with updated values.
    * 

    *
    * 
@@ -174,9 +172,7 @@ public boolean hasCertificateRevocationList() {
    *
    *
    * 
-   * Required.
-   * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
-   * with updated values.
+   * Required. [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] with updated values.
    * 

    *
    * 
@@ -196,9 +192,7 @@ public boolean hasCertificateRevocationList() {
    *
    *
    * 
-   * Required.
-   * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
-   * with updated values.
+   * Required. [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] with updated values.
    * 

    *
    * 
@@ -266,10 +260,10 @@ public com.google.protobuf.FieldMaskOrBuilder getUpdateMaskOrBuilder() {
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
@@ -299,10 +293,10 @@ public java.lang.String getRequestId() {
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
@@ -739,9 +733,7 @@ public Builder mergeFrom(
      *
      *
      * 
-     * Required.
-     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
-     * with updated values.
+     * Required. [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] with updated values.
      * 

      *
      * 
@@ -757,9 +749,7 @@ public boolean hasCertificateRevocationList() {
      *
      *
      * 
-     * Required.
-     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
-     * with updated values.
+     * Required. [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] with updated values.
      * 

      *
      * 
@@ -782,9 +772,7 @@ public boolean hasCertificateRevocationList() {
      *
      *
      * 
-     * Required.
-     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
-     * with updated values.
+     * Required. [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] with updated values.
      * 

      *
      * 
@@ -809,9 +797,7 @@ public Builder setCertificateRevocationList(
      *
      *
      * 
-     * Required.
-     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
-     * with updated values.
+     * Required. [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] with updated values.
      * 

      *
      * 
@@ -833,9 +819,7 @@ public Builder setCertificateRevocationList(
      *
      *
      * 
-     * Required.
-     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
-     * with updated values.
+     * Required. [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] with updated values.
      * 

      *
      * 
@@ -865,9 +849,7 @@ public Builder mergeCertificateRevocationList(
      *
      *
      * 
-     * Required.
-     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
-     * with updated values.
+     * Required. [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] with updated values.
      * 

      *
      * 
@@ -889,9 +871,7 @@ public Builder clearCertificateRevocationList() {
      *
      *
      * 
-     * Required.
-     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
-     * with updated values.
+     * Required. [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] with updated values.
      * 

      *
      * 
@@ -908,9 +888,7 @@ public Builder clearCertificateRevocationList() {
      *
      *
      * 
-     * Required.
-     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
-     * with updated values.
+     * Required. [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] with updated values.
      * 

      *
      * 
@@ -931,9 +909,7 @@ public Builder clearCertificateRevocationList() {
      *
      *
      * 
-     * Required.
-     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
-     * with updated values.
+     * Required. [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] with updated values.
      * 

      *
      * 
@@ -1154,10 +1130,10 @@ public com.google.protobuf.FieldMaskOrBuilder getUpdateMaskOrBuilder() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -1186,10 +1162,10 @@ public java.lang.String getRequestId() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -1218,10 +1194,10 @@ public com.google.protobuf.ByteString getRequestIdBytes() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -1249,10 +1225,10 @@ public Builder setRequestId(java.lang.String value) {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -1276,10 +1252,10 @@ public Builder clearRequestId() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCertificateRevocationListRequestOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCertificateRevocationListRequestOrBuilder.java
index d8296d2c..992b7c1e 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCertificateRevocationListRequestOrBuilder.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCertificateRevocationListRequestOrBuilder.java
@@ -27,9 +27,7 @@ public interface UpdateCertificateRevocationListRequestOrBuilder
    *
    *
    * 
-   * Required.
-   * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
-   * with updated values.
+   * Required. [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] with updated values.
    * 

    *
    * 
@@ -43,9 +41,7 @@ public interface UpdateCertificateRevocationListRequestOrBuilder
    *
    *
    * 
-   * Required.
-   * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
-   * with updated values.
+   * Required. [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] with updated values.
    * 

    *
    * 
@@ -59,9 +55,7 @@ public interface UpdateCertificateRevocationListRequestOrBuilder
    *
    *
    * 
-   * Required.
-   * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
-   * with updated values.
+   * Required. [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] with updated values.
    * 

    *
    * 
@@ -113,10 +107,10 @@ public interface UpdateCertificateRevocationListRequestOrBuilder
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
@@ -135,10 +129,10 @@ public interface UpdateCertificateRevocationListRequestOrBuilder
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCertificateTemplateRequest.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCertificateTemplateRequest.java
index c6c06491..2a81601a 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCertificateTemplateRequest.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCertificateTemplateRequest.java
@@ -151,9 +151,7 @@ public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
    *
    *
    * 
-   * Required.
-   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
-   * with updated values.
+   * Required. [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with updated values.
    * 

    *
    * 
@@ -170,9 +168,7 @@ public boolean hasCertificateTemplate() {
    *
    *
    * 
-   * Required.
-   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
-   * with updated values.
+   * Required. [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with updated values.
    * 

    *
    * 
@@ -191,9 +187,7 @@ public com.google.cloud.security.privateca.v1.CertificateTemplate getCertificate
    *
    *
    * 
-   * Required.
-   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
-   * with updated values.
+   * Required. [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with updated values.
    * 

    *
    * 
@@ -261,10 +255,10 @@ public com.google.protobuf.FieldMaskOrBuilder getUpdateMaskOrBuilder() {
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
@@ -294,10 +288,10 @@ public java.lang.String getRequestId() {
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
@@ -721,9 +715,7 @@ public Builder mergeFrom(
      *
      *
      * 
-     * Required.
-     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
-     * with updated values.
+     * Required. [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with updated values.
      * 

      *
      * 
@@ -739,9 +731,7 @@ public boolean hasCertificateTemplate() {
      *
      *
      * 
-     * Required.
-     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
-     * with updated values.
+     * Required. [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with updated values.
      * 

      *
      * 
@@ -763,9 +753,7 @@ public com.google.cloud.security.privateca.v1.CertificateTemplate getCertificate
      *
      *
      * 
-     * Required.
-     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
-     * with updated values.
+     * Required. [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with updated values.
      * 

      *
      * 
@@ -790,9 +778,7 @@ public Builder setCertificateTemplate(
      *
      *
      * 
-     * Required.
-     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
-     * with updated values.
+     * Required. [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with updated values.
      * 

      *
      * 
@@ -814,9 +800,7 @@ public Builder setCertificateTemplate(
      *
      *
      * 
-     * Required.
-     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
-     * with updated values.
+     * Required. [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with updated values.
      * 

      *
      * 
@@ -846,9 +830,7 @@ public Builder mergeCertificateTemplate(
      *
      *
      * 
-     * Required.
-     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
-     * with updated values.
+     * Required. [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with updated values.
      * 

      *
      * 
@@ -870,9 +852,7 @@ public Builder clearCertificateTemplate() {
      *
      *
      * 
-     * Required.
-     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
-     * with updated values.
+     * Required. [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with updated values.
      * 

      *
      * 
@@ -889,9 +869,7 @@ public Builder clearCertificateTemplate() {
      *
      *
      * 
-     * Required.
-     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
-     * with updated values.
+     * Required. [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with updated values.
      * 

      *
      * 
@@ -912,9 +890,7 @@ public Builder clearCertificateTemplate() {
      *
      *
      * 
-     * Required.
-     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
-     * with updated values.
+     * Required. [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with updated values.
      * 

      *
      * 
@@ -1135,10 +1111,10 @@ public com.google.protobuf.FieldMaskOrBuilder getUpdateMaskOrBuilder() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -1167,10 +1143,10 @@ public java.lang.String getRequestId() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -1199,10 +1175,10 @@ public com.google.protobuf.ByteString getRequestIdBytes() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -1230,10 +1206,10 @@ public Builder setRequestId(java.lang.String value) {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
@@ -1257,10 +1233,10 @@ public Builder clearRequestId() {
      *
      *
      * 
-     * Optional. An ID to identify requests. Specify a unique request ID so that
-     * if you must retry your request, the server will know to ignore the request
-     * if it has already been completed. The server will guarantee that for at
-     * least 60 minutes since the first request.
+     * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+     * retry your request, the server will know to ignore the request if it has
+     * already been completed. The server will guarantee that for at least 60
+     * minutes since the first request.
      * For example, consider a situation where you make an initial request and t
      * he request times out. If you make the request again with the same request
      * ID, the server can check if original operation with the same request ID
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCertificateTemplateRequestOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCertificateTemplateRequestOrBuilder.java
index eb9c7ae7..972c9e7a 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCertificateTemplateRequestOrBuilder.java
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCertificateTemplateRequestOrBuilder.java
@@ -27,9 +27,7 @@ public interface UpdateCertificateTemplateRequestOrBuilder
    *
    *
    * 
-   * Required.
-   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
-   * with updated values.
+   * Required. [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with updated values.
    * 

    *
    * 
@@ -43,9 +41,7 @@ public interface UpdateCertificateTemplateRequestOrBuilder
    *
    *
    * 
-   * Required.
-   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
-   * with updated values.
+   * Required. [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with updated values.
    * 

    *
    * 
@@ -59,9 +55,7 @@ public interface UpdateCertificateTemplateRequestOrBuilder
    *
    *
    * 
-   * Required.
-   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
-   * with updated values.
+   * Required. [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with updated values.
    * 

    *
    * 
@@ -113,10 +107,10 @@ public interface UpdateCertificateTemplateRequestOrBuilder
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
@@ -135,10 +129,10 @@ public interface UpdateCertificateTemplateRequestOrBuilder
    *
    *
    * 
-   * Optional. An ID to identify requests. Specify a unique request ID so that
-   * if you must retry your request, the server will know to ignore the request
-   * if it has already been completed. The server will guarantee that for at
-   * least 60 minutes since the first request.
+   * Optional. An ID to identify requests. Specify a unique request ID so that if you must
+   * retry your request, the server will know to ignore the request if it has
+   * already been completed. The server will guarantee that for at least 60
+   * minutes since the first request.
    * For example, consider a situation where you make an initial request and t
    * he request times out. If you make the request again with the same request
    * ID, the server can check if original operation with the same request ID
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/proto/google/cloud/security/privateca/v1/resources.proto b/proto-google-cloud-security-private-ca-v1/src/main/proto/google/cloud/security/privateca/v1/resources.proto
index f0cd7a31..4da13f43 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/proto/google/cloud/security/privateca/v1/resources.proto
+++ b/proto-google-cloud-security-private-ca-v1/src/main/proto/google/cloud/security/privateca/v1/resources.proto
@@ -290,20 +290,31 @@ message CaPool {
         int64 max_modulus_size = 2 [(google.api.field_behavior) = OPTIONAL];
       }
 
-      // Describes a named Elliptic Curve that may be used in a [Certificate][google.cloud.security.privateca.v1.Certificate]
+      // Describes an Elliptic Curve key that may be used in a [Certificate][google.cloud.security.privateca.v1.Certificate]
       // issued from a [CaPool][google.cloud.security.privateca.v1.CaPool].
-      enum NamedCurve {
-        // Not specified.
-        NAMED_CURVE_UNSPECIFIED = 0;
-
-        // Refers to the NIST P-256 curve.
-        ECDSA_P256 = 2;
-
-        // Refers to the NIST P-384 curve.
-        ECDSA_P384 = 3;
-
-        // Refers to the Ed25519 curve, as described in RFC 8410.
-        EDDSA_25519 = 4;
+      message EcKeyType {
+        // Describes an elliptic curve-based signature algorithm that may be
+        // used in a [Certificate][google.cloud.security.privateca.v1.Certificate] issued from a [CaPool][google.cloud.security.privateca.v1.CaPool].
+        enum EcSignatureAlgorithm {
+          // Not specified. Signifies that any signature algorithm may be used.
+          EC_SIGNATURE_ALGORITHM_UNSPECIFIED = 0;
+
+          // Refers to the Elliptic Curve Digital Signature Algorithm over the
+          // NIST P-256 curve.
+          ECDSA_P256 = 1;
+
+          // Refers to the Elliptic Curve Digital Signature Algorithm over the
+          // NIST P-384 curve.
+          ECDSA_P384 = 2;
+
+          // Refers to the Edwards-curve Digital Signature Algorithm over curve
+          // 25519, as described in RFC 8410.
+          EDDSA_25519 = 3;
+        }
+
+        // Optional. A signature algorithm that must be used. If this is omitted, any
+        // EC-based signature algorithm will be allowed.
+        EcSignatureAlgorithm signature_algorithm = 1 [(google.api.field_behavior) = OPTIONAL];
       }
 
       oneof key_type {
@@ -311,7 +322,7 @@ message CaPool {
         RsaKeyType rsa = 1;
 
         // Represents an allowed Elliptic Curve key type.
-        NamedCurve elliptic_curve = 2;
+        EcKeyType elliptic_curve = 2;
       }
     }
 
@@ -1102,6 +1113,6 @@ enum SubjectRequestMode {
   // on the caller's identity. This mode will ignore any explicitly specified
   // [Subject][google.cloud.security.privateca.v1.Subject] and/or [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] in the certificate request.
   // This mode requires the caller to have the
-  // `privateca.certificates.createReflected` permission.
+  // `privateca.certificates.createForSelf` permission.
   REFLECTED_SPIFFE = 2;
 }
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/proto/google/cloud/security/privateca/v1/service.proto b/proto-google-cloud-security-private-ca-v1/src/main/proto/google/cloud/security/privateca/v1/service.proto
index f98383ec..1c1fb75b 100644
--- a/proto-google-cloud-security-private-ca-v1/src/main/proto/google/cloud/security/privateca/v1/service.proto
+++ b/proto-google-cloud-security-private-ca-v1/src/main/proto/google/cloud/security/privateca/v1/service.proto
@@ -35,16 +35,13 @@ option java_package = "com.google.cloud.security.privateca.v1";
 option php_namespace = "Google\\Cloud\\Security\\PrivateCA\\v1";
 option ruby_package = "Google::Cloud::Security::PrivateCA::v1";
 
-// [Certificate Authority
-// Service][google.cloud.security.privateca.v1.CertificateAuthorityService]
-// manages private certificate authorities and issued certificates.
+// [Certificate Authority Service][google.cloud.security.privateca.v1.CertificateAuthorityService] manages private
+// certificate authorities and issued certificates.
 service CertificateAuthorityService {
   option (google.api.default_host) = "privateca.googleapis.com";
-  option (google.api.oauth_scopes) =
-      "https://www.googleapis.com/auth/cloud-platform";
+  option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform";
 
-  // Create a new [Certificate][google.cloud.security.privateca.v1.Certificate]
-  // in a given Project, Location from a particular
+  // Create a new [Certificate][google.cloud.security.privateca.v1.Certificate] in a given Project, Location from a particular
   // [CaPool][google.cloud.security.privateca.v1.CaPool].
   rpc CreateCertificate(CreateCertificateRequest) returns (Certificate) {
     option (google.api.http) = {
@@ -63,8 +60,7 @@ service CertificateAuthorityService {
   }
 
   // Lists [Certificates][google.cloud.security.privateca.v1.Certificate].
-  rpc ListCertificates(ListCertificatesRequest)
-      returns (ListCertificatesResponse) {
+  rpc ListCertificates(ListCertificatesRequest) returns (ListCertificatesResponse) {
     option (google.api.http) = {
       get: "/v1/{parent=projects/*/locations/*/caPools/*}/certificates"
     };
@@ -80,8 +76,7 @@ service CertificateAuthorityService {
     option (google.api.method_signature) = "name";
   }
 
-  // Update a [Certificate][google.cloud.security.privateca.v1.Certificate].
-  // Currently, the only field you can update is the
+  // Update a [Certificate][google.cloud.security.privateca.v1.Certificate]. Currently, the only field you can update is the
   // [labels][google.cloud.security.privateca.v1.Certificate.labels] field.
   rpc UpdateCertificate(UpdateCertificateRequest) returns (Certificate) {
     option (google.api.http) = {
@@ -91,18 +86,13 @@ service CertificateAuthorityService {
     option (google.api.method_signature) = "certificate,update_mask";
   }
 
-  // Activate a
-  // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-  // that is in state
+  // Activate a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that is in state
   // [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
-  // and is of type
-  // [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
-  // After the parent Certificate Authority signs a certificate signing request
-  // from
-  // [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr],
-  // this method can complete the activation process.
-  rpc ActivateCertificateAuthority(ActivateCertificateAuthorityRequest)
-      returns (google.longrunning.Operation) {
+  // and is of type [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. After
+  // the parent Certificate Authority signs a certificate signing request from
+  // [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr], this method can complete the activation
+  // process.
+  rpc ActivateCertificateAuthority(ActivateCertificateAuthorityRequest) returns (google.longrunning.Operation) {
     option (google.api.http) = {
       post: "/v1/{name=projects/*/locations/*/caPools/*/certificateAuthorities/*}:activate"
       body: "*"
@@ -114,27 +104,21 @@ service CertificateAuthorityService {
     };
   }
 
-  // Create a new
-  // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-  // in a given Project and Location.
-  rpc CreateCertificateAuthority(CreateCertificateAuthorityRequest)
-      returns (google.longrunning.Operation) {
+  // Create a new [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in a given Project and Location.
+  rpc CreateCertificateAuthority(CreateCertificateAuthorityRequest) returns (google.longrunning.Operation) {
     option (google.api.http) = {
       post: "/v1/{parent=projects/*/locations/*/caPools/*}/certificateAuthorities"
       body: "certificate_authority"
     };
-    option (google.api.method_signature) =
-        "parent,certificate_authority,certificate_authority_id";
+    option (google.api.method_signature) = "parent,certificate_authority,certificate_authority_id";
     option (google.longrunning.operation_info) = {
       response_type: "CertificateAuthority"
       metadata_type: "OperationMetadata"
     };
   }
 
-  // Disable a
-  // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
-  rpc DisableCertificateAuthority(DisableCertificateAuthorityRequest)
-      returns (google.longrunning.Operation) {
+  // Disable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+  rpc DisableCertificateAuthority(DisableCertificateAuthorityRequest) returns (google.longrunning.Operation) {
     option (google.api.http) = {
       post: "/v1/{name=projects/*/locations/*/caPools/*/certificateAuthorities/*}:disable"
       body: "*"
@@ -146,10 +130,8 @@ service CertificateAuthorityService {
     };
   }
 
-  // Enable a
-  // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
-  rpc EnableCertificateAuthority(EnableCertificateAuthorityRequest)
-      returns (google.longrunning.Operation) {
+  // Enable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+  rpc EnableCertificateAuthority(EnableCertificateAuthorityRequest) returns (google.longrunning.Operation) {
     option (google.api.http) = {
       post: "/v1/{name=projects/*/locations/*/caPools/*/certificateAuthorities/*}:enable"
       body: "*"
@@ -161,50 +143,38 @@ service CertificateAuthorityService {
     };
   }
 
-  // Fetch a certificate signing request (CSR) from a
-  // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+  // Fetch a certificate signing request (CSR) from a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
   // that is in state
   // [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
-  // and is of type
-  // [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
-  // The CSR must then be signed by the desired parent Certificate Authority,
-  // which could be another
-  // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-  // resource, or could be an on-prem certificate authority. See also
-  // [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
-  rpc FetchCertificateAuthorityCsr(FetchCertificateAuthorityCsrRequest)
-      returns (FetchCertificateAuthorityCsrResponse) {
+  // and is of type [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. The
+  // CSR must then be signed by the desired parent Certificate Authority, which
+  // could be another [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] resource, or could be an on-prem
+  // certificate authority. See also [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
+  rpc FetchCertificateAuthorityCsr(FetchCertificateAuthorityCsrRequest) returns (FetchCertificateAuthorityCsrResponse) {
     option (google.api.http) = {
       get: "/v1/{name=projects/*/locations/*/caPools/*/certificateAuthorities/*}:fetch"
     };
     option (google.api.method_signature) = "name";
   }
 
-  // Returns a
-  // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
-  rpc GetCertificateAuthority(GetCertificateAuthorityRequest)
-      returns (CertificateAuthority) {
+  // Returns a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+  rpc GetCertificateAuthority(GetCertificateAuthorityRequest) returns (CertificateAuthority) {
     option (google.api.http) = {
       get: "/v1/{name=projects/*/locations/*/caPools/*/certificateAuthorities/*}"
     };
     option (google.api.method_signature) = "name";
   }
 
-  // Lists
-  // [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
-  rpc ListCertificateAuthorities(ListCertificateAuthoritiesRequest)
-      returns (ListCertificateAuthoritiesResponse) {
+  // Lists [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+  rpc ListCertificateAuthorities(ListCertificateAuthoritiesRequest) returns (ListCertificateAuthoritiesResponse) {
     option (google.api.http) = {
       get: "/v1/{parent=projects/*/locations/*/caPools/*}/certificateAuthorities"
     };
     option (google.api.method_signature) = "parent";
   }
 
-  // Undelete a
-  // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-  // that has been deleted.
-  rpc UndeleteCertificateAuthority(UndeleteCertificateAuthorityRequest)
-      returns (google.longrunning.Operation) {
+  // Undelete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that has been deleted.
+  rpc UndeleteCertificateAuthority(UndeleteCertificateAuthorityRequest) returns (google.longrunning.Operation) {
     option (google.api.http) = {
       post: "/v1/{name=projects/*/locations/*/caPools/*/certificateAuthorities/*}:undelete"
       body: "*"
@@ -216,10 +186,8 @@ service CertificateAuthorityService {
     };
   }
 
-  // Delete a
-  // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
-  rpc DeleteCertificateAuthority(DeleteCertificateAuthorityRequest)
-      returns (google.longrunning.Operation) {
+  // Delete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+  rpc DeleteCertificateAuthority(DeleteCertificateAuthorityRequest) returns (google.longrunning.Operation) {
     option (google.api.http) = {
       delete: "/v1/{name=projects/*/locations/*/caPools/*/certificateAuthorities/*}"
     };
@@ -230,10 +198,8 @@ service CertificateAuthorityService {
     };
   }
 
-  // Update a
-  // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
-  rpc UpdateCertificateAuthority(UpdateCertificateAuthorityRequest)
-      returns (google.longrunning.Operation) {
+  // Update a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+  rpc UpdateCertificateAuthority(UpdateCertificateAuthorityRequest) returns (google.longrunning.Operation) {
     option (google.api.http) = {
       patch: "/v1/{certificate_authority.name=projects/*/locations/*/caPools/*/certificateAuthorities/*}"
       body: "certificate_authority"
@@ -299,10 +265,8 @@ service CertificateAuthorityService {
     };
   }
 
-  // FetchCaCerts returns the current trust anchor for the
-  // [CaPool][google.cloud.security.privateca.v1.CaPool]. This will include CA
-  // certificate chains for all ACTIVE
-  // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+  // FetchCaCerts returns the current trust anchor for the [CaPool][google.cloud.security.privateca.v1.CaPool]. This will
+  // include CA certificate chains for all ACTIVE [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
   // resources in the [CaPool][google.cloud.security.privateca.v1.CaPool].
   rpc FetchCaCerts(FetchCaCertsRequest) returns (FetchCaCertsResponse) {
     option (google.api.http) = {
@@ -312,63 +276,50 @@ service CertificateAuthorityService {
     option (google.api.method_signature) = "ca_pool";
   }
 
-  // Returns a
-  // [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
-  rpc GetCertificateRevocationList(GetCertificateRevocationListRequest)
-      returns (CertificateRevocationList) {
+  // Returns a [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+  rpc GetCertificateRevocationList(GetCertificateRevocationListRequest) returns (CertificateRevocationList) {
     option (google.api.http) = {
       get: "/v1/{name=projects/*/locations/*/caPools/*/certificateAuthorities/*/certificateRevocationLists/*}"
     };
     option (google.api.method_signature) = "name";
   }
 
-  // Lists
-  // [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
-  rpc ListCertificateRevocationLists(ListCertificateRevocationListsRequest)
-      returns (ListCertificateRevocationListsResponse) {
+  // Lists [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+  rpc ListCertificateRevocationLists(ListCertificateRevocationListsRequest) returns (ListCertificateRevocationListsResponse) {
     option (google.api.http) = {
       get: "/v1/{parent=projects/*/locations/*/caPools/*/certificateAuthorities/*}/certificateRevocationLists"
     };
     option (google.api.method_signature) = "parent";
   }
 
-  // Update a
-  // [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
-  rpc UpdateCertificateRevocationList(UpdateCertificateRevocationListRequest)
-      returns (google.longrunning.Operation) {
+  // Update a [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+  rpc UpdateCertificateRevocationList(UpdateCertificateRevocationListRequest) returns (google.longrunning.Operation) {
     option (google.api.http) = {
       patch: "/v1/{certificate_revocation_list.name=projects/*/locations/*/caPools/*/certificateAuthorities/*/certificateRevocationLists/*}"
       body: "certificate_revocation_list"
     };
-    option (google.api.method_signature) =
-        "certificate_revocation_list,update_mask";
+    option (google.api.method_signature) = "certificate_revocation_list,update_mask";
     option (google.longrunning.operation_info) = {
       response_type: "CertificateRevocationList"
       metadata_type: "OperationMetadata"
     };
   }
 
-  // Create a new
-  // [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
-  // in a given Project and Location.
-  rpc CreateCertificateTemplate(CreateCertificateTemplateRequest)
-      returns (google.longrunning.Operation) {
+  // Create a new [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in a given Project and Location.
+  rpc CreateCertificateTemplate(CreateCertificateTemplateRequest) returns (google.longrunning.Operation) {
     option (google.api.http) = {
       post: "/v1/{parent=projects/*/locations/*}/certificateTemplates"
       body: "certificate_template"
     };
-    option (google.api.method_signature) =
-        "parent,certificate_template,certificate_template_id";
+    option (google.api.method_signature) = "parent,certificate_template,certificate_template_id";
     option (google.longrunning.operation_info) = {
       response_type: "CertificateTemplate"
       metadata_type: "OperationMetadata"
     };
   }
 
-  // DeleteCertificateTemplate deletes a
-  // [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
-  rpc DeleteCertificateTemplate(DeleteCertificateTemplateRequest)
-      returns (google.longrunning.Operation) {
+  // DeleteCertificateTemplate deletes a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+  rpc DeleteCertificateTemplate(DeleteCertificateTemplateRequest) returns (google.longrunning.Operation) {
     option (google.api.http) = {
       delete: "/v1/{name=projects/*/locations/*/certificateTemplates/*}"
     };
@@ -379,30 +330,24 @@ service CertificateAuthorityService {
     };
   }
 
-  // Returns a
-  // [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
-  rpc GetCertificateTemplate(GetCertificateTemplateRequest)
-      returns (CertificateTemplate) {
+  // Returns a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+  rpc GetCertificateTemplate(GetCertificateTemplateRequest) returns (CertificateTemplate) {
     option (google.api.http) = {
       get: "/v1/{name=projects/*/locations/*/certificateTemplates/*}"
     };
     option (google.api.method_signature) = "name";
   }
 
-  // Lists
-  // [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
-  rpc ListCertificateTemplates(ListCertificateTemplatesRequest)
-      returns (ListCertificateTemplatesResponse) {
+  // Lists [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+  rpc ListCertificateTemplates(ListCertificateTemplatesRequest) returns (ListCertificateTemplatesResponse) {
     option (google.api.http) = {
       get: "/v1/{parent=projects/*/locations/*}/certificateTemplates"
     };
     option (google.api.method_signature) = "parent";
   }
 
-  // Update a
-  // [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
-  rpc UpdateCertificateTemplate(UpdateCertificateTemplateRequest)
-      returns (google.longrunning.Operation) {
+  // Update a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+  rpc UpdateCertificateTemplate(UpdateCertificateTemplateRequest) returns (google.longrunning.Operation) {
     option (google.api.http) = {
       patch: "/v1/{certificate_template.name=projects/*/locations/*/certificateTemplates/*}"
       body: "certificate_template"
@@ -415,13 +360,10 @@ service CertificateAuthorityService {
   }
 }
 
-// Request message for
-// [CertificateAuthorityService.CreateCertificate][google.cloud.security.privateca.v1.CertificateAuthorityService.CreateCertificate].
+// Request message for [CertificateAuthorityService.CreateCertificate][google.cloud.security.privateca.v1.CertificateAuthorityService.CreateCertificate].
 message CreateCertificateRequest {
-  // Required. The resource name of the
-  // [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
-  // [Certificate][google.cloud.security.privateca.v1.Certificate], in the
-  // format `projects/*/locations/*/caPools/*`.
+  // Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the [Certificate][google.cloud.security.privateca.v1.Certificate],
+  // in the format `projects/*/locations/*/caPools/*`.
   string parent = 1 [
     (google.api.field_behavior) = REQUIRED,
     (google.api.resource_reference) = {
@@ -431,20 +373,17 @@ message CreateCertificateRequest {
 
   // Optional. It must be unique within a location and match the regular
   // expression `[a-zA-Z0-9_-]{1,63}`. This field is required when using a
-  // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-  // in the Enterprise
-  // [CaPool.Tier][google.cloud.security.privateca.v1.CaPool.Tier], but is
-  // optional and its value is ignored otherwise.
+  // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the Enterprise [CertificateAuthority.Tier][],
+  // but is optional and its value is ignored otherwise.
   string certificate_id = 2 [(google.api.field_behavior) = OPTIONAL];
 
-  // Required. A [Certificate][google.cloud.security.privateca.v1.Certificate]
-  // with initial field values.
+  // Required. A [Certificate][google.cloud.security.privateca.v1.Certificate] with initial field values.
   Certificate certificate = 3 [(google.api.field_behavior) = REQUIRED];
 
-  // Optional. An ID to identify requests. Specify a unique request ID so that
-  // if you must retry your request, the server will know to ignore the request
-  // if it has already been completed. The server will guarantee that for at
-  // least 60 minutes since the first request.
+  // Optional. An ID to identify requests. Specify a unique request ID so that if you must
+  // retry your request, the server will know to ignore the request if it has
+  // already been completed. The server will guarantee that for at least 60
+  // minutes since the first request.
   //
   // For example, consider a situation where you make an initial request and t
   // he request times out. If you make the request again with the same request
@@ -456,45 +395,29 @@ message CreateCertificateRequest {
   // not supported (00000000-0000-0000-0000-000000000000).
   string request_id = 4 [(google.api.field_behavior) = OPTIONAL];
 
-  // Optional. If this is true, no
-  // [Certificate][google.cloud.security.privateca.v1.Certificate] resource will
-  // be persisted regardless of the
-  // [CaPool][google.cloud.security.privateca.v1.CaPool]'s
-  // [tier][google.cloud.security.privateca.v1.CaPool.tier], and the returned
-  // [Certificate][google.cloud.security.privateca.v1.Certificate] will not
-  // contain the
-  // [pem_certificate][google.cloud.security.privateca.v1.Certificate.pem_certificate]
-  // field.
+  // Optional. If this is true, no [Certificate][google.cloud.security.privateca.v1.Certificate] resource will be persisted regardless
+  // of the [CaPool][google.cloud.security.privateca.v1.CaPool]'s [tier][google.cloud.security.privateca.v1.CaPool.tier], and the returned [Certificate][google.cloud.security.privateca.v1.Certificate]
+  // will not contain the [pem_certificate][google.cloud.security.privateca.v1.Certificate.pem_certificate] field.
   bool validate_only = 5 [(google.api.field_behavior) = OPTIONAL];
 
-  // Optional. The resource ID of the
-  // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-  // that should issue the certificate.  This optional field will ignore the
-  // load-balancing scheme of the Pool and directly issue the certificate from
-  // the CA with the specified ID, contained in the same
-  // [CaPool][google.cloud.security.privateca.v1.CaPool] referenced by `parent`.
-  // Per-CA quota rules apply. If left empty, a
-  // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-  // will be chosen from the [CaPool][google.cloud.security.privateca.v1.CaPool]
-  // by the service. For example, to issue a
-  // [Certificate][google.cloud.security.privateca.v1.Certificate] from a
-  // Certificate Authority with resource name
+  // Optional. The resource ID of the [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that should issue the
+  // certificate.  This optional field will ignore the load-balancing scheme of
+  // the Pool and directly issue the certificate from the CA with the specified
+  // ID, contained in the same [CaPool][google.cloud.security.privateca.v1.CaPool] referenced by `parent`. Per-CA quota
+  // rules apply. If left empty, a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will be chosen from
+  // the [CaPool][google.cloud.security.privateca.v1.CaPool] by the service. For example, to issue a [Certificate][google.cloud.security.privateca.v1.Certificate] from
+  // a Certificate Authority with resource name
   // "projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca",
-  // you can set the
-  // [parent][google.cloud.security.privateca.v1.CreateCertificateRequest.parent]
-  // to "projects/my-project/locations/us-central1/caPools/my-pool" and the
-  // [issuing_certificate_authority_id][google.cloud.security.privateca.v1.CreateCertificateRequest.issuing_certificate_authority_id]
-  // to "my-ca".
-  string issuing_certificate_authority_id = 6
-      [(google.api.field_behavior) = OPTIONAL];
+  // you can set the [parent][google.cloud.security.privateca.v1.CreateCertificateRequest.parent] to
+  // "projects/my-project/locations/us-central1/caPools/my-pool" and the
+  // [issuing_certificate_authority_id][google.cloud.security.privateca.v1.CreateCertificateRequest.issuing_certificate_authority_id] to "my-ca".
+  string issuing_certificate_authority_id = 6 [(google.api.field_behavior) = OPTIONAL];
 }
 
 // Request message for
 // [CertificateAuthorityService.GetCertificate][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCertificate].
 message GetCertificateRequest {
-  // Required. The [name][google.cloud.security.privateca.v1.Certificate.name]
-  // of the [Certificate][google.cloud.security.privateca.v1.Certificate] to
-  // get.
+  // Required. The [name][google.cloud.security.privateca.v1.Certificate.name] of the [Certificate][google.cloud.security.privateca.v1.Certificate] to get.
   string name = 1 [
     (google.api.field_behavior) = REQUIRED,
     (google.api.resource_reference) = {
@@ -503,12 +426,11 @@ message GetCertificateRequest {
   ];
 }
 
-// Request message for
-// [CertificateAuthorityService.ListCertificates][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificates].
+// Request message for [CertificateAuthorityService.ListCertificates][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificates].
 message ListCertificatesRequest {
   // Required. The resource name of the location associated with the
-  // [Certificates][google.cloud.security.privateca.v1.Certificate], in the
-  // format `projects/*/locations/*/caPools/*`.
+  // [Certificates][google.cloud.security.privateca.v1.Certificate], in the format
+  // `projects/*/locations/*/caPools/*`.
   string parent = 1 [
     (google.api.field_behavior) = REQUIRED,
     (google.api.resource_reference) = {
@@ -517,32 +439,29 @@ message ListCertificatesRequest {
   ];
 
   // Optional. Limit on the number of
-  // [Certificates][google.cloud.security.privateca.v1.Certificate] to include
-  // in the response. Further
-  // [Certificates][google.cloud.security.privateca.v1.Certificate] can
-  // subsequently be obtained by including the
-  // [ListCertificatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificatesResponse.next_page_token]
-  // in a subsequent request. If unspecified, the server will pick an
-  // appropriate default.
+  // [Certificates][google.cloud.security.privateca.v1.Certificate] to include in the
+  // response. Further [Certificates][google.cloud.security.privateca.v1.Certificate] can subsequently be obtained
+  // by including the
+  // [ListCertificatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificatesResponse.next_page_token] in a subsequent
+  // request. If unspecified, the server will pick an appropriate default.
   int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL];
 
   // Optional. Pagination token, returned earlier via
   // [ListCertificatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificatesResponse.next_page_token].
   string page_token = 3 [(google.api.field_behavior) = OPTIONAL];
 
-  // Optional. Only include resources that match the filter in the response. For
-  // details on supported filters and syntax, see [Certificates Filtering
+  // Optional. Only include resources that match the filter in the response. For details
+  // on supported filters and syntax, see [Certificates Filtering
   // documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#filtering_support).
   string filter = 4 [(google.api.field_behavior) = OPTIONAL];
 
-  // Optional. Specify how the results should be sorted. For details on
-  // supported fields and syntax, see [Certificates Sorting
+  // Optional. Specify how the results should be sorted. For details on supported fields
+  // and syntax, see [Certificates Sorting
   // documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#sorting_support).
   string order_by = 5 [(google.api.field_behavior) = OPTIONAL];
 }
 
-// Response message for
-// [CertificateAuthorityService.ListCertificates][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificates].
+// Response message for [CertificateAuthorityService.ListCertificates][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificates].
 message ListCertificatesResponse {
   // The list of [Certificates][google.cloud.security.privateca.v1.Certificate].
   repeated Certificate certificates = 1;
@@ -559,8 +478,8 @@ message ListCertificatesResponse {
 // Request message for
 // [CertificateAuthorityService.RevokeCertificate][google.cloud.security.privateca.v1.CertificateAuthorityService.RevokeCertificate].
 message RevokeCertificateRequest {
-  // Required. The resource name for this
-  // [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
+  // Required. The resource name for this [Certificate][google.cloud.security.privateca.v1.Certificate] in the
+  // format
   // `projects/*/locations/*/caPools/*/certificates/*`.
   string name = 1 [
     (google.api.field_behavior) = REQUIRED,
@@ -569,15 +488,13 @@ message RevokeCertificateRequest {
     }
   ];
 
-  // Required. The
-  // [RevocationReason][google.cloud.security.privateca.v1.RevocationReason] for
-  // revoking this certificate.
+  // Required. The [RevocationReason][google.cloud.security.privateca.v1.RevocationReason] for revoking this certificate.
   RevocationReason reason = 2 [(google.api.field_behavior) = REQUIRED];
 
-  // Optional. An ID to identify requests. Specify a unique request ID so that
-  // if you must retry your request, the server will know to ignore the request
-  // if it has already been completed. The server will guarantee that for at
-  // least 60 minutes since the first request.
+  // Optional. An ID to identify requests. Specify a unique request ID so that if you must
+  // retry your request, the server will know to ignore the request if it has
+  // already been completed. The server will guarantee that for at least 60
+  // minutes since the first request.
   //
   // For example, consider a situation where you make an initial request and t
   // he request times out. If you make the request again with the same request
@@ -590,21 +507,18 @@ message RevokeCertificateRequest {
   string request_id = 3 [(google.api.field_behavior) = OPTIONAL];
 }
 
-// Request message for
-// [CertificateAuthorityService.UpdateCertificate][google.cloud.security.privateca.v1.CertificateAuthorityService.UpdateCertificate].
+// Request message for [CertificateAuthorityService.UpdateCertificate][google.cloud.security.privateca.v1.CertificateAuthorityService.UpdateCertificate].
 message UpdateCertificateRequest {
-  // Required. [Certificate][google.cloud.security.privateca.v1.Certificate]
-  // with updated values.
+  // Required. [Certificate][google.cloud.security.privateca.v1.Certificate] with updated values.
   Certificate certificate = 1 [(google.api.field_behavior) = REQUIRED];
 
   // Required. A list of fields to be updated in this request.
-  google.protobuf.FieldMask update_mask = 2
-      [(google.api.field_behavior) = REQUIRED];
+  google.protobuf.FieldMask update_mask = 2 [(google.api.field_behavior) = REQUIRED];
 
-  // Optional. An ID to identify requests. Specify a unique request ID so that
-  // if you must retry your request, the server will know to ignore the request
-  // if it has already been completed. The server will guarantee that for at
-  // least 60 minutes since the first request.
+  // Optional. An ID to identify requests. Specify a unique request ID so that if you must
+  // retry your request, the server will know to ignore the request if it has
+  // already been completed. The server will guarantee that for at least 60
+  // minutes since the first request.
   //
   // For example, consider a situation where you make an initial request and t
   // he request times out. If you make the request again with the same request
@@ -620,9 +534,8 @@ message UpdateCertificateRequest {
 // Request message for
 // [CertificateAuthorityService.ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
 message ActivateCertificateAuthorityRequest {
-  // Required. The resource name for this
-  // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-  // in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+  // Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+  // format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
   string name = 1 [
     (google.api.field_behavior) = REQUIRED,
     (google.api.resource_reference) = {
@@ -634,15 +547,14 @@ message ActivateCertificateAuthorityRequest {
   // [FetchCertificateAuthorityCsrResponse.pem_csr][google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse.pem_csr].
   string pem_ca_certificate = 2 [(google.api.field_behavior) = REQUIRED];
 
-  // Required. Must include information about the issuer of
-  // 'pem_ca_certificate', and any further issuers until the self-signed CA.
-  SubordinateConfig subordinate_config = 3
-      [(google.api.field_behavior) = REQUIRED];
+  // Required. Must include information about the issuer of 'pem_ca_certificate', and any
+  // further issuers until the self-signed CA.
+  SubordinateConfig subordinate_config = 3 [(google.api.field_behavior) = REQUIRED];
 
-  // Optional. An ID to identify requests. Specify a unique request ID so that
-  // if you must retry your request, the server will know to ignore the request
-  // if it has already been completed. The server will guarantee that for at
-  // least 60 minutes since the first request.
+  // Optional. An ID to identify requests. Specify a unique request ID so that if you must
+  // retry your request, the server will know to ignore the request if it has
+  // already been completed. The server will guarantee that for at least 60
+  // minutes since the first request.
   //
   // For example, consider a situation where you make an initial request and t
   // he request times out. If you make the request again with the same request
@@ -658,10 +570,9 @@ message ActivateCertificateAuthorityRequest {
 // Request message for
 // [CertificateAuthorityService.CreateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.CreateCertificateAuthority].
 message CreateCertificateAuthorityRequest {
-  // Required. The resource name of the
-  // [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
-  // [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
-  // in the format `projects/*/locations/*/caPools/*`.
+  // Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+  // [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority], in the format
+  // `projects/*/locations/*/caPools/*`.
   string parent = 1 [
     (google.api.field_behavior) = REQUIRED,
     (google.api.resource_reference) = {
@@ -673,16 +584,13 @@ message CreateCertificateAuthorityRequest {
   // expression `[a-zA-Z0-9_-]{1,63}`
   string certificate_authority_id = 2 [(google.api.field_behavior) = REQUIRED];
 
-  // Required. A
-  // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-  // with initial field values.
-  CertificateAuthority certificate_authority = 3
-      [(google.api.field_behavior) = REQUIRED];
+  // Required. A [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with initial field values.
+  CertificateAuthority certificate_authority = 3 [(google.api.field_behavior) = REQUIRED];
 
-  // Optional. An ID to identify requests. Specify a unique request ID so that
-  // if you must retry your request, the server will know to ignore the request
-  // if it has already been completed. The server will guarantee that for at
-  // least 60 minutes since the first request.
+  // Optional. An ID to identify requests. Specify a unique request ID so that if you must
+  // retry your request, the server will know to ignore the request if it has
+  // already been completed. The server will guarantee that for at least 60
+  // minutes since the first request.
   //
   // For example, consider a situation where you make an initial request and t
   // he request times out. If you make the request again with the same request
@@ -698,9 +606,8 @@ message CreateCertificateAuthorityRequest {
 // Request message for
 // [CertificateAuthorityService.DisableCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.DisableCertificateAuthority].
 message DisableCertificateAuthorityRequest {
-  // Required. The resource name for this
-  // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-  // in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+  // Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+  // format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
   string name = 1 [
     (google.api.field_behavior) = REQUIRED,
     (google.api.resource_reference) = {
@@ -708,10 +615,10 @@ message DisableCertificateAuthorityRequest {
     }
   ];
 
-  // Optional. An ID to identify requests. Specify a unique request ID so that
-  // if you must retry your request, the server will know to ignore the request
-  // if it has already been completed. The server will guarantee that for at
-  // least 60 minutes since the first request.
+  // Optional. An ID to identify requests. Specify a unique request ID so that if you must
+  // retry your request, the server will know to ignore the request if it has
+  // already been completed. The server will guarantee that for at least 60
+  // minutes since the first request.
   //
   // For example, consider a situation where you make an initial request and t
   // he request times out. If you make the request again with the same request
@@ -727,9 +634,8 @@ message DisableCertificateAuthorityRequest {
 // Request message for
 // [CertificateAuthorityService.EnableCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.EnableCertificateAuthority].
 message EnableCertificateAuthorityRequest {
-  // Required. The resource name for this
-  // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-  // in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+  // Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+  // format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
   string name = 1 [
     (google.api.field_behavior) = REQUIRED,
     (google.api.resource_reference) = {
@@ -737,10 +643,10 @@ message EnableCertificateAuthorityRequest {
     }
   ];
 
-  // Optional. An ID to identify requests. Specify a unique request ID so that
-  // if you must retry your request, the server will know to ignore the request
-  // if it has already been completed. The server will guarantee that for at
-  // least 60 minutes since the first request.
+  // Optional. An ID to identify requests. Specify a unique request ID so that if you must
+  // retry your request, the server will know to ignore the request if it has
+  // already been completed. The server will guarantee that for at least 60
+  // minutes since the first request.
   //
   // For example, consider a situation where you make an initial request and t
   // he request times out. If you make the request again with the same request
@@ -756,9 +662,8 @@ message EnableCertificateAuthorityRequest {
 // Request message for
 // [CertificateAuthorityService.FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr].
 message FetchCertificateAuthorityCsrRequest {
-  // Required. The resource name for this
-  // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-  // in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+  // Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+  // format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
   string name = 1 [
     (google.api.field_behavior) = REQUIRED,
     (google.api.resource_reference) = {
@@ -774,13 +679,10 @@ message FetchCertificateAuthorityCsrResponse {
   string pem_csr = 1 [(google.api.field_behavior) = OUTPUT_ONLY];
 }
 
-// Request message for
-// [CertificateAuthorityService.GetCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCertificateAuthority].
+// Request message for [CertificateAuthorityService.GetCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCertificateAuthority].
 message GetCertificateAuthorityRequest {
-  // Required. The
-  // [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the
-  // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-  // to get.
+  // Required. The [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] to
+  // get.
   string name = 1 [
     (google.api.field_behavior) = REQUIRED,
     (google.api.resource_reference) = {
@@ -792,10 +694,9 @@ message GetCertificateAuthorityRequest {
 // Request message for
 // [CertificateAuthorityService.ListCertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateAuthorities].
 message ListCertificateAuthoritiesRequest {
-  // Required. The resource name of the
-  // [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
-  // [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
-  // in the format `projects/*/locations/*/caPools/*`.
+  // Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+  // [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority], in the format
+  // `projects/*/locations/*/caPools/*`.
   string parent = 1 [
     (google.api.field_behavior) = REQUIRED,
     (google.api.resource_reference) = {
@@ -803,14 +704,12 @@ message ListCertificateAuthoritiesRequest {
     }
   ];
 
-  // Optional. Limit on the number of
-  // [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority]
-  // to include in the response. Further
-  // [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority]
-  // can subsequently be obtained by including the
-  // [ListCertificateAuthoritiesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse.next_page_token]
-  // in a subsequent request. If unspecified, the server will pick an
-  // appropriate default.
+  // Optional. Limit on the number of [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority] to
+  // include in the response.
+  // Further [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority] can subsequently be
+  // obtained by including the
+  // [ListCertificateAuthoritiesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse.next_page_token] in a subsequent
+  // request. If unspecified, the server will pick an appropriate default.
   int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL];
 
   // Optional. Pagination token, returned earlier via
@@ -827,8 +726,7 @@ message ListCertificateAuthoritiesRequest {
 // Response message for
 // [CertificateAuthorityService.ListCertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateAuthorities].
 message ListCertificateAuthoritiesResponse {
-  // The list of
-  // [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+  // The list of [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
   repeated CertificateAuthority certificate_authorities = 1;
 
   // A token to retrieve next page of results. Pass this value in
@@ -843,9 +741,8 @@ message ListCertificateAuthoritiesResponse {
 // Request message for
 // [CertificateAuthorityService.UndeleteCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.UndeleteCertificateAuthority].
 message UndeleteCertificateAuthorityRequest {
-  // Required. The resource name for this
-  // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-  // in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+  // Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+  // format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
   string name = 1 [
     (google.api.field_behavior) = REQUIRED,
     (google.api.resource_reference) = {
@@ -853,10 +750,10 @@ message UndeleteCertificateAuthorityRequest {
     }
   ];
 
-  // Optional. An ID to identify requests. Specify a unique request ID so that
-  // if you must retry your request, the server will know to ignore the request
-  // if it has already been completed. The server will guarantee that for at
-  // least 60 minutes since the first request.
+  // Optional. An ID to identify requests. Specify a unique request ID so that if you must
+  // retry your request, the server will know to ignore the request if it has
+  // already been completed. The server will guarantee that for at least 60
+  // minutes since the first request.
   //
   // For example, consider a situation where you make an initial request and t
   // he request times out. If you make the request again with the same request
@@ -872,9 +769,8 @@ message UndeleteCertificateAuthorityRequest {
 // Request message for
 // [CertificateAuthorityService.DeleteCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.DeleteCertificateAuthority].
 message DeleteCertificateAuthorityRequest {
-  // Required. The resource name for this
-  // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-  // in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+  // Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+  // format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
   string name = 1 [
     (google.api.field_behavior) = REQUIRED,
     (google.api.resource_reference) = {
@@ -882,10 +778,10 @@ message DeleteCertificateAuthorityRequest {
     }
   ];
 
-  // Optional. An ID to identify requests. Specify a unique request ID so that
-  // if you must retry your request, the server will know to ignore the request
-  // if it has already been completed. The server will guarantee that for at
-  // least 60 minutes since the first request.
+  // Optional. An ID to identify requests. Specify a unique request ID so that if you must
+  // retry your request, the server will know to ignore the request if it has
+  // already been completed. The server will guarantee that for at least 60
+  // minutes since the first request.
   //
   // For example, consider a situation where you make an initial request and t
   // he request times out. If you make the request again with the same request
@@ -905,20 +801,16 @@ message DeleteCertificateAuthorityRequest {
 // Request message for
 // [CertificateAuthorityService.UpdateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.UpdateCertificateAuthority].
 message UpdateCertificateAuthorityRequest {
-  // Required.
-  // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
-  // with updated values.
-  CertificateAuthority certificate_authority = 1
-      [(google.api.field_behavior) = REQUIRED];
+  // Required. [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with updated values.
+  CertificateAuthority certificate_authority = 1 [(google.api.field_behavior) = REQUIRED];
 
   // Required. A list of fields to be updated in this request.
-  google.protobuf.FieldMask update_mask = 2
-      [(google.api.field_behavior) = REQUIRED];
+  google.protobuf.FieldMask update_mask = 2 [(google.api.field_behavior) = REQUIRED];
 
-  // Optional. An ID to identify requests. Specify a unique request ID so that
-  // if you must retry your request, the server will know to ignore the request
-  // if it has already been completed. The server will guarantee that for at
-  // least 60 minutes since the first request.
+  // Optional. An ID to identify requests. Specify a unique request ID so that if you must
+  // retry your request, the server will know to ignore the request if it has
+  // already been completed. The server will guarantee that for at least 60
+  // minutes since the first request.
   //
   // For example, consider a situation where you make an initial request and t
   // he request times out. If you make the request again with the same request
@@ -935,8 +827,7 @@ message UpdateCertificateAuthorityRequest {
 // [CertificateAuthorityService.CreateCaPool][google.cloud.security.privateca.v1.CertificateAuthorityService.CreateCaPool].
 message CreateCaPoolRequest {
   // Required. The resource name of the location associated with the
-  // [CaPool][google.cloud.security.privateca.v1.CaPool], in the format
-  // `projects/*/locations/*`.
+  // [CaPool][google.cloud.security.privateca.v1.CaPool], in the format `projects/*/locations/*`.
   string parent = 1 [
     (google.api.field_behavior) = REQUIRED,
     (google.api.resource_reference) = {
@@ -948,14 +839,13 @@ message CreateCaPoolRequest {
   // expression `[a-zA-Z0-9_-]{1,63}`
   string ca_pool_id = 2 [(google.api.field_behavior) = REQUIRED];
 
-  // Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with
-  // initial field values.
+  // Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with initial field values.
   CaPool ca_pool = 3 [(google.api.field_behavior) = REQUIRED];
 
-  // Optional. An ID to identify requests. Specify a unique request ID so that
-  // if you must retry your request, the server will know to ignore the request
-  // if it has already been completed. The server will guarantee that for at
-  // least 60 minutes since the first request.
+  // Optional. An ID to identify requests. Specify a unique request ID so that if you must
+  // retry your request, the server will know to ignore the request if it has
+  // already been completed. The server will guarantee that for at least 60
+  // minutes since the first request.
   //
   // For example, consider a situation where you make an initial request and t
   // he request times out. If you make the request again with the same request
@@ -971,18 +861,16 @@ message CreateCaPoolRequest {
 // Request message for
 // [CertificateAuthorityService.UpdateCaPool][google.cloud.security.privateca.v1.CertificateAuthorityService.UpdateCaPool].
 message UpdateCaPoolRequest {
-  // Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated
-  // values.
+  // Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated values.
   CaPool ca_pool = 1 [(google.api.field_behavior) = REQUIRED];
 
   // Required. A list of fields to be updated in this request.
-  google.protobuf.FieldMask update_mask = 2
-      [(google.api.field_behavior) = REQUIRED];
+  google.protobuf.FieldMask update_mask = 2 [(google.api.field_behavior) = REQUIRED];
 
-  // Optional. An ID to identify requests. Specify a unique request ID so that
-  // if you must retry your request, the server will know to ignore the request
-  // if it has already been completed. The server will guarantee that for at
-  // least 60 minutes since the first request.
+  // Optional. An ID to identify requests. Specify a unique request ID so that if you must
+  // retry your request, the server will know to ignore the request if it has
+  // already been completed. The server will guarantee that for at least 60
+  // minutes since the first request.
   //
   // For example, consider a situation where you make an initial request and t
   // he request times out. If you make the request again with the same request
@@ -998,9 +886,8 @@ message UpdateCaPoolRequest {
 // Request message for
 // [CertificateAuthorityService.DeleteCaPool][google.cloud.security.privateca.v1.CertificateAuthorityService.DeleteCaPool].
 message DeleteCaPoolRequest {
-  // Required. The resource name for this
-  // [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
-  // `projects/*/locations/*/caPools/*`.
+  // Required. The resource name for this [CaPool][google.cloud.security.privateca.v1.CaPool] in the
+  // format `projects/*/locations/*/caPools/*`.
   string name = 1 [
     (google.api.field_behavior) = REQUIRED,
     (google.api.resource_reference) = {
@@ -1008,10 +895,10 @@ message DeleteCaPoolRequest {
     }
   ];
 
-  // Optional. An ID to identify requests. Specify a unique request ID so that
-  // if you must retry your request, the server will know to ignore the request
-  // if it has already been completed. The server will guarantee that for at
-  // least 60 minutes since the first request.
+  // Optional. An ID to identify requests. Specify a unique request ID so that if you must
+  // retry your request, the server will know to ignore the request if it has
+  // already been completed. The server will guarantee that for at least 60
+  // minutes since the first request.
   //
   // For example, consider a situation where you make an initial request and t
   // he request times out. If you make the request again with the same request
@@ -1027,9 +914,8 @@ message DeleteCaPoolRequest {
 // Request message for
 // [CertificateAuthorityService.FetchCaCerts][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCaCerts].
 message FetchCaCertsRequest {
-  // Required. The resource name for the
-  // [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
-  // `projects/*/locations/*/caPools/*`.
+  // Required. The resource name for the [CaPool][google.cloud.security.privateca.v1.CaPool] in the
+  // format `projects/*/locations/*/caPools/*`.
   string ca_pool = 1 [
     (google.api.field_behavior) = REQUIRED,
     (google.api.resource_reference) = {
@@ -1037,10 +923,10 @@ message FetchCaCertsRequest {
     }
   ];
 
-  // Optional. An ID to identify requests. Specify a unique request ID so that
-  // if you must retry your request, the server will know to ignore the request
-  // if it has already been completed. The server will guarantee that for at
-  // least 60 minutes since the first request.
+  // Optional. An ID to identify requests. Specify a unique request ID so that if you must
+  // retry your request, the server will know to ignore the request if it has
+  // already been completed. The server will guarantee that for at least 60
+  // minutes since the first request.
   //
   // For example, consider a situation where you make an initial request and t
   // he request times out. If you make the request again with the same request
@@ -1062,17 +948,14 @@ message FetchCaCertsResponse {
   }
 
   // The PEM encoded CA certificate chains of all
-  // [ACTIVE][CertificateAuthority.State.ACTIVE]
-  // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+  // [ACTIVE][CertificateAuthority.State.ACTIVE] [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
   // resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
   repeated CertChain ca_certs = 1;
 }
 
-// Request message for
-// [CertificateAuthorityService.GetCaPool][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCaPool].
+// Request message for [CertificateAuthorityService.GetCaPool][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCaPool].
 message GetCaPoolRequest {
-  // Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the
-  // [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
+  // Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
   string name = 1 [
     (google.api.field_behavior) = REQUIRED,
     (google.api.resource_reference) = {
@@ -1094,13 +977,12 @@ message ListCaPoolsRequest {
     }
   ];
 
-  // Optional. Limit on the number of
-  // [CaPools][google.cloud.security.privateca.v1.CaPool] to include in the
-  // response. Further [CaPools][google.cloud.security.privateca.v1.CaPool] can
-  // subsequently be obtained by including the
-  // [ListCaPoolsResponse.next_page_token][google.cloud.security.privateca.v1.ListCaPoolsResponse.next_page_token]
-  // in a subsequent request. If unspecified, the server will pick an
-  // appropriate default.
+  // Optional. Limit on the number of [CaPools][google.cloud.security.privateca.v1.CaPool] to
+  // include in the response.
+  // Further [CaPools][google.cloud.security.privateca.v1.CaPool] can subsequently be
+  // obtained by including the
+  // [ListCaPoolsResponse.next_page_token][google.cloud.security.privateca.v1.ListCaPoolsResponse.next_page_token] in a subsequent
+  // request. If unspecified, the server will pick an appropriate default.
   int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL];
 
   // Optional. Pagination token, returned earlier via
@@ -1132,11 +1014,8 @@ message ListCaPoolsResponse {
 // Request message for
 // [CertificateAuthorityService.GetCertificateRevocationList][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCertificateRevocationList].
 message GetCertificateRevocationListRequest {
-  // Required. The
-  // [name][google.cloud.security.privateca.v1.CertificateRevocationList.name]
-  // of the
-  // [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
-  // to get.
+  // Required. The [name][google.cloud.security.privateca.v1.CertificateRevocationList.name] of the
+  // [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] to get.
   string name = 1 [
     (google.api.field_behavior) = REQUIRED,
     (google.api.resource_reference) = {
@@ -1149,8 +1028,8 @@ message GetCertificateRevocationListRequest {
 // [CertificateAuthorityService.ListCertificateRevocationLists][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateRevocationLists].
 message ListCertificateRevocationListsRequest {
   // Required. The resource name of the location associated with the
-  // [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList],
-  // in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+  // [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList], in the format
+  // `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
   string parent = 1 [
     (google.api.field_behavior) = REQUIRED,
     (google.api.resource_reference) = {
@@ -1159,13 +1038,11 @@ message ListCertificateRevocationListsRequest {
   ];
 
   // Optional. Limit on the number of
-  // [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList]
-  // to include in the response. Further
-  // [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList]
+  // [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList] to include in the
+  // response. Further [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList]
   // can subsequently be obtained by including the
-  // [ListCertificateRevocationListsResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse.next_page_token]
-  // in a subsequent request. If unspecified, the server will pick an
-  // appropriate default.
+  // [ListCertificateRevocationListsResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse.next_page_token] in a subsequent
+  // request. If unspecified, the server will pick an appropriate default.
   int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL];
 
   // Optional. Pagination token, returned earlier via
@@ -1182,8 +1059,7 @@ message ListCertificateRevocationListsRequest {
 // Response message for
 // [CertificateAuthorityService.ListCertificateRevocationLists][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateRevocationLists].
 message ListCertificateRevocationListsResponse {
-  // The list of
-  // [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+  // The list of [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
   repeated CertificateRevocationList certificate_revocation_lists = 1;
 
   // A token to retrieve next page of results. Pass this value in
@@ -1198,20 +1074,16 @@ message ListCertificateRevocationListsResponse {
 // Request message for
 // [CertificateAuthorityService.UpdateCertificateRevocationList][google.cloud.security.privateca.v1.CertificateAuthorityService.UpdateCertificateRevocationList].
 message UpdateCertificateRevocationListRequest {
-  // Required.
-  // [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
-  // with updated values.
-  CertificateRevocationList certificate_revocation_list = 1
-      [(google.api.field_behavior) = REQUIRED];
+  // Required. [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] with updated values.
+  CertificateRevocationList certificate_revocation_list = 1 [(google.api.field_behavior) = REQUIRED];
 
   // Required. A list of fields to be updated in this request.
-  google.protobuf.FieldMask update_mask = 2
-      [(google.api.field_behavior) = REQUIRED];
+  google.protobuf.FieldMask update_mask = 2 [(google.api.field_behavior) = REQUIRED];
 
-  // Optional. An ID to identify requests. Specify a unique request ID so that
-  // if you must retry your request, the server will know to ignore the request
-  // if it has already been completed. The server will guarantee that for at
-  // least 60 minutes since the first request.
+  // Optional. An ID to identify requests. Specify a unique request ID so that if you must
+  // retry your request, the server will know to ignore the request if it has
+  // already been completed. The server will guarantee that for at least 60
+  // minutes since the first request.
   //
   // For example, consider a situation where you make an initial request and t
   // he request times out. If you make the request again with the same request
@@ -1228,8 +1100,8 @@ message UpdateCertificateRevocationListRequest {
 // [CertificateAuthorityService.CreateCertificateTemplate][google.cloud.security.privateca.v1.CertificateAuthorityService.CreateCertificateTemplate].
 message CreateCertificateTemplateRequest {
   // Required. The resource name of the location associated with the
-  // [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate],
-  // in the format `projects/*/locations/*`.
+  // [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate], in the format
+  // `projects/*/locations/*`.
   string parent = 1 [
     (google.api.field_behavior) = REQUIRED,
     (google.api.resource_reference) = {
@@ -1241,16 +1113,13 @@ message CreateCertificateTemplateRequest {
   // expression `[a-zA-Z0-9_-]{1,63}`
   string certificate_template_id = 2 [(google.api.field_behavior) = REQUIRED];
 
-  // Required. A
-  // [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
-  // with initial field values.
-  CertificateTemplate certificate_template = 3
-      [(google.api.field_behavior) = REQUIRED];
+  // Required. A [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with initial field values.
+  CertificateTemplate certificate_template = 3 [(google.api.field_behavior) = REQUIRED];
 
-  // Optional. An ID to identify requests. Specify a unique request ID so that
-  // if you must retry your request, the server will know to ignore the request
-  // if it has already been completed. The server will guarantee that for at
-  // least 60 minutes since the first request.
+  // Optional. An ID to identify requests. Specify a unique request ID so that if you must
+  // retry your request, the server will know to ignore the request if it has
+  // already been completed. The server will guarantee that for at least 60
+  // minutes since the first request.
   //
   // For example, consider a situation where you make an initial request and t
   // he request times out. If you make the request again with the same request
@@ -1266,9 +1135,8 @@ message CreateCertificateTemplateRequest {
 // Request message for
 // [CertificateAuthorityService.DeleteCertificateTemplate][google.cloud.security.privateca.v1.CertificateAuthorityService.DeleteCertificateTemplate].
 message DeleteCertificateTemplateRequest {
-  // Required. The resource name for this
-  // [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
-  // in the format `projects/*/locations/*/certificateTemplates/*`.
+  // Required. The resource name for this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in the format
+  // `projects/*/locations/*/certificateTemplates/*`.
   string name = 1 [
     (google.api.field_behavior) = REQUIRED,
     (google.api.resource_reference) = {
@@ -1276,10 +1144,10 @@ message DeleteCertificateTemplateRequest {
     }
   ];
 
-  // Optional. An ID to identify requests. Specify a unique request ID so that
-  // if you must retry your request, the server will know to ignore the request
-  // if it has already been completed. The server will guarantee that for at
-  // least 60 minutes since the first request.
+  // Optional. An ID to identify requests. Specify a unique request ID so that if you must
+  // retry your request, the server will know to ignore the request if it has
+  // already been completed. The server will guarantee that for at least 60
+  // minutes since the first request.
   //
   // For example, consider a situation where you make an initial request and t
   // he request times out. If you make the request again with the same request
@@ -1295,10 +1163,8 @@ message DeleteCertificateTemplateRequest {
 // Request message for
 // [CertificateAuthorityService.GetCertificateTemplate][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCertificateTemplate].
 message GetCertificateTemplateRequest {
-  // Required. The
-  // [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the
-  // [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
-  // to get.
+  // Required. The [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] to
+  // get.
   string name = 1 [
     (google.api.field_behavior) = REQUIRED,
     (google.api.resource_reference) = {
@@ -1311,8 +1177,8 @@ message GetCertificateTemplateRequest {
 // [CertificateAuthorityService.ListCertificateTemplates][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateTemplates].
 message ListCertificateTemplatesRequest {
   // Required. The resource name of the location associated with the
-  // [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate],
-  // in the format `projects/*/locations/*`.
+  // [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate], in the format
+  // `projects/*/locations/*`.
   string parent = 1 [
     (google.api.field_behavior) = REQUIRED,
     (google.api.resource_reference) = {
@@ -1321,13 +1187,11 @@ message ListCertificateTemplatesRequest {
   ];
 
   // Optional. Limit on the number of
-  // [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate]
-  // to include in the response. Further
-  // [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate]
-  // can subsequently be obtained by including the
-  // [ListCertificateTemplatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateTemplatesResponse.next_page_token]
-  // in a subsequent request. If unspecified, the server will pick an
-  // appropriate default.
+  // [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate] to include in the response.
+  // Further [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate] can subsequently be
+  // obtained by including the
+  // [ListCertificateTemplatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateTemplatesResponse.next_page_token] in a subsequent
+  // request. If unspecified, the server will pick an appropriate default.
   int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL];
 
   // Optional. Pagination token, returned earlier via
@@ -1344,8 +1208,7 @@ message ListCertificateTemplatesRequest {
 // Response message for
 // [CertificateAuthorityService.ListCertificateTemplates][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateTemplates].
 message ListCertificateTemplatesResponse {
-  // The list of
-  // [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+  // The list of [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
   repeated CertificateTemplate certificate_templates = 1;
 
   // A token to retrieve next page of results. Pass this value in
@@ -1360,20 +1223,16 @@ message ListCertificateTemplatesResponse {
 // Request message for
 // [CertificateAuthorityService.UpdateCertificateTemplate][google.cloud.security.privateca.v1.CertificateAuthorityService.UpdateCertificateTemplate].
 message UpdateCertificateTemplateRequest {
-  // Required.
-  // [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
-  // with updated values.
-  CertificateTemplate certificate_template = 1
-      [(google.api.field_behavior) = REQUIRED];
+  // Required. [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with updated values.
+  CertificateTemplate certificate_template = 1 [(google.api.field_behavior) = REQUIRED];
 
   // Required. A list of fields to be updated in this request.
-  google.protobuf.FieldMask update_mask = 2
-      [(google.api.field_behavior) = REQUIRED];
+  google.protobuf.FieldMask update_mask = 2 [(google.api.field_behavior) = REQUIRED];
 
-  // Optional. An ID to identify requests. Specify a unique request ID so that
-  // if you must retry your request, the server will know to ignore the request
-  // if it has already been completed. The server will guarantee that for at
-  // least 60 minutes since the first request.
+  // Optional. An ID to identify requests. Specify a unique request ID so that if you must
+  // retry your request, the server will know to ignore the request if it has
+  // already been completed. The server will guarantee that for at least 60
+  // minutes since the first request.
   //
   // For example, consider a situation where you make an initial request and t
   // he request times out. If you make the request again with the same request
@@ -1389,12 +1248,10 @@ message UpdateCertificateTemplateRequest {
 // Represents the metadata of the long-running operation.
 message OperationMetadata {
   // Output only. The time the operation was created.
-  google.protobuf.Timestamp create_time = 1
-      [(google.api.field_behavior) = OUTPUT_ONLY];
+  google.protobuf.Timestamp create_time = 1 [(google.api.field_behavior) = OUTPUT_ONLY];
 
   // Output only. The time the operation finished running.
-  google.protobuf.Timestamp end_time = 2
-      [(google.api.field_behavior) = OUTPUT_ONLY];
+  google.protobuf.Timestamp end_time = 2 [(google.api.field_behavior) = OUTPUT_ONLY];
 
   // Output only. Server-defined resource path for the target of the operation.
   string target = 3 [(google.api.field_behavior) = OUTPUT_ONLY];
@@ -1407,9 +1264,8 @@ message OperationMetadata {
 
   // Output only. Identifies whether the user has requested cancellation
   // of the operation. Operations that have successfully been cancelled
-  // have [Operation.error][] value with a
-  // [google.rpc.Status.code][google.rpc.Status.code] of 1, corresponding to
-  // `Code.CANCELLED`.
+  // have [Operation.error][] value with a [google.rpc.Status.code][google.rpc.Status.code] of 1,
+  // corresponding to `Code.CANCELLED`.
   bool requested_cancellation = 6 [(google.api.field_behavior) = OUTPUT_ONLY];
 
   // Output only. API version used to start the operation.
diff --git a/synth.metadata b/synth.metadata
index c6a39662..226a595c 100644
--- a/synth.metadata
+++ b/synth.metadata
@@ -4,7 +4,7 @@
       "git": {
         "name": ".",
         "remote": "https://github.com/googleapis/java-security-private-ca.git",
-        "sha": "c69a0a98d8e47a615adb0193584d98b7b3e29e07"
+        "sha": "a4d25e4c1541fa75b1203337d2605e5fc74e7eb1"
       }
     }
   ]